From 92040379708dcf34f7d6f3af90d9c4436d5352b4 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 13 Jan 2026 10:00:05 +0100 Subject: [PATCH 1/2] Update docs with latest env vars --- .../env-vars/activitylog-config-example.yaml | 67 ++++ static/env-vars/activitylog_configvars.md | 84 ++--- static/env-vars/activitylog_readme.md | 2 +- static/env-vars/antivirus-config-example.yaml | 40 +++ static/env-vars/antivirus_configvars.md | 58 ++-- static/env-vars/antivirus_readme.md | 2 +- .../env-vars/app-provider-config-example.yaml | 45 +++ static/env-vars/app-provider_configvars.md | 64 ++-- .../env-vars/app-registry-config-example.yaml | 115 +++++++ static/env-vars/app-registry_configvars.md | 34 ++- static/env-vars/app-registry_readme.md | 2 +- static/env-vars/audit-config-example.yaml | 31 ++ static/env-vars/audit_configvars.md | 44 +-- static/env-vars/audit_readme.md | 2 +- static/env-vars/auth-app-config-example.yaml | 69 +++++ static/env-vars/auth-app_configvars.md | 74 ++--- static/env-vars/auth-app_readme.md | 10 +- .../env-vars/auth-basic-config-example.yaml | 76 +++++ static/env-vars/auth-basic_configvars.md | 116 +++---- static/env-vars/auth-basic_readme.md | 2 +- .../env-vars/auth-bearer-config-example.yaml | 36 +++ static/env-vars/auth-bearer_configvars.md | 46 +-- static/env-vars/auth-bearer_readme.md | 2 +- .../env-vars/auth-machine-config-example.yaml | 31 ++ static/env-vars/auth-machine_configvars.md | 38 +-- static/env-vars/auth-machine_readme.md | 2 +- .../env-vars/auth-service-config-example.yaml | 32 ++ static/env-vars/auth-service_configvars.md | 38 +-- static/env-vars/auth-service_readme.md | 2 +- static/env-vars/clientlog-config-example.yaml | 33 ++ static/env-vars/clientlog_configvars.md | 44 +-- static/env-vars/clientlog_readme.md | 2 +- .../collaboration-config-example.yaml | 63 ++++ static/env-vars/collaboration_configvars.md | 88 +++--- static/env-vars/collaboration_readme.md | 2 +- .../env-vars/eventhistory-config-example.yaml | 39 +++ static/env-vars/eventhistory_configvars.md | 52 ++-- static/env-vars/eventhistory_readme.md | 2 +- static/env-vars/extended_configvars.md | 115 ++++++- static/env-vars/frontend-config-example.yaml | 154 ++++++++++ static/env-vars/frontend_configvars.md | 181 +++++------ static/env-vars/frontend_readme.md | 6 +- static/env-vars/gateway-config-example.yaml | 72 +++++ static/env-vars/gateway_configvars.md | 112 +++---- static/env-vars/gateway_readme.md | 8 +- static/env-vars/global_configvars.md | 84 ++--- static/env-vars/graph-config-example.yaml | 169 ++++++++++ static/env-vars/graph_configvars.md | 236 +++++++------- static/env-vars/graph_readme.md | 28 +- static/env-vars/groups-config-example.yaml | 72 +++++ static/env-vars/groups_configvars.md | 110 +++---- static/env-vars/idm-config-example.yaml | 31 ++ static/env-vars/idm_configvars.md | 44 +-- static/env-vars/idm_readme.md | 2 +- static/env-vars/idp-config-example.yaml | 122 ++++++++ static/env-vars/idp_configvars.md | 114 +++---- static/env-vars/idp_readme.md | 4 +- .../env-vars/invitations-config-example.yaml | 40 +++ static/env-vars/invitations_configvars.md | 54 ++-- static/env-vars/invitations_readme.md | 2 +- static/env-vars/nats-config-example.yaml | 27 ++ static/env-vars/nats_configvars.md | 38 +-- static/env-vars/nats_readme.md | 2 +- .../notifications-config-example.yaml | 57 ++++ static/env-vars/notifications_configvars.md | 84 ++--- static/env-vars/notifications_readme.md | 2 +- static/env-vars/ocdav-config-example.yaml | 81 +++++ static/env-vars/ocdav_configvars.md | 66 ++-- static/env-vars/ocdav_readme.md | 2 +- static/env-vars/ocm-config-example.yaml | 116 +++++++ static/env-vars/ocm_configvars.md | 108 +++---- static/env-vars/ocm_readme.md | 12 +- static/env-vars/ocs-config-example.yaml | 54 ++++ static/env-vars/ocs_configvars.md | 52 ++-- static/env-vars/ocs_readme.md | 2 +- static/env-vars/policies-config-example.yaml | 36 +++ static/env-vars/policies_configvars.md | 44 +-- static/env-vars/policies_readme.md | 4 +- .../postprocessing-config-example.yaml | 43 +++ static/env-vars/postprocessing_configvars.md | 64 ++-- static/env-vars/postprocessing_readme.md | 2 +- static/env-vars/proxy-config-example.yaml | 240 +++++++++++++++ static/env-vars/proxy_configvars.md | 139 ++++----- static/env-vars/proxy_readme.md | 2 +- static/env-vars/search-config-example.yaml | 78 +++++ static/env-vars/search_configvars.md | 112 +++---- static/env-vars/search_readme.md | 2 +- static/env-vars/settings-config-example.yaml | 73 +++++ static/env-vars/settings_configvars.md | 84 ++--- static/env-vars/settings_readme.md | 2 +- static/env-vars/sharing-config-example.yaml | 85 ++++++ static/env-vars/sharing_configvars.md | 124 ++++---- static/env-vars/sse-config-example.yaml | 50 +++ static/env-vars/sse_configvars.md | 58 ++-- static/env-vars/sse_readme.md | 2 +- .../storage-publiclink-config-example.yaml | 32 ++ .../env-vars/storage-publiclink_configvars.md | 38 +-- .../storage-shares-config-example.yaml | 33 ++ static/env-vars/storage-shares_configvars.md | 42 +-- .../storage-system-config-example.yaml | 51 ++++ static/env-vars/storage-system_configvars.md | 68 +++-- static/env-vars/storage-system_readme.md | 2 +- .../storage-users-config-example.yaml | 204 +++++++++++++ static/env-vars/storage-users_configvars.md | 288 +++++++++--------- static/env-vars/storage-users_readme.md | 2 +- .../env-vars/thumbnails-config-example.yaml | 72 +++++ static/env-vars/thumbnails_configvars.md | 66 ++-- static/env-vars/thumbnails_readme.md | 2 +- static/env-vars/userlog-config-example.yaml | 67 ++++ static/env-vars/userlog_configvars.md | 86 +++--- static/env-vars/userlog_readme.md | 4 +- static/env-vars/users-config-example.yaml | 77 +++++ static/env-vars/users_configvars.md | 120 ++++---- static/env-vars/web-config-example.yaml | 131 ++++++++ static/env-vars/web_configvars.md | 108 +++---- static/env-vars/web_readme.md | 6 +- static/env-vars/webdav-config-example.yaml | 51 ++++ static/env-vars/webdav_configvars.md | 50 +-- static/env-vars/webdav_readme.md | 2 +- static/env-vars/webfinger-config-example.yaml | 44 +++ static/env-vars/webfinger_configvars.md | 48 +-- static/env-vars/webfinger_readme.md | 2 +- 122 files changed, 5097 insertions(+), 1795 deletions(-) create mode 100644 static/env-vars/activitylog-config-example.yaml create mode 100644 static/env-vars/antivirus-config-example.yaml create mode 100644 static/env-vars/app-provider-config-example.yaml create mode 100644 static/env-vars/app-registry-config-example.yaml create mode 100644 static/env-vars/audit-config-example.yaml create mode 100644 static/env-vars/auth-app-config-example.yaml create mode 100644 static/env-vars/auth-basic-config-example.yaml create mode 100644 static/env-vars/auth-bearer-config-example.yaml create mode 100644 static/env-vars/auth-machine-config-example.yaml create mode 100644 static/env-vars/auth-service-config-example.yaml create mode 100644 static/env-vars/clientlog-config-example.yaml create mode 100644 static/env-vars/collaboration-config-example.yaml create mode 100644 static/env-vars/eventhistory-config-example.yaml create mode 100644 static/env-vars/frontend-config-example.yaml create mode 100644 static/env-vars/gateway-config-example.yaml create mode 100644 static/env-vars/graph-config-example.yaml create mode 100644 static/env-vars/groups-config-example.yaml create mode 100644 static/env-vars/idm-config-example.yaml create mode 100644 static/env-vars/idp-config-example.yaml create mode 100644 static/env-vars/invitations-config-example.yaml create mode 100644 static/env-vars/nats-config-example.yaml create mode 100644 static/env-vars/notifications-config-example.yaml create mode 100644 static/env-vars/ocdav-config-example.yaml create mode 100644 static/env-vars/ocm-config-example.yaml create mode 100644 static/env-vars/ocs-config-example.yaml create mode 100644 static/env-vars/policies-config-example.yaml create mode 100644 static/env-vars/postprocessing-config-example.yaml create mode 100644 static/env-vars/proxy-config-example.yaml create mode 100644 static/env-vars/search-config-example.yaml create mode 100644 static/env-vars/settings-config-example.yaml create mode 100644 static/env-vars/sharing-config-example.yaml create mode 100644 static/env-vars/sse-config-example.yaml create mode 100644 static/env-vars/storage-publiclink-config-example.yaml create mode 100644 static/env-vars/storage-shares-config-example.yaml create mode 100644 static/env-vars/storage-system-config-example.yaml create mode 100644 static/env-vars/storage-users-config-example.yaml create mode 100644 static/env-vars/thumbnails-config-example.yaml create mode 100644 static/env-vars/userlog-config-example.yaml create mode 100644 static/env-vars/users-config-example.yaml create mode 100644 static/env-vars/web-config-example.yaml create mode 100644 static/env-vars/webdav-config-example.yaml create mode 100644 static/env-vars/webfinger-config-example.yaml diff --git a/static/env-vars/activitylog-config-example.yaml b/static/env-vars/activitylog-config-example.yaml new file mode 100644 index 00000000..3ada4ff7 --- /dev/null +++ b/static/env-vars/activitylog-config-example.yaml @@ -0,0 +1,67 @@ +# Autogenerated +# Filename: activitylog-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9197 + token: "" + pprof: false + zpages: false +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +store: + store: nats-js-kv + nodes: + - 127.0.0.1:9233 + database: activitylog + table: "" + ttl: 0s + username: "" + password: "" +reva_gateway: eu.opencloud.api.gateway +grpc_client_tls: null +http: + addr: 127.0.0.1:9195 + root: / + cors: + allow_origins: + - '*' + allow_methods: + - GET + allow_headers: + - Authorization + - Origin + - Content-Type + - Accept + - X-Requested-With + - X-Request-Id + - Ocs-Apirequest + allow_credentials: true + tls: + enabled: false + cert: "" + key: "" +token_manager: + jwt_secret: "" +translation_path: "" +default_language: en +service_account: + service_account_id: "" + service_account_secret: "" +write_buffer_duration: 10s +max_activities: 6000 diff --git a/static/env-vars/activitylog_configvars.md b/static/env-vars/activitylog_configvars.md index d3e04384..9cc673ba 100644 --- a/static/env-vars/activitylog_configvars.md +++ b/static/env-vars/activitylog_configvars.md @@ -1,43 +1,47 @@ Environment variables for the **activitylog** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`ACTIVITYLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`ACTIVITYLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`ACTIVITYLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`ACTIVITYLOG_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`ACTIVITYLOG_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9197`| -|`ACTIVITYLOG_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`ACTIVITYLOG_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`ACTIVITYLOG_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OC_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_PERSISTENT_STORE`
`ACTIVITYLOG_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|`nats-js-kv`| -|`OC_PERSISTENT_STORE_NODES`
`ACTIVITYLOG_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`ACTIVITYLOG_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`activitylog`| -|`ACTIVITYLOG_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|``| -|`OC_PERSISTENT_STORE_TTL`
`ACTIVITYLOG_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. See the Environment Variable Types description for more details.`|`0s`| -|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`ACTIVITYLOG_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`ACTIVITYLOG_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|`eu.opencloud.api.gateway`| -|`ACTIVITYLOG_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9195`| -|`ACTIVITYLOG_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`OC_CORS_ALLOW_ORIGINS`
`ACTIVITYLOG_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[*]`| -|`OC_CORS_ALLOW_METHODS`
`ACTIVITYLOG_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[GET]`| -|`OC_CORS_ALLOW_HEADERS`
`ACTIVITYLOG_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`ACTIVITYLOG_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`OC_JWT_SECRET`
`ACTIVITYLOG_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_TRANSLATION_PATH`
`ACTIVITYLOG_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|``| -|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|`en`| -|`OC_SERVICE_ACCOUNT_ID`
`ACTIVITYLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`ACTIVITYLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| -|`ACTIVITYLOG_WRITE_BUFFER_DURATION`| 4.0.0 |Duration|`The duration to wait before flushing the write buffer. This is used to reduce the number of writes to the store.`|`10s`| -|`ACTIVITYLOG_MAX_ACTIVITIES`| 4.0.0 |int|`The maximum number of activities to keep in the store per resource. If the number of activities exceeds this value, the oldest activities will be removed.`|`6000`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`ACTIVITYLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`ACTIVITYLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`ACTIVITYLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`ACTIVITYLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`ACTIVITYLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`ACTIVITYLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`ACTIVITYLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`ACTIVITYLOG_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`ACTIVITYLOG_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9197| +|`ACTIVITYLOG_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`ACTIVITYLOG_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`ACTIVITYLOG_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OC_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_PERSISTENT_STORE`
`ACTIVITYLOG_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|nats-js-kv| +|`OC_PERSISTENT_STORE_NODES`
`ACTIVITYLOG_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`ACTIVITYLOG_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|activitylog| +|`ACTIVITYLOG_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|| +|`OC_PERSISTENT_STORE_TTL`
`ACTIVITYLOG_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. See the Environment Variable Types description for more details.`|0s| +|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`ACTIVITYLOG_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`ACTIVITYLOG_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|eu.opencloud.api.gateway| +|`ACTIVITYLOG_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9195| +|`ACTIVITYLOG_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`OC_CORS_ALLOW_ORIGINS`
`ACTIVITYLOG_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[*]| +|`OC_CORS_ALLOW_METHODS`
`ACTIVITYLOG_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[GET]| +|`OC_CORS_ALLOW_HEADERS`
`ACTIVITYLOG_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]| +|`OC_CORS_ALLOW_CREDENTIALS`
`ACTIVITYLOG_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|true| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`OC_JWT_SECRET`
`ACTIVITYLOG_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_TRANSLATION_PATH`
`ACTIVITYLOG_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|| +|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|en| +|`OC_SERVICE_ACCOUNT_ID`
`ACTIVITYLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`ACTIVITYLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| +|`ACTIVITYLOG_WRITE_BUFFER_DURATION`| next |Duration|`The duration to wait before flushing the write buffer. This is used to reduce the number of writes to the store.`|10s| +|`ACTIVITYLOG_MAX_ACTIVITIES`| next |int|`The maximum number of activities to keep in the store per resource. If the number of activities exceeds this value, the oldest activities will be removed.`|6000| diff --git a/static/env-vars/activitylog_readme.md b/static/env-vars/activitylog_readme.md index f80fc09e..ba38c0f5 100644 --- a/static/env-vars/activitylog_readme.md +++ b/static/env-vars/activitylog_readme.md @@ -1,6 +1,6 @@ --- title: Activitylog -date: 2025-11-27T22:56:02.331192+01:00 +date: 2025-11-11T09:16:41.110602908+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/activitylog diff --git a/static/env-vars/antivirus-config-example.yaml b/static/env-vars/antivirus-config-example.yaml new file mode 100644 index 00000000..4e2b6e47 --- /dev/null +++ b/static/env-vars/antivirus-config-example.yaml @@ -0,0 +1,40 @@ +# Autogenerated +# Filename: antivirus-config-example.yaml + +file: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9277 + token: "" + pprof: false + zpages: false +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +infected-file-handling: delete +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +workers: 10 +scanner: + type: clamav + clamav: + socket: /run/clamav/clamd.ctl + scan_timeout: 5m0s + icap: + scan_timeout: 5m0s + url: icap://127.0.0.1:1344 + service: avscan +max-scan-size: 100MB +max-scan-size-mode: partial diff --git a/static/env-vars/antivirus_configvars.md b/static/env-vars/antivirus_configvars.md index 092c14d0..9098a917 100644 --- a/static/env-vars/antivirus_configvars.md +++ b/static/env-vars/antivirus_configvars.md @@ -1,30 +1,34 @@ Environment variables for the **antivirus** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`ANTIVIRUS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`ANTIVIRUS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`ANTIVIRUS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`ANTIVIRUS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`ANTIVIRUS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9277`| -|`ANTIVIRUS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`ANTIVIRUS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`ANTIVIRUS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`ANTIVIRUS_INFECTED_FILE_HANDLING`| 1.0.0 |string|`Defines the behaviour when a virus has been found. Supported options are: 'delete', 'continue' and 'abort '. Delete will delete the file. Continue will mark the file as infected but continues further processing. Abort will keep the file in the uploads folder for further admin inspection and will not move it to its final destination.`|`delete`| -|`OC_EVENTS_ENDPOINT`
`ANTIVIRUS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`ANTIVIRUS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`ANTIVIRUS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`ANTIVIRUS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided ANTIVIRUS_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`ANTIVIRUS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`ANTIVIRUS_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`ANTIVIRUS_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`ANTIVIRUS_WORKERS`| 1.0.0 |int|`The number of concurrent go routines that fetch events from the event queue.`|`10`| -|`ANTIVIRUS_SCANNER_TYPE`| 1.0.0 |ScannerType|`The antivirus scanner to use. Supported values are 'clamav' and 'icap'.`|`clamav`| -|`ANTIVIRUS_CLAMAV_SOCKET`| 1.0.0 |string|`The socket clamav is running on. Note the default value is an example which needs adaption according your OS.`|`/run/clamav/clamd.ctl`| -|`ANTIVIRUS_CLAMAV_SCAN_TIMEOUT`| 2.1.0 |Duration|`Scan timeout for the ClamAV client. Defaults to '5m' (5 minutes). See the Environment Variable Types description for more details.`|`5m0s`| -|`ANTIVIRUS_ICAP_SCAN_TIMEOUT`| 1.0.0 |Duration|`Scan timeout for the ICAP client. Defaults to '5m' (5 minutes). See the Environment Variable Types description for more details.`|`5m0s`| -|`ANTIVIRUS_ICAP_URL`| 1.0.0 |string|`URL of the ICAP server.`|`icap://127.0.0.1:1344`| -|`ANTIVIRUS_ICAP_SERVICE`| 1.0.0 |string|`The name of the ICAP service.`|`avscan`| -|`ANTIVIRUS_MAX_SCAN_SIZE`| 1.0.0 |string|`The maximum scan size the virus scanner can handle.0 means unlimited. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB.`|`100MB`| -|`ANTIVIRUS_MAX_SCAN_SIZE_MODE`| 2.1.0 |MaxScanSizeMode|`Defines the mode of handling files that exceed the maximum scan size. Supported options are: 'skip', which skips files that are bigger than the max scan size, and 'truncate' (default), which only uses the file up to the max size.`|`partial`| -|`ANTIVIRUS_DEBUG_SCAN_OUTCOME`| 1.0.0 |string|`A predefined outcome for virus scanning, FOR DEBUG PURPOSES ONLY! (example values: 'found,infected')`|``| +|---|---|---|---|---| +|`OC_LOG_LEVEL`
`ANTIVIRUS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`ANTIVIRUS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`ANTIVIRUS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`ANTIVIRUS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`ANTIVIRUS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9277| +|`ANTIVIRUS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`ANTIVIRUS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`ANTIVIRUS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OC_TRACING_ENABLED`
`ANTIVIRUS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`ANTIVIRUS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`ANTIVIRUS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`ANTIVIRUS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`ANTIVIRUS_INFECTED_FILE_HANDLING`| 1.0.0 |string|`Defines the behaviour when a virus has been found. Supported options are: 'delete', 'continue' and 'abort '. Delete will delete the file. Continue will mark the file as infected but continues further processing. Abort will keep the file in the uploads folder for further admin inspection and will not move it to its final destination.`|delete| +|`OC_EVENTS_ENDPOINT`
`ANTIVIRUS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`ANTIVIRUS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`ANTIVIRUS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`ANTIVIRUS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided ANTIVIRUS_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`ANTIVIRUS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`ANTIVIRUS_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`ANTIVIRUS_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`ANTIVIRUS_WORKERS`| 1.0.0 |int|`The number of concurrent go routines that fetch events from the event queue.`|10| +|`ANTIVIRUS_SCANNER_TYPE`| 1.0.0 |ScannerType|`The antivirus scanner to use. Supported values are 'clamav' and 'icap'.`|clamav| +|`ANTIVIRUS_CLAMAV_SOCKET`| 1.0.0 |string|`The socket clamav is running on. Note the default value is an example which needs adaption according your OS.`|/run/clamav/clamd.ctl| +|`ANTIVIRUS_CLAMAV_SCAN_TIMEOUT`| 2.1.0 |Duration|`Scan timeout for the ClamAV client. Defaults to '5m' (5 minutes). See the Environment Variable Types description for more details.`|5m0s| +|`ANTIVIRUS_ICAP_SCAN_TIMEOUT`| 1.0.0 |Duration|`Scan timeout for the ICAP client. Defaults to '5m' (5 minutes). See the Environment Variable Types description for more details.`|5m0s| +|`ANTIVIRUS_ICAP_URL`| 1.0.0 |string|`URL of the ICAP server.`|icap://127.0.0.1:1344| +|`ANTIVIRUS_ICAP_SERVICE`| 1.0.0 |string|`The name of the ICAP service.`|avscan| +|`ANTIVIRUS_MAX_SCAN_SIZE`| 1.0.0 |string|`The maximum scan size the virus scanner can handle.0 means unlimited. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB.`|100MB| +|`ANTIVIRUS_MAX_SCAN_SIZE_MODE`| 2.1.0 |MaxScanSizeMode|`Defines the mode of handling files that exceed the maximum scan size. Supported options are: 'skip', which skips files that are bigger than the max scan size, and 'truncate' (default), which only uses the file up to the max size.`|partial| +|`ANTIVIRUS_DEBUG_SCAN_OUTCOME`| 1.0.0 |string|`A predefined outcome for virus scanning, FOR DEBUG PURPOSES ONLY! (example values: 'found,infected')`|| diff --git a/static/env-vars/antivirus_readme.md b/static/env-vars/antivirus_readme.md index 8ca479e5..17504b29 100644 --- a/static/env-vars/antivirus_readme.md +++ b/static/env-vars/antivirus_readme.md @@ -1,6 +1,6 @@ --- title: Antivirus -date: 2025-11-27T22:56:02.331592+01:00 +date: 2025-11-11T09:16:41.11069431+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/antivirus diff --git a/static/env-vars/app-provider-config-example.yaml b/static/env-vars/app-provider-config-example.yaml new file mode 100644 index 00000000..b100cfa3 --- /dev/null +++ b/static/env-vars/app-provider-config-example.yaml @@ -0,0 +1,45 @@ +# Autogenerated +# Filename: app-provider-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9165 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9164 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +external_addr: eu.opencloud.api.app-provider +driver: "" +drivers: + wopi: + app_api_key: "" + app_desktop_only: false + app_icon_uri: "" + app_internal_url: "" + app_name: "" + app_url: "" + app_disable_chat: false + insecure: false + wopi_server_iop_secret: "" + wopi_server_external_url: "" + wopi_folder_url_base_url: https://localhost:9200/ + wopi_folder_url_path_template: /f/{{.ResourceID}} diff --git a/static/env-vars/app-provider_configvars.md b/static/env-vars/app-provider_configvars.md index ae45b515..fca51c53 100644 --- a/static/env-vars/app-provider_configvars.md +++ b/static/env-vars/app-provider_configvars.md @@ -1,33 +1,37 @@ Environment variables for the **app-provider** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`APP_PROVIDER_SERVICE_NAME`| 1.0.0 |string|`The name of the service. This needs to be changed when using more than one app provider. Each app provider configured needs to be identified by a unique service name. Possible examples are: 'app-provider-collabora', 'app-provider-onlyoffice', 'app-provider-office365'.`|`app-provider`| -|`OC_LOG_LEVEL`
`APP_PROVIDER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`APP_PROVIDER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`APP_PROVIDER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`APP_PROVIDER_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`APP_PROVIDER_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9165`| -|`APP_PROVIDER_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint`|``| -|`APP_PROVIDER_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling`|`false`| -|`APP_PROVIDER_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing traces in-memory.`|`false`| -|`APP_PROVIDER_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9164`| -|`OC_GRPC_PROTOCOL`
`APP_PROVIDER_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GPRC service.`|`tcp`| -|`OC_JWT_SECRET`
`APP_PROVIDER_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`APP_PROVIDER_EXTERNAL_ADDR`| 1.0.0 |string|`Address of the app provider, where the GATEWAY service can reach it.`|`eu.opencloud.api.app-provider`| -|`APP_PROVIDER_DRIVER`| 1.0.0 |string|`Driver, the APP PROVIDER services uses. Only 'wopi' is supported as of now.`|``| -|`APP_PROVIDER_WOPI_APP_API_KEY`| 1.0.0 |string|`API key for the wopi app.`|``| -|`APP_PROVIDER_WOPI_APP_DESKTOP_ONLY`| 1.0.0 |bool|`Offer this app only on desktop.`|`false`| -|`APP_PROVIDER_WOPI_APP_ICON_URI`| 1.0.0 |string|`URI to an app icon to be used by clients.`|``| -|`APP_PROVIDER_WOPI_APP_INTERNAL_URL`| 1.0.0 |string|`Internal URL to the app, like in your DMZ.`|``| -|`APP_PROVIDER_WOPI_APP_NAME`| 1.0.0 |string|`Human readable app name.`|``| -|`APP_PROVIDER_WOPI_APP_URL`| 1.0.0 |string|`URL for end users to access the app.`|``| -|`APP_PROVIDER_WOPI_DISABLE_CHAT`
`OC_WOPI_DISABLE_CHAT`| 1.0.0 |bool|`Disable the chat functionality of the office app.`|`false`| -|`APP_PROVIDER_WOPI_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for requests to the WOPI server and the web office application. Do not set this in production environments.`|`false`| -|`APP_PROVIDER_WOPI_WOPI_SERVER_IOP_SECRET`| 1.0.0 |string|`Shared secret of the CS3org WOPI server.`|``| -|`APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL`| 1.0.0 |string|`External url of the CS3org WOPI server.`|``| -|`OC_URL`
`APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL`| 1.0.0 |string|`Base url to navigate back from the app to the containing folder in the file list.`|`https://localhost:9200/`| -|`APP_PROVIDER_WOPI_FOLDER_URL_PATH_TEMPLATE`| 1.0.0 |string|`Path template to navigate back from the app to the containing folder in the file list. Supported template variables are {{.ResourceInfo.ResourceID}}, {{.ResourceInfo.Mtime.Seconds}}, {{.ResourceInfo.Name}}, {{.ResourceInfo.Path}}, {{.ResourceInfo.Type}}, {{.ResourceInfo.Id.SpaceId}}, {{.ResourceInfo.Id.StorageId}}, {{.ResourceInfo.Id.OpaqueId}}, {{.ResourceInfo.MimeType}}`|`/f/{{.ResourceID}}`| +|---|---|---|---|---| +|`APP_PROVIDER_SERVICE_NAME`| 1.0.0 |string|`The name of the service. This needs to be changed when using more than one app provider. Each app provider configured needs to be identified by a unique service name. Possible examples are: 'app-provider-collabora', 'app-provider-onlyoffice', 'app-provider-office365'.`|app-provider| +|`OC_TRACING_ENABLED`
`APP_PROVIDER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`APP_PROVIDER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`APP_PROVIDER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`APP_PROVIDER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`APP_PROVIDER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`APP_PROVIDER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`APP_PROVIDER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`APP_PROVIDER_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`APP_PROVIDER_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9165| +|`APP_PROVIDER_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint`|| +|`APP_PROVIDER_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling`|false| +|`APP_PROVIDER_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing traces in-memory.`|false| +|`APP_PROVIDER_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9164| +|`OC_GRPC_PROTOCOL`
`APP_PROVIDER_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GPRC service.`|tcp| +|`OC_JWT_SECRET`
`APP_PROVIDER_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`APP_PROVIDER_EXTERNAL_ADDR`| 1.0.0 |string|`Address of the app provider, where the GATEWAY service can reach it.`|eu.opencloud.api.app-provider| +|`APP_PROVIDER_DRIVER`| 1.0.0 |string|`Driver, the APP PROVIDER services uses. Only 'wopi' is supported as of now.`|| +|`APP_PROVIDER_WOPI_APP_API_KEY`| 1.0.0 |string|`API key for the wopi app.`|| +|`APP_PROVIDER_WOPI_APP_DESKTOP_ONLY`| 1.0.0 |bool|`Offer this app only on desktop.`|false| +|`APP_PROVIDER_WOPI_APP_ICON_URI`| 1.0.0 |string|`URI to an app icon to be used by clients.`|| +|`APP_PROVIDER_WOPI_APP_INTERNAL_URL`| 1.0.0 |string|`Internal URL to the app, like in your DMZ.`|| +|`APP_PROVIDER_WOPI_APP_NAME`| 1.0.0 |string|`Human readable app name.`|| +|`APP_PROVIDER_WOPI_APP_URL`| 1.0.0 |string|`URL for end users to access the app.`|| +|`APP_PROVIDER_WOPI_DISABLE_CHAT`
`OC_WOPI_DISABLE_CHAT`| 1.0.0 |bool|`Disable the chat functionality of the office app.`|false| +|`APP_PROVIDER_WOPI_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for requests to the WOPI server and the web office application. Do not set this in production environments.`|false| +|`APP_PROVIDER_WOPI_WOPI_SERVER_IOP_SECRET`| 1.0.0 |string|`Shared secret of the CS3org WOPI server.`|| +|`APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL`| 1.0.0 |string|`External url of the CS3org WOPI server.`|| +|`OC_URL`
`APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL`| 1.0.0 |string|`Base url to navigate back from the app to the containing folder in the file list.`|https://localhost:9200/| +|`APP_PROVIDER_WOPI_FOLDER_URL_PATH_TEMPLATE`| 1.0.0 |string|`Path template to navigate back from the app to the containing folder in the file list. Supported template variables are {{.ResourceInfo.ResourceID}}, {{.ResourceInfo.Mtime.Seconds}}, {{.ResourceInfo.Name}}, {{.ResourceInfo.Path}}, {{.ResourceInfo.Type}}, {{.ResourceInfo.Id.SpaceId}}, {{.ResourceInfo.Id.StorageId}}, {{.ResourceInfo.Id.OpaqueId}}, {{.ResourceInfo.MimeType}}`|/f/{{.ResourceID}}| diff --git a/static/env-vars/app-registry-config-example.yaml b/static/env-vars/app-registry-config-example.yaml new file mode 100644 index 00000000..76757ee9 --- /dev/null +++ b/static/env-vars/app-registry-config-example.yaml @@ -0,0 +1,115 @@ +# Autogenerated +# Filename: app-registry-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9243 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9242 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +app_registry: + mimetypes: + - mime_type: application/pdf + extension: pdf + name: PDF + description: PDF document + icon: "" + default_app: "" + allow_creation: false + - mime_type: application/vnd.oasis.opendocument.text + extension: odt + name: OpenDocument + description: OpenDocument text document + icon: "" + default_app: "" + allow_creation: true + - mime_type: application/vnd.oasis.opendocument.spreadsheet + extension: ods + name: OpenSpreadsheet + description: OpenDocument spreadsheet document + icon: "" + default_app: "" + allow_creation: true + - mime_type: application/vnd.oasis.opendocument.presentation + extension: odp + name: OpenPresentation + description: OpenDocument presentation document + icon: "" + default_app: "" + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.document + extension: docx + name: Microsoft Word + description: Microsoft Word document + icon: "" + default_app: "" + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.form + extension: docxf + name: Form Document + description: Form Document + icon: "" + default_app: "" + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + extension: xlsx + name: Microsoft Excel + description: Microsoft Excel document + icon: "" + default_app: "" + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.presentationml.presentation + extension: pptx + name: Microsoft PowerPoint + description: Microsoft PowerPoint document + icon: "" + default_app: "" + allow_creation: true + - mime_type: application/vnd.jupyter + extension: ipynb + name: Jupyter Notebook + description: Jupyter Notebook + icon: "" + default_app: "" + allow_creation: false + - mime_type: text/markdown + extension: md + name: Markdown file + description: Markdown file + icon: "" + default_app: "" + allow_creation: true + - mime_type: application/compressed-markdown + extension: zmd + name: Compressed markdown file + description: Compressed markdown file + icon: "" + default_app: "" + allow_creation: false + - mime_type: application/vnd.geogebra.slides + extension: ggs + name: GeoGebra Slides + description: GeoGebra Slides + icon: "" + default_app: "" + allow_creation: false diff --git a/static/env-vars/app-registry_configvars.md b/static/env-vars/app-registry_configvars.md index 1546f281..b840c801 100644 --- a/static/env-vars/app-registry_configvars.md +++ b/static/env-vars/app-registry_configvars.md @@ -1,18 +1,22 @@ Environment variables for the **app-registry** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`APP_REGISTRY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`APP_REGISTRY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`APP_REGISTRY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`APP_REGISTRY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`APP_REGISTRY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9243`| -|`APP_REGISTRY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`APP_REGISTRY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`APP_REGISTRY_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`APP_REGISTRY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9242`| -|`OC_GRPC_PROTOCOL`
`APP_REGISTRY_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`APP_REGISTRY_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`APP_REGISTRY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`APP_REGISTRY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`APP_REGISTRY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`APP_REGISTRY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`APP_REGISTRY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`APP_REGISTRY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`APP_REGISTRY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`APP_REGISTRY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`APP_REGISTRY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9243| +|`APP_REGISTRY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`APP_REGISTRY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`APP_REGISTRY_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`APP_REGISTRY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9242| +|`OC_GRPC_PROTOCOL`
`APP_REGISTRY_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`APP_REGISTRY_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| diff --git a/static/env-vars/app-registry_readme.md b/static/env-vars/app-registry_readme.md index 5f7d4ff0..89be392d 100644 --- a/static/env-vars/app-registry_readme.md +++ b/static/env-vars/app-registry_readme.md @@ -1,6 +1,6 @@ --- title: App Registry -date: 2025-11-27T22:56:02.33178+01:00 +date: 2025-11-11T09:16:41.110779681+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/app-registry diff --git a/static/env-vars/audit-config-example.yaml b/static/env-vars/audit-config-example.yaml new file mode 100644 index 00000000..d400f3ee --- /dev/null +++ b/static/env-vars/audit-config-example.yaml @@ -0,0 +1,31 @@ +# Autogenerated +# Filename: audit-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9229 + token: "" + pprof: false + zpages: false +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +auditlog: + log_to_console: true + log_to_file: false + filepath: "" + format: json diff --git a/static/env-vars/audit_configvars.md b/static/env-vars/audit_configvars.md index 103db962..4596a80b 100644 --- a/static/env-vars/audit_configvars.md +++ b/static/env-vars/audit_configvars.md @@ -1,23 +1,27 @@ Environment variables for the **audit** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`AUDIT_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`AUDIT_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`AUDIT_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`AUDIT_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`AUDIT_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9229`| -|`AUDIT_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`AUDIT_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`AUDIT_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OC_EVENTS_ENDPOINT`
`AUDIT_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`AUDIT_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`AUDIT_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`AUDIT_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`AUDIT_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`AUDIT_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`AUDIT_LOG_TO_CONSOLE`| 1.0.0 |bool|`Logs to stdout if set to 'true'. Independent of the LOG_TO_FILE option.`|`true`| -|`AUDIT_LOG_TO_FILE`| 1.0.0 |bool|`Logs to file if set to 'true'. Independent of the LOG_TO_CONSOLE option.`|`false`| -|`AUDIT_FILEPATH`| 1.0.0 |string|`Filepath of the logfile. Mandatory if LOG_TO_FILE is set to 'true'.`|``| -|`AUDIT_FORMAT`| 1.0.0 |string|`Log format. Supported values are '' (empty) and 'json'. Using 'json' is advised, '' (empty) renders the 'minimal' format. See the text description for more details.`|`json`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`AUDIT_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`AUDIT_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`AUDIT_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`AUDIT_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`AUDIT_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`AUDIT_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`AUDIT_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`AUDIT_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`AUDIT_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9229| +|`AUDIT_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`AUDIT_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`AUDIT_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OC_EVENTS_ENDPOINT`
`AUDIT_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`AUDIT_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`AUDIT_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`AUDIT_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`AUDIT_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`AUDIT_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`AUDIT_LOG_TO_CONSOLE`| 1.0.0 |bool|`Logs to stdout if set to 'true'. Independent of the LOG_TO_FILE option.`|true| +|`AUDIT_LOG_TO_FILE`| 1.0.0 |bool|`Logs to file if set to 'true'. Independent of the LOG_TO_CONSOLE option.`|false| +|`AUDIT_FILEPATH`| 1.0.0 |string|`Filepath of the logfile. Mandatory if LOG_TO_FILE is set to 'true'.`|| +|`AUDIT_FORMAT`| 1.0.0 |string|`Log format. Supported values are '' (empty) and 'json'. Using 'json' is advised, '' (empty) renders the 'minimal' format. See the text description for more details.`|json| diff --git a/static/env-vars/audit_readme.md b/static/env-vars/audit_readme.md index 375fcc57..26b67e52 100644 --- a/static/env-vars/audit_readme.md +++ b/static/env-vars/audit_readme.md @@ -1,6 +1,6 @@ --- title: Audit -date: 2025-11-27T22:56:02.331876+01:00 +date: 2025-11-11T09:16:41.110877595+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/audit diff --git a/static/env-vars/auth-app-config-example.yaml b/static/env-vars/auth-app-config-example.yaml new file mode 100644 index 00000000..c165282d --- /dev/null +++ b/static/env-vars/auth-app-config-example.yaml @@ -0,0 +1,69 @@ +# Autogenerated +# Filename: auth-app-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9245 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9246 + tls: null + protocol: tcp +http: + addr: 127.0.0.1:9247 + root: / + cors: + allow_origins: + - '*' + allow_methods: + - GET + - POST + - DELETE + allow_headers: + - Authorization + - Origin + - Content-Type + - Accept + - X-Requested-With + - X-Request-Id + - Ocs-Apirequest + allow_credentials: true + tls: + enabled: false + cert: "" + key: "" +grpc_client_tls: null +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +machine_auth_api_key: "" +allow_impersonation: false +storage_driver: jsoncs3 +storage_drivers: + jsoncs3: + provider_addr: eu.opencloud.api.storage-system + system_user_id: "" + system_user_idp: internal + system_user_api_key: "" + password_generator: diceware + password_generator_options: + diceware: + number_of_words: 6 + randon: + password_length: 0 diff --git a/static/env-vars/auth-app_configvars.md b/static/env-vars/auth-app_configvars.md index 07f8cda4..d0216631 100644 --- a/static/env-vars/auth-app_configvars.md +++ b/static/env-vars/auth-app_configvars.md @@ -1,38 +1,42 @@ Environment variables for the **auth-app** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`AUTH_APP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`AUTH_APP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`AUTH_APP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`AUTH_APP_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`AUTH_APP_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9245`| -|`AUTH_APP_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`AUTH_APP_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`AUTH_APP_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing traces in-memory.`|`false`| -|`AUTH_APP_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9246`| -|`OC_GRPC_PROTOCOL`
`AUTH_APP_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`AUTH_APP_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9247`| -|`AUTH_APP_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`OC_CORS_ALLOW_ORIGINS`
`AUTH_APP_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[*]`| -|`OC_CORS_ALLOW_METHODS`
`AUTH_APP_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[GET POST DELETE]`| -|`OC_CORS_ALLOW_HEADERS`
`AUTH_APP_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`AUTH_APP_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`OC_JWT_SECRET`
`AUTH_APP_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the access token. This reduces the token size, especially when users are members of a large number of groups.`|`false`| -|`OC_MACHINE_AUTH_API_KEY`
`AUTH_APP_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`The machine auth API key used to validate internal requests necessary to access resources from other services.`|``| -|`AUTH_APP_ENABLE_IMPERSONATION`| 1.0.0 |bool|`Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments.`|`false`| -|`AUTH_APP_STORAGE_DRIVER`| 4.0.0 |string|`Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'.`|`jsoncs3`| -|`AUTH_APP_JSONCS3_PROVIDER_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`OC_SYSTEM_USER_ID`
`AUTH_APP_JSONCS3_SYSTEM_USER_ID`| 4.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_IDP`
`AUTH_APP_JSONCS3_SYSTEM_USER_IDP`| 4.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| -|`OC_SYSTEM_USER_API_KEY`
`AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY`| 4.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`AUTH_APP_JSONCS3_PASSWORD_GENERATOR`| 4.0.0 |string|`The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'.`|`diceware`| -|`AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS`| 4.0.0 |int|`The number of words the generated passphrase will have.`|`6`| -|`AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH`| 4.0.0 |int|`The number of charactors the generated passwords will have.`|`0`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`AUTH_APP_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`AUTH_APP_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`AUTH_APP_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`AUTH_APP_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`AUTH_APP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`AUTH_APP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`AUTH_APP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`AUTH_APP_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`AUTH_APP_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9245| +|`AUTH_APP_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`AUTH_APP_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`AUTH_APP_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing traces in-memory.`|false| +|`AUTH_APP_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9246| +|`OC_GRPC_PROTOCOL`
`AUTH_APP_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`AUTH_APP_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9247| +|`AUTH_APP_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`OC_CORS_ALLOW_ORIGINS`
`AUTH_APP_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[*]| +|`OC_CORS_ALLOW_METHODS`
`AUTH_APP_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[GET POST DELETE]| +|`OC_CORS_ALLOW_HEADERS`
`AUTH_APP_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]| +|`OC_CORS_ALLOW_CREDENTIALS`
`AUTH_APP_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|true| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`OC_JWT_SECRET`
`AUTH_APP_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the access token. This reduces the token size, especially when users are members of a large number of groups.`|false| +|`OC_MACHINE_AUTH_API_KEY`
`AUTH_APP_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`The machine auth API key used to validate internal requests necessary to access resources from other services.`|| +|`AUTH_APP_ENABLE_IMPERSONATION`| 1.0.0 |bool|`Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments.`|false| +|`AUTH_APP_STORAGE_DRIVER`| next |string|`Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'.`|jsoncs3| +|`AUTH_APP_JSONCS3_PROVIDER_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`OC_SYSTEM_USER_ID`
`AUTH_APP_JSONCS3_SYSTEM_USER_ID`| next |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_IDP`
`AUTH_APP_JSONCS3_SYSTEM_USER_IDP`| next |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| +|`OC_SYSTEM_USER_API_KEY`
`AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY`| next |string|`API key for the STORAGE-SYSTEM system user.`|| +|`AUTH_APP_JSONCS3_PASSWORD_GENERATOR`| next |string|`The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'.`|diceware| +|`AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS`| next |int|`The number of words the generated passphrase will have.`|6| +|`AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH`| next |int|`The number of charactors the generated passwords will have.`|0| diff --git a/static/env-vars/auth-app_readme.md b/static/env-vars/auth-app_readme.md index 1e09e336..fc2eee14 100644 --- a/static/env-vars/auth-app_readme.md +++ b/static/env-vars/auth-app_readme.md @@ -1,6 +1,6 @@ --- title: Auth-App -date: 2025-11-27T22:56:02.331944+01:00 +date: 2025-11-11T09:16:41.110935855+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-app @@ -84,20 +84,20 @@ The `auth-app` service provides an API to create (POST), list (GET) and delete ( ``` Note that the `token` value in the response to the "List Tokens` request is not the actual - app token, but the UUID of the token. So this value cannot be used for authenticating + app token, but a hashed value of the token. So this value cannot be used for authenticating with the token. Example output: ``` [ { - "token": "155f402e-1c5c-411c-92d4-92f3b612cd99" + "token": "$2a$11$EyudDGAJ18bBf5NG6PL9Ru9gygZAu0oPyLawdieNjGozcbXyyuUhG", "expiration_date": "2024-08-08T13:44:31.025199075+02:00", "created_date": "2024-08-07T13:44:31+02:00", "label": "Generated via Impersonation API" }, { - "token": "8c606bdb-e22e-4094-9304-732fd4702bc9" + "token": "$2a$11$dfRBQrxRMPg8fvyvkFwaX.IPoIUiokvhzK.YNI/pCafk0us3MyPzy", "expiration_date": "2024-08-08T13:46:41.936052281+02:00", "created_date": "2024-08-07T13:46:42+02:00", "label": "Generated via Impersonation API" @@ -108,7 +108,7 @@ The `auth-app` service provides an API to create (POST), list (GET) and delete ( * **Delete a token**\ The DELETE request requires: * A `token` key/value pair in the form of `token=`. The value needs to be the hashed value as returned by the `List Tokens` respone.\ - Example: `token=8c606bdb-e22e-4094-9304-732fd4702bc9` + Example: `token=$2$Z3s2K7816M4vuSpd5` ```bash curl --request DELETE 'https:///auth-app/tokens?token={value}' \ --header 'accept: application/json' diff --git a/static/env-vars/auth-basic-config-example.yaml b/static/env-vars/auth-basic-config-example.yaml new file mode 100644 index 00000000..018284b0 --- /dev/null +++ b/static/env-vars/auth-basic-config-example.yaml @@ -0,0 +1,76 @@ +# Autogenerated +# Filename: auth-basic-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9147 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9146 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +auth_provider: ldap +auth_providers: + ldap: + uri: ldaps://localhost:9235 + ca_cert: /home/chaser/.opencloud/idm/ldap.crt + insecure: false + bind_dn: uid=reva,ou=sysusers,o=libregraph-idm + bind_password: "" + user_base_dn: ou=users,o=libregraph-idm + group_base_dn: ou=groups,o=libregraph-idm + user_scope: sub + group_scope: sub + user_filter: "" + group_filter: "" + user_object_class: inetOrgPerson + group_object_class: groupOfNames + login_attributes: + - uid + idp: https://localhost:9200 + disable_user_mechanism: attribute + ldap_disabled_users_group_dn: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm + user_schema: + id: openCloudUUID + tenant_id: "" + id_is_octet_string: false + mail: mail + display_name: displayname + user_name: uid + user_enabled: openCloudUserEnabled + group_schema: + id: openCloudUUID + id_is_octet_string: false + mail: mail + display_name: cn + group_name: cn + member: member + owncloudsql: + db_username: owncloud + db_password: "" + db_host: mysql + db_port: 3306 + db_name: owncloud + idp: https://localhost:9200 + nobody: 90 + join_username: false + join_owncloud_uuid: false diff --git a/static/env-vars/auth-basic_configvars.md b/static/env-vars/auth-basic_configvars.md index 5e86abc5..7fa0e4f1 100644 --- a/static/env-vars/auth-basic_configvars.md +++ b/static/env-vars/auth-basic_configvars.md @@ -1,59 +1,63 @@ Environment variables for the **auth-basic** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`AUTH_BASIC_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`AUTH_BASIC_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`AUTH_BASIC_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`AUTH_BASIC_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`AUTH_BASIC_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9147`| -|`AUTH_BASIC_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`AUTH_BASIC_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`AUTH_BASIC_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing traces in-memory.`|`false`| -|`AUTH_BASIC_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9146`| -|`OC_GRPC_PROTOCOL`
`AUTH_BASIC_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`AUTH_BASIC_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`AUTH_BASIC_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups.`|`false`| -|`AUTH_BASIC_AUTH_MANAGER`| 1.0.0 |string|`The authentication manager to check if credentials are valid. Supported value is 'ldap'.`|`ldap`| -|`OC_LDAP_URI`
`AUTH_BASIC_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`AUTH_BASIC_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| -|`OC_LDAP_INSECURE`
`AUTH_BASIC_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| -|`OC_LDAP_BIND_DN`
`AUTH_BASIC_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=reva,ou=sysusers,o=libregraph-idm`| -|`OC_LDAP_BIND_PASSWORD`
`AUTH_BASIC_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| -|`OC_LDAP_USER_BASE_DN`
`AUTH_BASIC_LDAP_USER_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|`ou=users,o=libregraph-idm`| -|`OC_LDAP_GROUP_BASE_DN`
`AUTH_BASIC_LDAP_GROUP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP groups.`|`ou=groups,o=libregraph-idm`| -|`OC_LDAP_USER_SCOPE`
`AUTH_BASIC_LDAP_USER_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'.`|`sub`| -|`OC_LDAP_GROUP_SCOPE`
`AUTH_BASIC_LDAP_GROUP_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'.`|`sub`| -|`OC_LDAP_USER_FILTER`
`AUTH_BASIC_LDAP_USER_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|``| -|`OC_LDAP_GROUP_FILTER`
`AUTH_BASIC_LDAP_GROUP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for group searches.`|``| -|`OC_LDAP_USER_OBJECTCLASS`
`AUTH_BASIC_LDAP_USER_OBJECTCLASS`| 1.0.0 |string|`The object class to use for users in the default user search filter ('inetOrgPerson').`|`inetOrgPerson`| -|`OC_LDAP_GROUP_OBJECTCLASS`
`AUTH_BASIC_LDAP_GROUP_OBJECTCLASS`| 1.0.0 |string|`The object class to use for groups in the default group search filter ('groupOfNames').`|`groupOfNames`| -|`LDAP_LOGIN_ATTRIBUTES`
`AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES`| 1.0.0 |[]string|`A list of user object attributes that can be used for login. See the Environment Variable Types description for more details.`|`[uid]`| -|`OC_URL`
`OC_OIDC_ISSUER`
`AUTH_BASIC_IDP_URL`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|`https://localhost:9200`| -|`OC_LDAP_DISABLE_USER_MECHANISM`
`AUTH_BASIC_DISABLE_USER_MECHANISM`| 1.0.0 |string|`An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed.`|`attribute`| -|`OC_LDAP_DISABLED_USERS_GROUP_DN`
`AUTH_BASIC_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|`cn=DisabledUsersGroup,ou=groups,o=libregraph-idm`| -|`OC_LDAP_USER_SCHEMA_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|`openCloudUUID`| -|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_TENANT_ID`| 4.0.0 |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``| -|`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs.`|`false`| -|`OC_LDAP_USER_SCHEMA_MAIL`
`AUTH_BASIC_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|`mail`| -|`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|`displayname`| -|`OC_LDAP_USER_SCHEMA_USERNAME`
`AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME`| 1.0.0 |string|`LDAP Attribute to use for username of users.`|`uid`| -|`OC_LDAP_USER_ENABLED_ATTRIBUTE`
`AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE`| 1.0.0 |string|`LDAP attribute to use as a flag telling if the user is enabled or disabled.`|`openCloudUserEnabled`| -|`OC_LDAP_GROUP_SCHEMA_ID`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID).`|`openCloudUUID`| -|`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group IDs.`|`false`| -|`OC_LDAP_GROUP_SCHEMA_MAIL`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of groups (can be empty).`|`mail`| -|`OC_LDAP_GROUP_SCHEMA_DISPLAYNAME`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).`|`cn`| -|`OC_LDAP_GROUP_SCHEMA_GROUPNAME`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME`| 1.0.0 |string|`LDAP Attribute to use for the name of groups.`|`cn`| -|`OC_LDAP_GROUP_SCHEMA_MEMBER`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER`| 1.0.0 |string|`LDAP Attribute that is used for group members.`|`member`| -|`AUTH_BASIC_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Database user to use for authenticating with the owncloud database.`|`owncloud`| -|`AUTH_BASIC_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database user.`|``| -|`AUTH_BASIC_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname of the database server.`|`mysql`| -|`AUTH_BASIC_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Network port to use for the database connection.`|`3306`| -|`AUTH_BASIC_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the owncloud database.`|`owncloud`| -|`AUTH_BASIC_OWNCLOUDSQL_IDP`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|`https://localhost:9200`| -|`AUTH_BASIC_OWNCLOUDSQL_NOBODY`| 1.0.0 |int64|`Fallback number if no numeric UID and GID properties are provided.`|`90`| -|`AUTH_BASIC_OWNCLOUDSQL_JOIN_USERNAME`| 1.0.0 |bool|`Join the user properties table to read usernames`|`false`| -|`AUTH_BASIC_OWNCLOUDSQL_JOIN_OWNCLOUD_UUID`| 1.0.0 |bool|`Join the user properties table to read user ID's.`|`false`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`AUTH_BASIC_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`AUTH_BASIC_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`AUTH_BASIC_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`AUTH_BASIC_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`AUTH_BASIC_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`AUTH_BASIC_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`AUTH_BASIC_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`AUTH_BASIC_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`AUTH_BASIC_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9147| +|`AUTH_BASIC_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`AUTH_BASIC_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`AUTH_BASIC_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing traces in-memory.`|false| +|`AUTH_BASIC_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9146| +|`OC_GRPC_PROTOCOL`
`AUTH_BASIC_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`AUTH_BASIC_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`AUTH_BASIC_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups.`|false| +|`AUTH_BASIC_AUTH_MANAGER`| 1.0.0 |string|`The authentication manager to check if credentials are valid. Supported value is 'ldap'.`|ldap| +|`OC_LDAP_URI`
`AUTH_BASIC_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|ldaps://localhost:9235| +|`OC_LDAP_CACERT`
`AUTH_BASIC_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|/home/chaser/.opencloud/idm/ldap.crt| +|`OC_LDAP_INSECURE`
`AUTH_BASIC_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|false| +|`OC_LDAP_BIND_DN`
`AUTH_BASIC_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|uid=reva,ou=sysusers,o=libregraph-idm| +|`OC_LDAP_BIND_PASSWORD`
`AUTH_BASIC_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|| +|`OC_LDAP_USER_BASE_DN`
`AUTH_BASIC_LDAP_USER_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|ou=users,o=libregraph-idm| +|`OC_LDAP_GROUP_BASE_DN`
`AUTH_BASIC_LDAP_GROUP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP groups.`|ou=groups,o=libregraph-idm| +|`OC_LDAP_USER_SCOPE`
`AUTH_BASIC_LDAP_USER_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'.`|sub| +|`OC_LDAP_GROUP_SCOPE`
`AUTH_BASIC_LDAP_GROUP_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'.`|sub| +|`OC_LDAP_USER_FILTER`
`AUTH_BASIC_LDAP_USER_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|| +|`OC_LDAP_GROUP_FILTER`
`AUTH_BASIC_LDAP_GROUP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for group searches.`|| +|`OC_LDAP_USER_OBJECTCLASS`
`AUTH_BASIC_LDAP_USER_OBJECTCLASS`| 1.0.0 |string|`The object class to use for users in the default user search filter ('inetOrgPerson').`|inetOrgPerson| +|`OC_LDAP_GROUP_OBJECTCLASS`
`AUTH_BASIC_LDAP_GROUP_OBJECTCLASS`| 1.0.0 |string|`The object class to use for groups in the default group search filter ('groupOfNames').`|groupOfNames| +|`LDAP_LOGIN_ATTRIBUTES`
`AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES`| 1.0.0 |[]string|`A list of user object attributes that can be used for login. See the Environment Variable Types description for more details.`|[uid]| +|`OC_URL`
`OC_OIDC_ISSUER`
`AUTH_BASIC_IDP_URL`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|https://localhost:9200| +|`OC_LDAP_DISABLE_USER_MECHANISM`
`AUTH_BASIC_DISABLE_USER_MECHANISM`| 1.0.0 |string|`An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed.`|attribute| +|`OC_LDAP_DISABLED_USERS_GROUP_DN`
`AUTH_BASIC_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|cn=DisabledUsersGroup,ou=groups,o=libregraph-idm| +|`OC_LDAP_USER_SCHEMA_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|openCloudUUID| +|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_TENANT_ID`| next |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|| +|`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs.`|false| +|`OC_LDAP_USER_SCHEMA_MAIL`
`AUTH_BASIC_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|mail| +|`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|displayname| +|`OC_LDAP_USER_SCHEMA_USERNAME`
`AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME`| 1.0.0 |string|`LDAP Attribute to use for username of users.`|uid| +|`OC_LDAP_USER_ENABLED_ATTRIBUTE`
`AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE`| 1.0.0 |string|`LDAP attribute to use as a flag telling if the user is enabled or disabled.`|openCloudUserEnabled| +|`OC_LDAP_GROUP_SCHEMA_ID`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID).`|openCloudUUID| +|`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group IDs.`|false| +|`OC_LDAP_GROUP_SCHEMA_MAIL`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of groups (can be empty).`|mail| +|`OC_LDAP_GROUP_SCHEMA_DISPLAYNAME`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).`|cn| +|`OC_LDAP_GROUP_SCHEMA_GROUPNAME`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME`| 1.0.0 |string|`LDAP Attribute to use for the name of groups.`|cn| +|`OC_LDAP_GROUP_SCHEMA_MEMBER`
`AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER`| 1.0.0 |string|`LDAP Attribute that is used for group members.`|member| +|`AUTH_BASIC_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Database user to use for authenticating with the owncloud database.`|owncloud| +|`AUTH_BASIC_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database user.`|| +|`AUTH_BASIC_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname of the database server.`|mysql| +|`AUTH_BASIC_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Network port to use for the database connection.`|3306| +|`AUTH_BASIC_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the owncloud database.`|owncloud| +|`AUTH_BASIC_OWNCLOUDSQL_IDP`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|https://localhost:9200| +|`AUTH_BASIC_OWNCLOUDSQL_NOBODY`| 1.0.0 |int64|`Fallback number if no numeric UID and GID properties are provided.`|90| +|`AUTH_BASIC_OWNCLOUDSQL_JOIN_USERNAME`| 1.0.0 |bool|`Join the user properties table to read usernames`|false| +|`AUTH_BASIC_OWNCLOUDSQL_JOIN_OWNCLOUD_UUID`| 1.0.0 |bool|`Join the user properties table to read user ID's.`|false| diff --git a/static/env-vars/auth-basic_readme.md b/static/env-vars/auth-basic_readme.md index 29adb32f..d620c350 100644 --- a/static/env-vars/auth-basic_readme.md +++ b/static/env-vars/auth-basic_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Basic -date: 2025-11-27T22:56:02.332069+01:00 +date: 2025-11-11T09:16:41.110998352+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-basic diff --git a/static/env-vars/auth-bearer-config-example.yaml b/static/env-vars/auth-bearer-config-example.yaml new file mode 100644 index 00000000..751d9cee --- /dev/null +++ b/static/env-vars/auth-bearer-config-example.yaml @@ -0,0 +1,36 @@ +# Autogenerated +# Filename: auth-bearer-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9149 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9148 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +oidc: + issuer: https://localhost:9200 + insecure: false + id_claim: preferred_username + uid_claim: "" + gid_claim: "" diff --git a/static/env-vars/auth-bearer_configvars.md b/static/env-vars/auth-bearer_configvars.md index ce85b095..ad344f83 100644 --- a/static/env-vars/auth-bearer_configvars.md +++ b/static/env-vars/auth-bearer_configvars.md @@ -1,24 +1,28 @@ Environment variables for the **auth-bearer** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`AUTH_BEARER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`AUTH_BEARER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`AUTH_BEARER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`AUTH_BEARER_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`AUTH_BEARER_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9149`| -|`AUTH_BEARER_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`AUTH_BEARER_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`AUTH_BEARER_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`AUTH_BEARER_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9148`| -|`OC_GRPC_PROTOCOL`
`AUTH_BEARER_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`AUTH_BEARER_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`AUTH_BEARER_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups.`|`false`| -|`OC_URL`
`OC_OIDC_ISSUER`
`AUTH_BEARER_OIDC_ISSUER`| 1.0.0 |string|`URL of the OIDC issuer. It defaults to URL of the builtin IDP.`|`https://localhost:9200`| -|`OC_INSECURE`
`AUTH_BEARER_OIDC_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the OIDC issuer.`|`false`| -|`AUTH_BEARER_OIDC_ID_CLAIM`| 1.0.0 |string|`Name of the claim, which holds the user identifier.`|`preferred_username`| -|`AUTH_BEARER_OIDC_UID_CLAIM`| 1.0.0 |string|`Name of the claim, which holds the UID.`|``| -|`AUTH_BEARER_OIDC_GID_CLAIM`| 1.0.0 |string|`Name of the claim, which holds the GID.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`AUTH_BEARER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`AUTH_BEARER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`AUTH_BEARER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`AUTH_BEARER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`AUTH_BEARER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`AUTH_BEARER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`AUTH_BEARER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`AUTH_BEARER_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`AUTH_BEARER_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9149| +|`AUTH_BEARER_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`AUTH_BEARER_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`AUTH_BEARER_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`AUTH_BEARER_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9148| +|`OC_GRPC_PROTOCOL`
`AUTH_BEARER_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`AUTH_BEARER_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`AUTH_BEARER_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups.`|false| +|`OC_URL`
`OC_OIDC_ISSUER`
`AUTH_BEARER_OIDC_ISSUER`| 1.0.0 |string|`URL of the OIDC issuer. It defaults to URL of the builtin IDP.`|https://localhost:9200| +|`OC_INSECURE`
`AUTH_BEARER_OIDC_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the OIDC issuer.`|false| +|`AUTH_BEARER_OIDC_ID_CLAIM`| 1.0.0 |string|`Name of the claim, which holds the user identifier.`|preferred_username| +|`AUTH_BEARER_OIDC_UID_CLAIM`| 1.0.0 |string|`Name of the claim, which holds the UID.`|| +|`AUTH_BEARER_OIDC_GID_CLAIM`| 1.0.0 |string|`Name of the claim, which holds the GID.`|| diff --git a/static/env-vars/auth-bearer_readme.md b/static/env-vars/auth-bearer_readme.md index fa141399..7dd2332b 100644 --- a/static/env-vars/auth-bearer_readme.md +++ b/static/env-vars/auth-bearer_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Bearer -date: 2025-11-27T22:56:02.332138+01:00 +date: 2025-11-11T09:16:41.111057634+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-bearer diff --git a/static/env-vars/auth-machine-config-example.yaml b/static/env-vars/auth-machine-config-example.yaml new file mode 100644 index 00000000..5d98107a --- /dev/null +++ b/static/env-vars/auth-machine-config-example.yaml @@ -0,0 +1,31 @@ +# Autogenerated +# Filename: auth-machine-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9167 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9166 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +machine_auth_api_key: "" diff --git a/static/env-vars/auth-machine_configvars.md b/static/env-vars/auth-machine_configvars.md index 11f65a55..bca77ae9 100644 --- a/static/env-vars/auth-machine_configvars.md +++ b/static/env-vars/auth-machine_configvars.md @@ -1,20 +1,24 @@ Environment variables for the **auth-machine** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`AUTH_MACHINE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`AUTH_MACHINE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`AUTH_MACHINE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`AUTH_MACHINE_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`AUTH_MACHINE_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9167`| -|`AUTH_MACHINE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`AUTH_MACHINE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`AUTH_MACHINE_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`AUTH_MACHINE_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9166`| -|`OC_GRPC_PROTOCOL`
`AUTH_MACHINE_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`AUTH_MACHINE_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups.`|`false`| -|`OC_MACHINE_AUTH_API_KEY`
`AUTH_MACHINE_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary for the access to resources from other services.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`AUTH_MACHINE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`AUTH_MACHINE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`AUTH_MACHINE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`AUTH_MACHINE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`AUTH_MACHINE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`AUTH_MACHINE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`AUTH_MACHINE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`AUTH_MACHINE_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`AUTH_MACHINE_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9167| +|`AUTH_MACHINE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`AUTH_MACHINE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`AUTH_MACHINE_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`AUTH_MACHINE_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9166| +|`OC_GRPC_PROTOCOL`
`AUTH_MACHINE_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`AUTH_MACHINE_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups.`|false| +|`OC_MACHINE_AUTH_API_KEY`
`AUTH_MACHINE_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary for the access to resources from other services.`|| diff --git a/static/env-vars/auth-machine_readme.md b/static/env-vars/auth-machine_readme.md index ec99dc8c..4f97963c 100644 --- a/static/env-vars/auth-machine_readme.md +++ b/static/env-vars/auth-machine_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Machine -date: 2025-11-27T22:56:02.332206+01:00 +date: 2025-11-11T09:16:41.111114591+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-machine diff --git a/static/env-vars/auth-service-config-example.yaml b/static/env-vars/auth-service-config-example.yaml new file mode 100644 index 00000000..2e365b98 --- /dev/null +++ b/static/env-vars/auth-service-config-example.yaml @@ -0,0 +1,32 @@ +# Autogenerated +# Filename: auth-service-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9198 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9199 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +service_account: + service_account_id: "" + service_account_secret: "" diff --git a/static/env-vars/auth-service_configvars.md b/static/env-vars/auth-service_configvars.md index 7b90239d..2119b01c 100644 --- a/static/env-vars/auth-service_configvars.md +++ b/static/env-vars/auth-service_configvars.md @@ -1,20 +1,24 @@ Environment variables for the **auth-service** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`AUTH_SERVICE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`AUTH_SERVICE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`AUTH_SERVICE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`AUTH_SERVICE_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`AUTH_SERVICE_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9198`| -|`AUTH_SERVICE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`AUTH_SERVICE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`AUTH_SERVICE_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`AUTH_SERVICE_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9199`| -|`OC_GRPC_PROTOCOL`
`AUTH_SERVICE_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`AUTH_SERVICE_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OC_SERVICE_ACCOUNT_ID`
`AUTH_SERVICE_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`AUTH_SERVICE_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`AUTH_SERVICE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`AUTH_SERVICE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`AUTH_SERVICE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`AUTH_SERVICE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`AUTH_SERVICE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`AUTH_SERVICE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`AUTH_SERVICE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`AUTH_SERVICE_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`AUTH_SERVICE_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9198| +|`AUTH_SERVICE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`AUTH_SERVICE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`AUTH_SERVICE_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`AUTH_SERVICE_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9199| +|`OC_GRPC_PROTOCOL`
`AUTH_SERVICE_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`AUTH_SERVICE_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OC_SERVICE_ACCOUNT_ID`
`AUTH_SERVICE_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`AUTH_SERVICE_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| diff --git a/static/env-vars/auth-service_readme.md b/static/env-vars/auth-service_readme.md index 3452959c..ac4ee70f 100644 --- a/static/env-vars/auth-service_readme.md +++ b/static/env-vars/auth-service_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Service -date: 2025-11-27T22:56:02.332268+01:00 +date: 2025-11-11T09:16:41.111177429+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-service diff --git a/static/env-vars/clientlog-config-example.yaml b/static/env-vars/clientlog-config-example.yaml new file mode 100644 index 00000000..51f97462 --- /dev/null +++ b/static/env-vars/clientlog-config-example.yaml @@ -0,0 +1,33 @@ +# Autogenerated +# Filename: clientlog-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9260 + token: "" + pprof: false + zpages: false +grpc_client_tls: null +token_manager: + jwt_secret: "" +reva_gateway: eu.opencloud.api.gateway +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +service_account: + service_account_id: "" + service_account_secret: "" diff --git a/static/env-vars/clientlog_configvars.md b/static/env-vars/clientlog_configvars.md index 0ba67365..e1fac8be 100644 --- a/static/env-vars/clientlog_configvars.md +++ b/static/env-vars/clientlog_configvars.md @@ -1,23 +1,27 @@ Environment variables for the **clientlog** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`CLIENTLOG_USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`CLIENTLOG_USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`CLIENTLOG_USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`CLIENTLOG_USERLOG_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`CLIENTLOG_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9260`| -|`CLIENTLOG_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`CLIENTLOG_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`CLIENTLOG_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OC_JWT_SECRET`
`CLIENTLOG_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|`eu.opencloud.api.gateway`| -|`OC_EVENTS_ENDPOINT`
`CLIENTLOG_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`CLIENTLOG_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`CLIENTLOG_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`CLIENTLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`CLIENTLOG_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`CLIENTLOG_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`CLIENTLOG_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_SERVICE_ACCOUNT_ID`
`CLIENTLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`CLIENTLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`CLIENTLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`CLIENTLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`CLIENTLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`CLIENTLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`CLIENTLOG_USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`CLIENTLOG_USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`CLIENTLOG_USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`CLIENTLOG_USERLOG_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`CLIENTLOG_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9260| +|`CLIENTLOG_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`CLIENTLOG_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`CLIENTLOG_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OC_JWT_SECRET`
`CLIENTLOG_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|eu.opencloud.api.gateway| +|`OC_EVENTS_ENDPOINT`
`CLIENTLOG_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`CLIENTLOG_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`CLIENTLOG_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`CLIENTLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`CLIENTLOG_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`CLIENTLOG_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`CLIENTLOG_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_SERVICE_ACCOUNT_ID`
`CLIENTLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`CLIENTLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| diff --git a/static/env-vars/clientlog_readme.md b/static/env-vars/clientlog_readme.md index ae27070c..6bfb22e5 100644 --- a/static/env-vars/clientlog_readme.md +++ b/static/env-vars/clientlog_readme.md @@ -1,6 +1,6 @@ --- title: Clientlog Service -date: 2025-11-27T22:56:02.332344+01:00 +date: 2025-11-11T09:16:41.111232693+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/clientlog diff --git a/static/env-vars/collaboration-config-example.yaml b/static/env-vars/collaboration-config-example.yaml new file mode 100644 index 00000000..3d1764ec --- /dev/null +++ b/static/env-vars/collaboration-config-example.yaml @@ -0,0 +1,63 @@ +# Autogenerated +# Filename: collaboration-config-example.yaml + +app: + name: Collabora + product: "" + description: Open office documents with Collabora + icon: image-edit + addr: https://127.0.0.1:9980 + insecure: false + proofkeys: + disable: false + duration: 12h + licensecheckenable: false +store: + store: nats-js-kv + nodes: + - 127.0.0.1:9233 + database: collaboration + table: "" + ttl: 30m0s + username: "" + password: "" +token_manager: + jwt_secret: "" +grpc: + addr: 127.0.0.1:9301 + protocol: tcp +http: + addr: 127.0.0.1:9300 + tls: + enabled: false + cert: "" + key: "" +wopi: + wopisrc: https://localhost:9300 + secret: "" + disable_chat: false + proxy_url: "" + proxy_secret: "" + short_tokens: false +cs3api: + gateway: + name: eu.opencloud.api.gateway + datagateway: + insecure: false + grpc_client_tls: null + app_registration_interval: 30s +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9304 + token: "" + pprof: false + zpages: false diff --git a/static/env-vars/collaboration_configvars.md b/static/env-vars/collaboration_configvars.md index 69eaa680..7bd84bbe 100644 --- a/static/env-vars/collaboration_configvars.md +++ b/static/env-vars/collaboration_configvars.md @@ -1,45 +1,49 @@ Environment variables for the **collaboration** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`COLLABORATION_SERVICE_NAME`| 3.6.0 |string|`The name of the service which is registered. You only need to change this when more than one collaboration service is needed.`|`collaboration`| -|`COLLABORATION_APP_NAME`| 1.0.0 |string|`The name of the app which is shown to the user. You can chose freely but you are limited to a single word without special characters or whitespaces. We recommend to use pascalCase like 'CollaboraOnline'.`|`Collabora`| -|`COLLABORATION_APP_PRODUCT`| 1.0.0 |string|`The WebOffice app, either Collabora, OnlyOffice, Microsoft365 or MicrosoftOfficeOnline.`|``| -|`COLLABORATION_APP_DESCRIPTION`| 1.0.0 |string|`App description`|`Open office documents with Collabora`| -|`COLLABORATION_APP_ICON`| 1.0.0 |string|`Icon for the app`|`image-edit`| -|`COLLABORATION_APP_ADDR`| 1.0.0 |string|`The URL where the WOPI app is located, such as \https://127.0.0.1:8080.`|`https://127.0.0.1:9980`| -|`COLLABORATION_APP_INSECURE`| 1.0.0 |bool|`Skip TLS certificate verification when connecting to the WOPI app`|`false`| -|`COLLABORATION_APP_PROOF_DISABLE`| 1.0.0 |bool|`Disable the proof keys verification`|`false`| -|`COLLABORATION_APP_PROOF_DURATION`| 1.0.0 |string|`Duration for the proof keys to be cached in memory, using time.ParseDuration format. If the duration can't be parsed, we'll use the default 12h as duration`|`12h`| -|`COLLABORATION_APP_LICENSE_CHECK_ENABLE`| 1.0.0 |bool|`Enable license checking to edit files. Needs to be enabled when using Microsoft365 with the business flow.`|`false`| -|`OC_PERSISTENT_STORE`
`COLLABORATION_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|`nats-js-kv`| -|`OC_PERSISTENT_STORE_NODES`
`COLLABORATION_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`COLLABORATION_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`collaboration`| -|`COLLABORATION_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|``| -|`OC_PERSISTENT_STORE_TTL`
`COLLABORATION_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. Defaults to '30m' (30 minutes). See the Environment Variable Types description for more details.`|`30m0s`| -|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`COLLABORATION_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`COLLABORATION_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_JWT_SECRET`
`COLLABORATION_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`COLLABORATION_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9301`| -|`OC_GRPC_PROTOCOL`
`COLLABORATION_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`COLLABORATION_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9300`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`COLLABORATION_WOPI_SRC`| 1.0.0 |string|`The WOPI source base URL containing schema, host and port. Set this to the schema and domain where the collaboration service is reachable for the wopi app, such as \https://office.example.test.`|`https://localhost:9300`| -|`COLLABORATION_WOPI_SECRET`| 1.0.0 |string|`Used to mint and verify WOPI JWT tokens and encrypt and decrypt the REVA JWT token embedded in the WOPI JWT token.`|``| -|`COLLABORATION_WOPI_DISABLE_CHAT`
`OC_WOPI_DISABLE_CHAT`| 1.0.0 |bool|`Disable chat in the office web frontend. This feature applies to OnlyOffice and Microsoft.`|`false`| -|`COLLABORATION_WOPI_PROXY_URL`| 1.0.0 |string|`The URL to the OpenCloud WOPI proxy. Optional. To use this feature, you need an office365 proxy subscription. If you become part of the Microsoft CSP program (\https://learn.microsoft.com/en-us/partner-center/enroll/csp-overview), you can use WebOffice without a proxy.`|``| -|`COLLABORATION_WOPI_PROXY_SECRET`| 1.0.0 |string|`Optional, the secret to authenticate against the OpenCloud WOPI proxy. This secret can be obtained from OpenCloud via the office365 proxy subscription.`|``| -|`COLLABORATION_WOPI_SHORTTOKENS`| 1.0.0 |bool|`Use short access tokens for WOPI access. This is useful for office packages, like Microsoft Office Online, which have URL length restrictions. If enabled, a persistent store must be configured.`|`false`| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata.`|`eu.opencloud.api.gateway`| -|`COLLABORATION_CS3API_DATAGATEWAY_INSECURE`| 1.0.0 |bool|`Connect to the CS3API data gateway insecurely.`|`false`| -|`COLLABORATION_CS3API_APP_REGISTRATION_INTERVAL`| 4.0.0 |Duration|`The interval at which the app provider registers itself.`|`30s`| -|`OC_LOG_LEVEL`
`COLLABORATION_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`COLLABORATION_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`COLLABORATION_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`COLLABORATION_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`COLLABORATION_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9304`| -|`COLLABORATION_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`COLLABORATION_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`COLLABORATION_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| +|---|---|---|---|---| +|`COLLABORATION_SERVICE_NAME`| 3.6.0 |string|`The name of the service which is registered. You only need to change this when more than one collaboration service is needed.`|collaboration| +|`COLLABORATION_APP_NAME`| 1.0.0 |string|`The name of the app which is shown to the user. You can chose freely but you are limited to a single word without special characters or whitespaces. We recommend to use pascalCase like 'CollaboraOnline'.`|Collabora| +|`COLLABORATION_APP_PRODUCT`| 1.0.0 |string|`The WebOffice app, either Collabora, OnlyOffice, Microsoft365 or MicrosoftOfficeOnline.`|| +|`COLLABORATION_APP_DESCRIPTION`| 1.0.0 |string|`App description`|Open office documents with Collabora| +|`COLLABORATION_APP_ICON`| 1.0.0 |string|`Icon for the app`|image-edit| +|`COLLABORATION_APP_ADDR`| 1.0.0 |string|`The URL where the WOPI app is located, such as \https://127.0.0.1:8080.`|https://127.0.0.1:9980| +|`COLLABORATION_APP_INSECURE`| 1.0.0 |bool|`Skip TLS certificate verification when connecting to the WOPI app`|false| +|`COLLABORATION_APP_PROOF_DISABLE`| 1.0.0 |bool|`Disable the proof keys verification`|false| +|`COLLABORATION_APP_PROOF_DURATION`| 1.0.0 |string|`Duration for the proof keys to be cached in memory, using time.ParseDuration format. If the duration can't be parsed, we'll use the default 12h as duration`|12h| +|`COLLABORATION_APP_LICENSE_CHECK_ENABLE`| 1.0.0 |bool|`Enable license checking to edit files. Needs to be enabled when using Microsoft365 with the business flow.`|false| +|`OC_PERSISTENT_STORE`
`COLLABORATION_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|nats-js-kv| +|`OC_PERSISTENT_STORE_NODES`
`COLLABORATION_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`COLLABORATION_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|collaboration| +|`COLLABORATION_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|| +|`OC_PERSISTENT_STORE_TTL`
`COLLABORATION_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. Defaults to '30m' (30 minutes). See the Environment Variable Types description for more details.`|30m0s| +|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`COLLABORATION_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`COLLABORATION_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_JWT_SECRET`
`COLLABORATION_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`COLLABORATION_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9301| +|`OC_GRPC_PROTOCOL`
`COLLABORATION_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`COLLABORATION_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9300| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`COLLABORATION_WOPI_SRC`| 1.0.0 |string|`The WOPI source base URL containing schema, host and port. Set this to the schema and domain where the collaboration service is reachable for the wopi app, such as \https://office.example.test.`|https://localhost:9300| +|`COLLABORATION_WOPI_SECRET`| 1.0.0 |string|`Used to mint and verify WOPI JWT tokens and encrypt and decrypt the REVA JWT token embedded in the WOPI JWT token.`|| +|`COLLABORATION_WOPI_DISABLE_CHAT`
`OC_WOPI_DISABLE_CHAT`| 1.0.0 |bool|`Disable chat in the office web frontend. This feature applies to OnlyOffice and Microsoft.`|false| +|`COLLABORATION_WOPI_PROXY_URL`| 1.0.0 |string|`The URL to the OpenCloud WOPI proxy. Optional. To use this feature, you need an office365 proxy subscription. If you become part of the Microsoft CSP program (\https://learn.microsoft.com/en-us/partner-center/enroll/csp-overview), you can use WebOffice without a proxy.`|| +|`COLLABORATION_WOPI_PROXY_SECRET`| 1.0.0 |string|`Optional, the secret to authenticate against the OpenCloud WOPI proxy. This secret can be obtained from OpenCloud via the office365 proxy subscription.`|| +|`COLLABORATION_WOPI_SHORTTOKENS`| 1.0.0 |bool|`Use short access tokens for WOPI access. This is useful for office packages, like Microsoft Office Online, which have URL length restrictions. If enabled, a persistent store must be configured.`|false| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata.`|eu.opencloud.api.gateway| +|`COLLABORATION_CS3API_DATAGATEWAY_INSECURE`| 1.0.0 |bool|`Connect to the CS3API data gateway insecurely.`|false| +|`COLLABORATION_CS3API_APP_REGISTRATION_INTERVAL`| next |Duration|`The interval at which the app provider registers itself.`|30s| +|`OC_TRACING_ENABLED`
`COLLABORATION_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`COLLABORATION_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`COLLABORATION_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`COLLABORATION_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`COLLABORATION_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`COLLABORATION_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`COLLABORATION_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`COLLABORATION_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`COLLABORATION_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9304| +|`COLLABORATION_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`COLLABORATION_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`COLLABORATION_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| diff --git a/static/env-vars/collaboration_readme.md b/static/env-vars/collaboration_readme.md index 8a1d29fe..321c11a7 100644 --- a/static/env-vars/collaboration_readme.md +++ b/static/env-vars/collaboration_readme.md @@ -1,6 +1,6 @@ --- title: Collaboration -date: 2025-11-27T22:56:02.332416+01:00 +date: 2025-11-11T09:16:41.1112898+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/collaboration diff --git a/static/env-vars/eventhistory-config-example.yaml b/static/env-vars/eventhistory-config-example.yaml new file mode 100644 index 00000000..5230859f --- /dev/null +++ b/static/env-vars/eventhistory-config-example.yaml @@ -0,0 +1,39 @@ +# Autogenerated +# Filename: eventhistory-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9270 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9274 + tls: null +grpc_client_tls: null +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +store: + store: nats-js-kv + nodes: + - 127.0.0.1:9233 + database: eventhistory + table: "" + ttl: 336h0m0s + username: "" + password: "" diff --git a/static/env-vars/eventhistory_configvars.md b/static/env-vars/eventhistory_configvars.md index 00df06cd..060b64cf 100644 --- a/static/env-vars/eventhistory_configvars.md +++ b/static/env-vars/eventhistory_configvars.md @@ -1,27 +1,31 @@ Environment variables for the **eventhistory** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`EVENTHISTORY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`EVENTHISTORY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`EVENTHISTORY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`EVENTHISTORY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`EVENTHISTORY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9270`| -|`EVENTHISTORY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`EVENTHISTORY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`EVENTHISTORY_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`EVENTHISTORY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9274`| -|`OC_EVENTS_ENDPOINT`
`EVENTHISTORY_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`EVENTHISTORY_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`EVENTHISTORY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`EVENTHISTORY_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. Will be seen as empty if NOTIFICATIONS_EVENTS_TLS_INSECURE is provided.`|``| -|`OC_EVENTS_ENABLE_TLS`
`EVENTHISTORY_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`EVENTHISTORY_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`EVENTHISTORY_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_PERSISTENT_STORE`
`EVENTHISTORY_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|`nats-js-kv`| -|`OC_PERSISTENT_STORE_NODES`
`EVENTHISTORY_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`EVENTHISTORY_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`eventhistory`| -|`EVENTHISTORY_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|``| -|`OC_PERSISTENT_STORE_TTL`
`EVENTHISTORY_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.`|`336h0m0s`| -|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`EVENTHISTORY_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`EVENTHISTORY_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`EVENTHISTORY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`EVENTHISTORY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`EVENTHISTORY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`EVENTHISTORY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`EVENTHISTORY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`EVENTHISTORY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`EVENTHISTORY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`EVENTHISTORY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`EVENTHISTORY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9270| +|`EVENTHISTORY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`EVENTHISTORY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`EVENTHISTORY_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`EVENTHISTORY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9274| +|`OC_EVENTS_ENDPOINT`
`EVENTHISTORY_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`EVENTHISTORY_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`EVENTHISTORY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`EVENTHISTORY_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. Will be seen as empty if NOTIFICATIONS_EVENTS_TLS_INSECURE is provided.`|| +|`OC_EVENTS_ENABLE_TLS`
`EVENTHISTORY_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`EVENTHISTORY_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`EVENTHISTORY_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_PERSISTENT_STORE`
`EVENTHISTORY_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|nats-js-kv| +|`OC_PERSISTENT_STORE_NODES`
`EVENTHISTORY_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`EVENTHISTORY_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|eventhistory| +|`EVENTHISTORY_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|| +|`OC_PERSISTENT_STORE_TTL`
`EVENTHISTORY_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.`|336h0m0s| +|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`EVENTHISTORY_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`EVENTHISTORY_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| diff --git a/static/env-vars/eventhistory_readme.md b/static/env-vars/eventhistory_readme.md index 6d31ac18..55dae54b 100644 --- a/static/env-vars/eventhistory_readme.md +++ b/static/env-vars/eventhistory_readme.md @@ -1,6 +1,6 @@ --- title: Eventhistory -date: 2025-11-27T22:56:02.332506+01:00 +date: 2025-11-11T09:16:41.111351687+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/eventhistory diff --git a/static/env-vars/extended_configvars.md b/static/env-vars/extended_configvars.md index 9e1abaec..2b2fac85 100644 --- a/static/env-vars/extended_configvars.md +++ b/static/env-vars/extended_configvars.md @@ -1,13 +1,108 @@ # Environment variables with extended scope not included in a service -| Name | Type | Default Value | Description | +| Name | Type | Description | Default Value | |---|---|---|---| -`EXPERIMENTAL_REGISTER_INTERVAL` | duration | 25s | The interval at which services will re-register themselves with the registry to prevent expiry. Only change on supervision of openCloud Support. | -`EXPERIMENTAL_REGISTER_TTL` | duration | 30s | The time-to-live for a service registration in the registry. Services must re-register before this time to prevent expiry. Only change on supervision of openCloud Support. | -`MICRO_LOG_LEVEL` | string | Error | Set the log level for the internal go micro framework. Only change on supervision of openCloud Support. | -`MICRO_REGISTRY` | string | nats-js-kv | The type of registry to use. Only change on supervision of openCloud Support. | -`MICRO_REGISTRY_ADDRESS` | string | 127.0.0.1:9233 | The bind address of the internal natsjs registry. Only change on supervision of openCloud Support. | -`MICRO_REGISTRY_AUTH_PASSWORD` | string | | Optional when using nats to authenticate with the nats cluster. | -`OC_BASE_DATA_PATH` | string | | The base directory location used by several services and for user data. See the General Info section in the documentation for more details on defaults. Services can have, if available, an individual setting with an own environment variable. | -`OC_CONFIG_DIR` | string | | The default directory location for config files. See the General Info section in the documentation for more details on defaults. | -`OC_GRPC_MAX_RECEIVED_MESSAGE_SIZE` | integer | 10240000 | Sets the maximum message size in bytes the GRPC client can receive. | \ No newline at end of file +`CI` | | | | +`CI` | | | | +`CI_SYSTEM_NAME` | | | | +`CI_SYSTEM_NAME` | | | | +`CS3_GATEWAY` | | | | +`CS3_GATEWAY` | | | | +`CS3_MACHINE_AUTH_API_KEY` | | | | +`CS3_MACHINE_AUTH_API_KEY` | | | | +`DAYS` | | | | +`DAYS` | | | | +`GITHUB_API_TOKEN` | | | | +`GRACEFUL` | | | | +`GRACEFUL` | | | | +`HOSTNAME` | | | | +`HOSTNAME` | | | | +`HOSTNAME` | | | | +`HOSTNAME` | | | | +`HOSTNAME` | | | | +`HOSTNAME` | | | | +`HOSTNAME` | | | | +`KOPANO_DEBUG_SERVER_REQUEST_LOG` | | | | +`LDAP_BASEDN` | | | | +`LDAP_BINDDN` | | | | +`LDAP_BINDPW` | | | | +`LDAP_EMAIL_ATTRIBUTE` | | | | +`LDAP_FAMILY_NAME_ATTRIBUTE` | | | | +`LDAP_FILTER` | | | | +`LDAP_GIVEN_NAME_ATTRIBUTE` | | | | +`LDAP_LOGIN_ATTRIBUTE` | | | | +`LDAP_NAME_ATTRIBUTE` | | | | +`LDAP_SCOPE` | | | | +`LDAP_SUB_ATTRIBUTES` | | | | +`LDAP_TLS_CACERT` | | | | +`LDAP_UIDNUMBER_ATTRIBUTE` | | | | +`LDAP_URI` | | | | +`LDAP_UUID_ATTRIBUTE` | | | | +`LDAP_UUID_ATTRIBUTE_TYPE` | | | | +`LIBREGRAPH_SCOPED_URIS` | | | | +`LIBREGRAPH_URI` | | | | +`LICOD_ENCRYPTION_SECRET` | | | | +`LICOD_SIGNING_KID` | | | | +`LICOD_VALIDATION_KEYS_PATH` | | | | +`MICRO_LOG_LEVEL` | | | | +`MICRO_LOG_LEVEL` | | | | +`MICRO_LOG_LEVEL` | | | | +`MICRO_LOG_LEVEL` | | | | +`MONTH` | | | | +`MONTH` | | | | +`NEXTCLOUD` | | | | +`NEXTCLOUD` | | | | +`NEXTCLOUD` | | | | +`NEXTCLOUD` | | | | +`OC_BASE_DATA_PATH` | | | | +`OC_BASE_DATA_PATH` | | | | +`OC_CONFIG_DIR` | | | | +`OC_CONFIG_DIR` | | | | +`OC_GRPC_MAX_RECEIVED_MESSAGE_SIZE` | | | | +`REDIS_ADDRESS` | | | | +`REVA_APPPROVIDER_IOPSECRET` | | | | +`REVA_SMTP_SENDER_PASSWORD` | | | | +`RUN_CMD_TEST` | | | | +`RUN_CMD_TEST` | | | | +`RUN_LDAP_TESTS` | | | | +`RUN_LDAP_TESTS` | | | | +`RUN_LDAP_TESTS` | | | | +`SQL_ADDRESS` | | | | +`SQL_DBNAME` | | | | +`SQL_PASSWORD` | | | | +`SQL_USERNAME` | | | | +`USE_TESTCONTAINERS` | | | | +`USE_TESTCONTAINERS` | | | | +`YEAR` | | | | +`YEAR` | | | | +`_registryAddressEnv` | | | | +`_registryAddressEnv` | | | | +`_registryAddressEnv` | | | | +`_registryAddressEnv` | | | | +`_registryAddressEnv` | | | | +`_registryAddressEnv` | | | | +`_registryAddressEnv` | | | | +`_registryAddressEnv` | | | | +`_registryEnv` | | | | +`_registryEnv` | | | | +`_registryEnv` | | | | +`_registryEnv` | | | | +`_registryPasswordEnv` | | | | +`_registryPasswordEnv` | | | | +`_registryPasswordEnv` | | | | +`_registryPasswordEnv` | | | | +`_registryRegisterIntervalEnv` | | | | +`_registryRegisterIntervalEnv` | | | | +`_registryRegisterTTLEnv` | | | | +`_registryRegisterTTLEnv` | | | | +`_registryUsernameEnv` | | | | +`_registryUsernameEnv` | | | | +`_registryUsernameEnv` | | | | +`_registryUsernameEnv` | | | | +`_serverMaxConnectionAgeEnv` | | | | +`_serverMaxConnectionAgeEnv` | | | | +`_serverMaxConnectionAgeEnv` | | | | + + + + \ No newline at end of file diff --git a/static/env-vars/frontend-config-example.yaml b/static/env-vars/frontend-config-example.yaml new file mode 100644 index 00000000..572ec050 --- /dev/null +++ b/static/env-vars/frontend-config-example.yaml @@ -0,0 +1,154 @@ +# Autogenerated +# Filename: frontend-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9141 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9140 + protocol: tcp + prefix: "" + cors: + allow_origins: + - https://localhost:9200 + allow_methods: + - OPTIONS + - HEAD + - GET + - PUT + - POST + - PATCH + - DELETE + - MKCOL + - PROPFIND + - PROPPATCH + - MOVE + - COPY + - REPORT + - SEARCH + allow_headers: + - Origin + - Accept + - Content-Type + - Depth + - Authorization + - Ocs-Apirequest + - If-None-Match + - If-Match + - Destination + - Overwrite + - X-Request-Id + - X-Requested-With + - Tus-Resumable + - Tus-Checksum-Algorithm + - Upload-Concat + - Upload-Length + - Upload-Metadata + - Upload-Defer-Length + - Upload-Expires + - Upload-Checksum + - Upload-Offset + - X-HTTP-Method-Override + - Cache-Control + allow_credentials: false +transfer_secret: "" +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +machine_auth_api_key: "" +skip_user_groups_in_token: false +enable_favorites: false +max_quota: 0 +upload_max_chunk_size: 10000000 +upload_http_method_override: "" +default_upload_protocol: tus +enable_federated_sharing_incoming: false +enable_federated_sharing_outgoing: false +search_min_length: 3 +edition: "" +disable_sse: false +default_link_permissions: 1 +public_url: https://localhost:9200 +max_concurrency: 1 +app_handler: + insecure: false + secure_view_app_addr: eu.opencloud.api.collaboration +archiver: + max_num_files: 10000 + max_size: 1073741824 + insecure: false +data_gateway: + prefix: data +ocs: + prefix: ocs + share_prefix: /Shares + home_namespace: /users/{{.Id.OpaqueId}} + additional_info_attribute: '{{.Mail}}' + stat_cache_type: memory + stat_cache_nodes: + - 127.0.0.1:9233 + stat_cache_database: cache-stat + stat_cache_table: "" + stat_cache_ttl: 5m0s + stat_cache_disable_persistence: false + stat_cache_auth_username: "" + stat_cache_auth_password: "" + enable_denials: false + list_ocm_shares: true + include_ocm_sharees: false + public_sharing_share_must_have_password: true + public_sharing_writeableshare_must_have_password: false + show_email_in_results: false +checksums: + supported_types: + - sha1 + - md5 + - adler32 + preferred_upload_type: sha1 +read_only_user_attributes: [] +ldap_server_write_enabled: true +edit_login_allowed_disabled: false +full_text_search: false +check_for_updates: true +middleware: + auth: + credentials_by_user_agent: {} +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +grpc_client_tls: null +auto_accept_shares: true +service_account: + service_account_id: "" + service_account_secret: "" +password_policy: + min_characters: 8 + min_lowercase_characters: 1 + min_uppercase_characters: 1 + min_digits: 1 + min_special_characters: 1 + banned_passwords_list: "" +configurable_notifications: false +groupware: + enabled: false diff --git a/static/env-vars/frontend_configvars.md b/static/env-vars/frontend_configvars.md index 415a7032..c4d603c6 100644 --- a/static/env-vars/frontend_configvars.md +++ b/static/env-vars/frontend_configvars.md @@ -1,10 +1,10 @@ -2025-11-27-22-55-58 +2025-11-11-09-16-18 # Deprecation Notice | Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement | -|---|---|---|:---| +|---|---|---|---| | The OCS API is deprecated | 1.0.0 | next-prod | | | The OCS API is deprecated | 1.0.0 | next-prod | | | The OCS API is deprecated | 1.0.0 | next-prod | | @@ -24,90 +24,93 @@ Environment variables for the **frontend** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`FRONTEND_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`FRONTEND_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`FRONTEND_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`FRONTEND_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`FRONTEND_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9141`| -|`FRONTEND_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`FRONTEND_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`FRONTEND_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`FRONTEND_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9140`| -|`FRONTEND_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|`tcp`| -|`FRONTEND_HTTP_PREFIX`| 1.0.0 |string|`The Path prefix where the frontend can be accessed (defaults to /).`|``| -|`OC_CORS_ALLOW_ORIGINS`
`FRONTEND_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[https://localhost:9200]`| -|`OC_CORS_ALLOW_METHODS`
`FRONTEND_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[OPTIONS HEAD GET PUT POST PATCH DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]`| -|`OC_CORS_ALLOW_HEADERS`
`FRONTEND_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`FRONTEND_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`false`| -|`OC_TRANSFER_SECRET`| 1.0.0 |string|`Transfer secret for signing file up- and download requests.`|``| -|`OC_JWT_SECRET`
`FRONTEND_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OC_MACHINE_AUTH_API_KEY`
`FRONTEND_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`The machine auth API key used to validate internal requests necessary to access resources from other services.`|``| -|`FRONTEND_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`FRONTEND_ENABLE_FAVORITES`| 1.0.0 |bool|`Enables the support for favorites in the clients.`|`false`| -|`OC_SPACES_MAX_QUOTA`
`FRONTEND_MAX_QUOTA`| 1.0.0 |uint64|`Set the global max quota value in bytes. A value of 0 equals unlimited. The value is provided via capabilities.`|`0`| -|`FRONTEND_UPLOAD_MAX_CHUNK_SIZE`| 1.0.0 |int|`Sets the max chunk sizes in bytes for uploads via the clients.`|`10000000`| -|`FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE`| 1.0.0 |string|`Advise TUS to replace PATCH requests by POST requests.`|``| -|`FRONTEND_DEFAULT_UPLOAD_PROTOCOL`| 1.0.0 |string|`The default upload protocol to use in clients. Currently only 'tus' is available. See the developer API documentation for more details about TUS.`|`tus`| -|`OC_ENABLE_OCM`
`FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING`| 1.0.0 |bool|`Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed.`|`false`| -|`OC_ENABLE_OCM`
`FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING`| 1.0.0 |bool|`Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed.`|`false`| -|`FRONTEND_SEARCH_MIN_LENGTH`| 1.0.0 |int|`Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.`|`3`| -|`OC_EDITION`
`FRONTEND_EDITION`| 1.0.0 |string|`Edition of OpenCloud. Used for branding purposes.`|``| -|`OC_DISABLE_SSE`
`FRONTEND_DISABLE_SSE`| 1.0.0 |bool|`When set to true, clients are informed that the Server-Sent Events endpoint is not accessible.`|`false`| -|`FRONTEND_DISABLE_RADICALE`| 4.0.0 |bool|`When set to true, clients are informed that the Radicale (CalDAV/CardDAV) is not accessible.`|`false`| -|`FRONTEND_DEFAULT_LINK_PERMISSIONS`| 1.0.0 |int|`Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1.`|`1`| -|`OC_URL`
`FRONTEND_PUBLIC_URL`| 1.0.0 |string|`The public facing URL of the OpenCloud frontend.`|`https://localhost:9200`| -|`OC_MAX_CONCURRENCY`
`FRONTEND_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|`1`| -|`OC_INSECURE`
`FRONTEND_APP_HANDLER_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the frontend.`|`false`| -|`FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR`| 1.0.0 |string|`Service name or address of the app provider to use for secure view. Should match the service name or address of the registered CS3 app provider.`|`eu.opencloud.api.collaboration`| -|`FRONTEND_ARCHIVER_MAX_NUM_FILES`| 1.0.0 |int64|`Max number of files that can be packed into an archive.`|`10000`| -|`FRONTEND_ARCHIVER_MAX_SIZE`| 1.0.0 |int64|`Max size in bytes of the zip archive the archiver can create.`|`1073741824`| -|`OC_INSECURE`
`FRONTEND_ARCHIVER_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the archiver.`|`false`| -|`FRONTEND_DATA_GATEWAY_PREFIX`| 1.0.0 |string|`Path prefix for the data gateway.`|`data`| -|`FRONTEND_OCS_PREFIX`| 1.0.0 |string|`URL path prefix for the OCS service. Note that the string must not start with '/'.`|`ocs`| -|`FRONTEND_OCS_SHARE_PREFIX`| 1.0.0 |string|`Path prefix for shares as part of a CS3 resource. Note that the path must start with '/'.`|`/Shares`| -|`FRONTEND_OCS_PERSONAL_NAMESPACE`| 1.0.0 |string|`Home namespace identifier.`|`/users/{{.Id.OpaqueId}}`| -|`FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE`| 1.0.0 |string|`Additional information attribute for the user like {{.Mail}}.`|`{{.Mail}}`| -|`OC_CACHE_STORE`
`FRONTEND_OCS_STAT_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`memory`| -|`OC_CACHE_STORE_NODES`
`FRONTEND_OCS_STAT_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`cache-stat`| -|`FRONTEND_OCS_STAT_CACHE_TABLE`| 1.0.0 |string|`The database table the store should use.`|``| -|`OC_CACHE_TTL`
`FRONTEND_OCS_STAT_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|`5m0s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disable persistence of the cache. Only applies when using the 'nats-js-kv' store type. Defaults to false.`|`false`| -|`OC_CACHE_AUTH_USERNAME`
`FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to use for authentication. Only applies when using the 'nats-js-kv' store type.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to use for authentication. Only applies when using the 'nats-js-kv' store type.`|``| -|`FRONTEND_OCS_ENABLE_DENIALS`| 1.0.0 |bool|`EXPERIMENTAL: enable the feature to deny access on folders.`|`false`| -|`OC_ENABLE_OCM`
`FRONTEND_OCS_LIST_OCM_SHARES`| 1.0.0 |bool|`Include OCM shares when listing shares. See the OCM service documentation for more details.`|`true`| -|`OC_ENABLE_OCM`
`FRONTEND_OCS_INCLUDE_OCM_SHAREES`| 1.0.0 |bool|`Include OCM sharees when listing sharees.`|`false`| -|`OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD`
`FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords on all public shares.`|`true`| -|`OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`
`FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false.`|`false`| -|`OC_SHOW_USER_EMAIL_IN_RESULTS`| 1.0.0 |bool|`Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses.`|`false`| -|`FRONTEND_CHECKSUMS_SUPPORTED_TYPES`| 1.0.0 |[]string|`A list of checksum types that indicate to clients which hashes the server can use to verify upload integrity. Supported types are 'sha1', 'md5' and 'adler32'. See the Environment Variable Types description for more details.`|`[sha1 md5 adler32]`| -|`FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPE`| 1.0.0 |string|`The supported checksum type for uploads that indicates to clients supporting multiple hash algorithms which one is preferred by the server. Must be one out of the defined list of SUPPORTED_TYPES.`|`sha1`| -|`FRONTEND_READONLY_USER_ATTRIBUTES`| 1.0.0 |[]string|`A list of user attributes to indicate as read-only. Supported values: 'user.onPremisesSamAccountName' (username), 'user.displayName', 'user.mail', 'user.passwordProfile' (password), 'user.appRoleAssignments' (role), 'user.memberOf' (groups), 'user.accountEnabled' (login allowed), 'drive.quota' (quota). See the Environment Variable Types description for more details.`|`[]`| -|`OC_LDAP_SERVER_WRITE_ENABLED`
`FRONTEND_LDAP_SERVER_WRITE_ENABLED`| 1.0.0 |bool|`Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OC_LDAP_USER_SCHEMA_* and 'OC_LDAP_GROUP_SCHEMA_* variables).`|`true`| -|`FRONTEND_EDIT_LOGIN_ALLOWED_DISABLED`| 3.4.0 |bool|`Used to set if login is allowed/forbidden for for User.`|`false`| -|`FRONTEND_FULL_TEXT_SEARCH_ENABLED`| 1.0.0 |bool|`Set to true to signal the web client that full-text search is enabled.`|`false`| -|`FRONTEND_CHECK_FOR_UPDATES`| 3.6.0 |bool|`Enable automatic checking for updates. Defaults to true.`|`true`| -|`OC_EVENTS_ENDPOINT`
`FRONTEND_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`FRONTEND_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`FRONTEND_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`FRONTEND_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`OCS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`FRONTEND_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`FRONTEND_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`FRONTEND_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`FRONTEND_AUTO_ACCEPT_SHARES`| 1.0.0 |bool|`Defines if shares should be auto accepted by default. Users can change this setting individually in their profile.`|`true`| -|`OC_SERVICE_ACCOUNT_ID`
`FRONTEND_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`FRONTEND_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| -|`OC_PASSWORD_POLICY_DISABLED`
`FRONTEND_PASSWORD_POLICY_DISABLED`| 1.0.0 |bool|`Disable the password policy. Defaults to false if not set.`|`false`| -|`OC_PASSWORD_POLICY_MIN_CHARACTERS`
`FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS`| 1.0.0 |int|`Define the minimum password length. Defaults to 8 if not set.`|`8`| -|`OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`
`FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`| 1.0.0 |int|`Define the minimum number of uppercase letters. Defaults to 1 if not set.`|`1`| -|`OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`
`FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`| 1.0.0 |int|`Define the minimum number of lowercase letters. Defaults to 1 if not set.`|`1`| -|`OC_PASSWORD_POLICY_MIN_DIGITS`
`FRONTEND_PASSWORD_POLICY_MIN_DIGITS`| 1.0.0 |int|`Define the minimum number of digits. Defaults to 1 if not set.`|`1`| -|`OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`
`FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`| 1.0.0 |int|`Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set.`|`1`| -|`OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`
`FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`| 1.0.0 |string|`Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details.`|``| -|`FRONTEND_CONFIGURABLE_NOTIFICATIONS`| 1.0.0 |bool|`Allow configuring notifications via web client.`|`false`| -|`FRONTEND_GROUPWARE_ENABLED`| 3.7.0 |bool|`Enable groupware features. Defaults to false.`|`false`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`FRONTEND_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`FRONTEND_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`FRONTEND_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`FRONTEND_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`FRONTEND_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`FRONTEND_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`FRONTEND_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`FRONTEND_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`FRONTEND_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9141| +|`FRONTEND_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`FRONTEND_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`FRONTEND_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`FRONTEND_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9140| +|`FRONTEND_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|tcp| +|`FRONTEND_HTTP_PREFIX`| 1.0.0 |string|`The Path prefix where the frontend can be accessed (defaults to /).`|| +|`OC_CORS_ALLOW_ORIGINS`
`FRONTEND_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[https://localhost:9200]| +|`OC_CORS_ALLOW_METHODS`
`FRONTEND_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[OPTIONS HEAD GET PUT POST PATCH DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]| +|`OC_CORS_ALLOW_HEADERS`
`FRONTEND_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]| +|`OC_CORS_ALLOW_CREDENTIALS`
`FRONTEND_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|false| +|`OC_TRANSFER_SECRET`| 1.0.0 |string|`Transfer secret for signing file up- and download requests.`|| +|`OC_JWT_SECRET`
`FRONTEND_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OC_MACHINE_AUTH_API_KEY`
`FRONTEND_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`The machine auth API key used to validate internal requests necessary to access resources from other services.`|| +|`FRONTEND_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`FRONTEND_ENABLE_FAVORITES`| 1.0.0 |bool|`Enables the support for favorites in the clients.`|false| +|`OC_SPACES_MAX_QUOTA`
`FRONTEND_MAX_QUOTA`| 1.0.0 |uint64|`Set the global max quota value in bytes. A value of 0 equals unlimited. The value is provided via capabilities.`|0| +|`FRONTEND_UPLOAD_MAX_CHUNK_SIZE`| 1.0.0 |int|`Sets the max chunk sizes in bytes for uploads via the clients.`|10000000| +|`FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE`| 1.0.0 |string|`Advise TUS to replace PATCH requests by POST requests.`|| +|`FRONTEND_DEFAULT_UPLOAD_PROTOCOL`| 1.0.0 |string|`The default upload protocol to use in clients. Currently only 'tus' is available. See the developer API documentation for more details about TUS.`|tus| +|`OC_ENABLE_OCM`
`FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING`| 1.0.0 |bool|`Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed.`|false| +|`OC_ENABLE_OCM`
`FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING`| 1.0.0 |bool|`Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed.`|false| +|`FRONTEND_SEARCH_MIN_LENGTH`| 1.0.0 |int|`Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.`|3| +|`OC_EDITION`
`FRONTEND_EDITION`| 1.0.0 |string|`Edition of OpenCloud. Used for branding purposes.`|| +|`OC_DISABLE_SSE`
`FRONTEND_DISABLE_SSE`| 1.0.0 |bool|`When set to true, clients are informed that the Server-Sent Events endpoint is not accessible.`|false| +|`FRONTEND_DEFAULT_LINK_PERMISSIONS`| 1.0.0 |int|`Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1.`|1| +|`OC_URL`
`FRONTEND_PUBLIC_URL`| 1.0.0 |string|`The public facing URL of the OpenCloud frontend.`|https://localhost:9200| +|`OC_MAX_CONCURRENCY`
`FRONTEND_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|1| +|`OC_INSECURE`
`FRONTEND_APP_HANDLER_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the frontend.`|false| +|`FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR`| 1.0.0 |string|`Service name or address of the app provider to use for secure view. Should match the service name or address of the registered CS3 app provider.`|eu.opencloud.api.collaboration| +|`FRONTEND_ARCHIVER_MAX_NUM_FILES`| 1.0.0 |int64|`Max number of files that can be packed into an archive.`|10000| +|`FRONTEND_ARCHIVER_MAX_SIZE`| 1.0.0 |int64|`Max size in bytes of the zip archive the archiver can create.`|1073741824| +|`OC_INSECURE`
`FRONTEND_ARCHIVER_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the archiver.`|false| +|`FRONTEND_DATA_GATEWAY_PREFIX`| 1.0.0 |string|`Path prefix for the data gateway.`|data| +|`FRONTEND_OCS_PREFIX`| 1.0.0 |string|`URL path prefix for the OCS service. Note that the string must not start with '/'.`|ocs| +|`FRONTEND_OCS_SHARE_PREFIX`| 1.0.0 |string|`Path prefix for shares as part of a CS3 resource. Note that the path must start with '/'.`|/Shares| +|`FRONTEND_OCS_PERSONAL_NAMESPACE`| 1.0.0 |string|`Home namespace identifier.`|/users/{{.Id.OpaqueId}}| +|`FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE`| 1.0.0 |string|`Additional information attribute for the user like {{.Mail}}.`|{{.Mail}}| +|`OC_CACHE_STORE`
`FRONTEND_OCS_STAT_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|memory| +|`OC_CACHE_STORE_NODES`
`FRONTEND_OCS_STAT_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|cache-stat| +|`FRONTEND_OCS_STAT_CACHE_TABLE`| 1.0.0 |string|`The database table the store should use.`|| +|`OC_CACHE_TTL`
`FRONTEND_OCS_STAT_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|5m0s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disable persistence of the cache. Only applies when using the 'nats-js-kv' store type. Defaults to false.`|false| +|`OC_CACHE_AUTH_USERNAME`
`FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to use for authentication. Only applies when using the 'nats-js-kv' store type.`|| +|`OC_CACHE_AUTH_PASSWORD`
`FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to use for authentication. Only applies when using the 'nats-js-kv' store type.`|| +|`FRONTEND_OCS_ENABLE_DENIALS`| 1.0.0 |bool|`EXPERIMENTAL: enable the feature to deny access on folders.`|false| +|`OC_ENABLE_OCM`
`FRONTEND_OCS_LIST_OCM_SHARES`| 1.0.0 |bool|`Include OCM shares when listing shares. See the OCM service documentation for more details.`|true| +|`OC_ENABLE_OCM`
`FRONTEND_OCS_INCLUDE_OCM_SHAREES`| 1.0.0 |bool|`Include OCM sharees when listing sharees.`|false| +|`OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD`
`FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords on all public shares.`|true| +|`OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`
`FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false.`|false| +|`OC_SHOW_USER_EMAIL_IN_RESULTS`| 1.0.0 |bool|`Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses.`|false| +|`FRONTEND_CHECKSUMS_SUPPORTED_TYPES`| 1.0.0 |[]string|`A list of checksum types that indicate to clients which hashes the server can use to verify upload integrity. Supported types are 'sha1', 'md5' and 'adler32'. See the Environment Variable Types description for more details.`|[sha1 md5 adler32]| +|`FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPE`| 1.0.0 |string|`The supported checksum type for uploads that indicates to clients supporting multiple hash algorithms which one is preferred by the server. Must be one out of the defined list of SUPPORTED_TYPES.`|sha1| +|`FRONTEND_READONLY_USER_ATTRIBUTES`| 1.0.0 |[]string|`A list of user attributes to indicate as read-only. Supported values: 'user.onPremisesSamAccountName' (username), 'user.displayName', 'user.mail', 'user.passwordProfile' (password), 'user.appRoleAssignments' (role), 'user.memberOf' (groups), 'user.accountEnabled' (login allowed), 'drive.quota' (quota). See the Environment Variable Types description for more details.`|[]| +|`OC_LDAP_SERVER_WRITE_ENABLED`
`FRONTEND_LDAP_SERVER_WRITE_ENABLED`| 1.0.0 |bool|`Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OC_LDAP_USER_SCHEMA_* and 'OC_LDAP_GROUP_SCHEMA_* variables).`|true| +|`FRONTEND_EDIT_LOGIN_ALLOWED_DISABLED`| 3.4.0 |bool|`Used to set if login is allowed/forbidden for for User.`|false| +|`FRONTEND_FULL_TEXT_SEARCH_ENABLED`| 1.0.0 |bool|`Set to true to signal the web client that full-text search is enabled.`|false| +|`FRONTEND_CHECK_FOR_UPDATES`| 3.6.0 |bool|`Enable automatic checking for updates. Defaults to true.`|true| +|`OC_EVENTS_ENDPOINT`
`FRONTEND_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`FRONTEND_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`FRONTEND_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`FRONTEND_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`OCS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`FRONTEND_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`FRONTEND_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`FRONTEND_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`FRONTEND_AUTO_ACCEPT_SHARES`| 1.0.0 |bool|`Defines if shares should be auto accepted by default. Users can change this setting individually in their profile.`|true| +|`OC_SERVICE_ACCOUNT_ID`
`FRONTEND_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`FRONTEND_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| +|`OC_PASSWORD_POLICY_DISABLED`
`FRONTEND_PASSWORD_POLICY_DISABLED`| 1.0.0 |bool|`Disable the password policy. Defaults to false if not set.`|false| +|`OC_PASSWORD_POLICY_MIN_CHARACTERS`
`FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS`| 1.0.0 |int|`Define the minimum password length. Defaults to 8 if not set.`|8| +|`OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`
`FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`| 1.0.0 |int|`Define the minimum number of uppercase letters. Defaults to 1 if not set.`|1| +|`OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`
`FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`| 1.0.0 |int|`Define the minimum number of lowercase letters. Defaults to 1 if not set.`|1| +|`OC_PASSWORD_POLICY_MIN_DIGITS`
`FRONTEND_PASSWORD_POLICY_MIN_DIGITS`| 1.0.0 |int|`Define the minimum number of digits. Defaults to 1 if not set.`|1| +|`OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`
`FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`| 1.0.0 |int|`Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set.`|1| +|`OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`
`FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`| 1.0.0 |string|`Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details.`|| +|`FRONTEND_CONFIGURABLE_NOTIFICATIONS`| 1.0.0 |bool|`Allow configuring notifications via web client.`|false| +|`FRONTEND_GROUPWARE_ENABLED`| 3.7.0 |bool|`Enable groupware features. Defaults to false.`|false| diff --git a/static/env-vars/frontend_readme.md b/static/env-vars/frontend_readme.md index 578de0bc..4513f0f6 100644 --- a/static/env-vars/frontend_readme.md +++ b/static/env-vars/frontend_readme.md @@ -1,6 +1,6 @@ --- title: Frontend -date: 2025-11-27T22:56:02.332575+01:00 +date: 2025-11-11T09:16:41.111410748+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/frontend @@ -75,7 +75,7 @@ While the frontend service does not persist any data, it does cache information A lot of user management is made via the standardized libregraph API. Depending on how the system is configured, there might be some user attributes that an OpenCloud instance admin can't change because of properties coming from an external LDAP server, or similar. This can be the case when the OpenCloud admin is not the LDAP admin. To ease life for admins, there are hints as capabilites telling the frontend which attributes are read-only to enable a different optical representation like being grayed out. To configure these hints, use the environment variable `FRONTEND_READONLY_USER_ATTRIBUTES`, which takes a comma separated list of attributes, see the envvar for supported values. -You can find more details regarding available attributes at the [libre-graph-api openapi-spec](https://github.com/opencloud-eu/libre-graph-api/blob/main/api/openapi-spec/v1.0.yaml) and on [docs.opencloud.eu](https://docs.opencloud.eu/swagger/libre-graph-api/). +You can find more details regarding available attributes at the [libre-graph-api openapi-spec](https://github.com/owncloud/libre-graph-api/blob/main/api/openapi-spec/v1.0.yaml) and on [docs.opencloud.eu](https://docs.opencloud.eu/libre-graph-api/). ## Caching @@ -110,7 +110,7 @@ In OpenCloud, the password policy is always enabled because the max-length restr With the password policy, mandatory criteria for the password can be defined via the environment variables listed below. -Generally, a password can contain any UTF-8 characters, however some characters are regarded as special since they are not used in ordinary texts. Which characters should be treated as special is defined by "The OWASP® Foundation" [password-special-characters](https://owasp.org/www-community/password-special-characters) (between double quotes): ```" !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~"``` +Generally, a password can contain any UTF-8 characters, however some characters are regarded as special since they are not used in ordinary texts. Which characters should be treated as special is defined by "The OWASP® Foundation" [password-special-characters](https://owasp.org/www-community/password-special-characters) (between double quotes): " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~" The validation against the banned passwords list can be configured via a text file with words separated by new lines. If a user tries to set a password listed in the banned passwords list, the password can not be used (is invalid) even if the other mandatory criteria are passed. The admin can define the path of the banned passwords list file. If the file doesn't exist in a location, OpenCloud tries to load a file from the `OC_CONFIG_DIR/OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`. An option will be enabled when the file has been loaded successfully. diff --git a/static/env-vars/gateway-config-example.yaml b/static/env-vars/gateway-config-example.yaml new file mode 100644 index 00000000..8080728a --- /dev/null +++ b/static/env-vars/gateway-config-example.yaml @@ -0,0 +1,72 @@ +# Autogenerated +# Filename: gateway-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9143 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9142 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +commit_share_to_storage_grant: true +share_folder_name: Shares +disable_home_creation_on_login: true +transfer_secret: "" +transfer_expires: 86400 +cache: + provider_cache_store: noop + provider_cache_nodes: + - 127.0.0.1:9233 + provider_cache_database: cache-providers + provider_cache_ttl: 5m0s + provider_cache_disable_persistence: false + provider_cache_auth_username: "" + provider_cache_auth_password: "" + create_home_cache_store: memory + create_home_cache_nodes: + - 127.0.0.1:9233 + create_home_cache_database: cache-createhome + create_home_cache_ttl: 5m0s + create_home_cache_disable_persistence: false + create_home_cache_auth_username: "" + create_home_cache_auth_password: "" +frontend_public_url: https://localhost:9200 +users_endpoint: eu.opencloud.api.users +groups_endpoint: eu.opencloud.api.groups +permissions_endpoint: eu.opencloud.api.settings +sharing_endpoint: eu.opencloud.api.sharing +auth_app_endpoint: eu.opencloud.api.auth-app +auth_basic_endpoint: eu.opencloud.api.auth-basic +auth_bearer_endpoint: "" +auth_machine_endpoint: eu.opencloud.api.auth-machine +auth_service_endpoint: eu.opencloud.api.auth-service +storage_public_link_endpoint: eu.opencloud.api.storage-publiclink +storage_users_endpoint: eu.opencloud.api.storage-users +storage_shares_endpoint: eu.opencloud.api.storage-shares +app_registry_endpoint: eu.opencloud.api.app-registry +ocm_endpoint: eu.opencloud.api.ocm +storage_registry: + driver: spaces + rules: [] + json: "" + storage_users_mount_id: "" diff --git a/static/env-vars/gateway_configvars.md b/static/env-vars/gateway_configvars.md index c17ecb8a..6cf08e29 100644 --- a/static/env-vars/gateway_configvars.md +++ b/static/env-vars/gateway_configvars.md @@ -1,57 +1,61 @@ Environment variables for the **gateway** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`GATEWAY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`GATEWAY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`GATEWAY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`GATEWAY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`GATEWAY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9143`| -|`GATEWAY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`GATEWAY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`GATEWAY_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OC_GATEWAY_GRPC_ADDR`
`GATEWAY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9142`| -|`OC_GRPC_PROTOCOL`
`GATEWAY_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`GATEWAY_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`GATEWAY_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT`| 1.0.0 |bool|`Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage.`|`true`| -|`GATEWAY_SHARE_FOLDER_NAME`| 1.0.0 |string|`Name of the share folder in users' home space.`|`Shares`| -|`GATEWAY_DISABLE_HOME_CREATION_ON_LOGIN`| 1.0.0 |bool|`Disable creation of the home space on login.`|`true`| -|`OC_TRANSFER_SECRET`| 1.0.0 |string|`The storage transfer secret.`|``| -|`GATEWAY_TRANSFER_EXPIRES`| 1.0.0 |int|`Expiry for the gateway tokens.`|`86400`| -|`OC_CACHE_STORE`
`GATEWAY_PROVIDER_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`noop`| -|`OC_CACHE_STORE_NODES`
`GATEWAY_PROVIDER_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`cache-providers`| -|`OC_CACHE_TTL`
`GATEWAY_PROVIDER_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|`5m0s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`GATEWAY_PROVIDER_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the provider cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|`false`| -|`OC_CACHE_AUTH_USERNAME`
`GATEWAY_PROVIDER_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to use for authentication. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`GATEWAY_PROVIDER_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to use for authentication. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_STORE`
`GATEWAY_CREATE_HOME_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`memory`| -|`OC_CACHE_STORE_NODES`
`GATEWAY_CREATE_HOME_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`cache-createhome`| -|`OC_CACHE_TTL`
`GATEWAY_CREATE_HOME_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|`5m0s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`GATEWAY_CREATE_HOME_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the create home cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|`false`| -|`OC_CACHE_AUTH_USERNAME`
`GATEWAY_CREATE_HOME_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to use for authentication. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`GATEWAY_CREATE_HOME_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to use for authentication. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_URL`
`GATEWAY_FRONTEND_PUBLIC_URL`| 1.0.0 |string|`The public facing URL of the OpenCloud frontend.`|`https://localhost:9200`| -|`GATEWAY_USERS_ENDPOINT`| 1.0.0 |string|`The endpoint of the users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.users`| -|`GATEWAY_GROUPS_ENDPOINT`| 1.0.0 |string|`The endpoint of the groups service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.groups`| -|`GATEWAY_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`The endpoint of the permissions service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.settings`| -|`GATEWAY_SHARING_ENDPOINT`| 1.0.0 |string|`The endpoint of the shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.sharing`| -|`GATEWAY_AUTH_APP_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-app service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.auth-app`| -|`GATEWAY_AUTH_BASIC_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-basic service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.auth-basic`| -|`GATEWAY_AUTH_BEARER_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-bearer service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|``| -|`GATEWAY_AUTH_MACHINE_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-machine service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.auth-machine`| -|`GATEWAY_AUTH_SERVICE_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-service service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.auth-service`| -|`GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT`| 1.0.0 |string|`The endpoint of the storage-publiclink service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.storage-publiclink`| -|`GATEWAY_STORAGE_USERS_ENDPOINT`| 1.0.0 |string|`The endpoint of the storage-users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.storage-users`| -|`GATEWAY_STORAGE_SHARES_ENDPOINT`| 1.0.0 |string|`The endpoint of the storage-shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.storage-shares`| -|`GATEWAY_APP_REGISTRY_ENDPOINT`| 1.0.0 |string|`The endpoint of the app-registry service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.app-registry`| -|`GATEWAY_OCM_ENDPOINT`| 1.0.0 |string|`The endpoint of the ocm service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|`eu.opencloud.api.ocm`| -|`GATEWAY_STORAGE_REGISTRY_DRIVER`| 1.0.0 |string|`The driver name of the storage registry to use.`|`spaces`| -|`GATEWAY_STORAGE_REGISTRY_RULES`| 1.0.0 |[]string|`The rules for the storage registry. See the Environment Variable Types description for more details.`|`[]`| -|`GATEWAY_STORAGE_REGISTRY_CONFIG_JSON`| 1.0.0 |string|`Additional configuration for the storage registry in json format.`|``| -|`GATEWAY_STORAGE_USERS_MOUNT_ID`| 1.0.0 |string|`Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`GATEWAY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`GATEWAY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`GATEWAY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`GATEWAY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`GATEWAY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`GATEWAY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`GATEWAY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`GATEWAY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`GATEWAY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9143| +|`GATEWAY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`GATEWAY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`GATEWAY_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OC_GATEWAY_GRPC_ADDR`
`GATEWAY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9142| +|`OC_GRPC_PROTOCOL`
`GATEWAY_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`GATEWAY_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`GATEWAY_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT`| 1.0.0 |bool|`Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage.`|true| +|`GATEWAY_SHARE_FOLDER_NAME`| 1.0.0 |string|`Name of the share folder in users' home space.`|Shares| +|`GATEWAY_DISABLE_HOME_CREATION_ON_LOGIN`| 1.0.0 |bool|`Disable creation of the home space on login.`|true| +|`OC_TRANSFER_SECRET`| 1.0.0 |string|`The storage transfer secret.`|| +|`GATEWAY_TRANSFER_EXPIRES`| 1.0.0 |int|`Expiry for the gateway tokens.`|86400| +|`OC_CACHE_STORE`
`GATEWAY_PROVIDER_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|noop| +|`OC_CACHE_STORE_NODES`
`GATEWAY_PROVIDER_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|cache-providers| +|`OC_CACHE_TTL`
`GATEWAY_PROVIDER_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|5m0s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`GATEWAY_PROVIDER_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the provider cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|false| +|`OC_CACHE_AUTH_USERNAME`
`GATEWAY_PROVIDER_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to use for authentication. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`GATEWAY_PROVIDER_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to use for authentication. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_STORE`
`GATEWAY_CREATE_HOME_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|memory| +|`OC_CACHE_STORE_NODES`
`GATEWAY_CREATE_HOME_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|cache-createhome| +|`OC_CACHE_TTL`
`GATEWAY_CREATE_HOME_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|5m0s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`GATEWAY_CREATE_HOME_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the create home cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|false| +|`OC_CACHE_AUTH_USERNAME`
`GATEWAY_CREATE_HOME_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to use for authentication. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`GATEWAY_CREATE_HOME_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to use for authentication. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_URL`
`GATEWAY_FRONTEND_PUBLIC_URL`| 1.0.0 |string|`The public facing URL of the OpenCloud frontend.`|https://localhost:9200| +|`GATEWAY_USERS_ENDPOINT`| 1.0.0 |string|`The endpoint of the users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.users| +|`GATEWAY_GROUPS_ENDPOINT`| 1.0.0 |string|`The endpoint of the groups service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.groups| +|`GATEWAY_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`The endpoint of the permissions service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.settings| +|`GATEWAY_SHARING_ENDPOINT`| 1.0.0 |string|`The endpoint of the shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.sharing| +|`GATEWAY_AUTH_APP_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-app service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.auth-app| +|`GATEWAY_AUTH_BASIC_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-basic service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.auth-basic| +|`GATEWAY_AUTH_BEARER_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-bearer service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|| +|`GATEWAY_AUTH_MACHINE_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-machine service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.auth-machine| +|`GATEWAY_AUTH_SERVICE_ENDPOINT`| 1.0.0 |string|`The endpoint of the auth-service service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.auth-service| +|`GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT`| 1.0.0 |string|`The endpoint of the storage-publiclink service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.storage-publiclink| +|`GATEWAY_STORAGE_USERS_ENDPOINT`| 1.0.0 |string|`The endpoint of the storage-users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.storage-users| +|`GATEWAY_STORAGE_SHARES_ENDPOINT`| 1.0.0 |string|`The endpoint of the storage-shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.storage-shares| +|`GATEWAY_APP_REGISTRY_ENDPOINT`| 1.0.0 |string|`The endpoint of the app-registry service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.app-registry| +|`GATEWAY_OCM_ENDPOINT`| 1.0.0 |string|`The endpoint of the ocm service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol.`|eu.opencloud.api.ocm| +|`GATEWAY_STORAGE_REGISTRY_DRIVER`| 1.0.0 |string|`The driver name of the storage registry to use.`|spaces| +|`GATEWAY_STORAGE_REGISTRY_RULES`| 1.0.0 |[]string|`The rules for the storage registry. See the Environment Variable Types description for more details.`|[]| +|`GATEWAY_STORAGE_REGISTRY_CONFIG_JSON`| 1.0.0 |string|`Additional configuration for the storage registry in json format.`|| +|`GATEWAY_STORAGE_USERS_MOUNT_ID`| 1.0.0 |string|`Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| diff --git a/static/env-vars/gateway_readme.md b/static/env-vars/gateway_readme.md index 31af233e..f7eb48d4 100644 --- a/static/env-vars/gateway_readme.md +++ b/static/env-vars/gateway_readme.md @@ -1,6 +1,6 @@ --- title: Gateway -date: 2025-11-27T22:56:02.332732+01:00 +date: 2025-11-11T09:16:41.111487823+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/gateway @@ -28,7 +28,7 @@ The gateway service is using caching as it is highly frequented with the same re - the `provider cache` is caching requests to list or get storage providers. - the `create home cache` is caching requests to create personal spaces (as they only need to be executed once). -Both caches can be configured via the `OC_CACHE_*` envvars (or `GATEWAY_PROVIDER_CACHE_*` and `GATEWAY_CREATE_HOME_CACHE_*` respectively). +Both caches can be configured via the `OC_CACHE_*` envvars (or `GATEWAY_PROVIDER_CACHE_*` and `GATEWAY_CREATE_HOME_CACHE_*` respectively). See the [envvar section](/services/gateway/configuration/#environment-variables) for details. Use `OC_CACHE_STORE` (`GATEWAY_PROVIDER_CACHE_STORE`, `GATEWAY_CREATE_HOME_CACHE_STORE`) to define the type of cache to use: - `memory`: Basic in-memory store and the default. @@ -60,9 +60,9 @@ The scheme for this setup is the following. Note that there is, except storage, | **envvar** | **default** | **alternative** | |------|------|------| -| OC_GRPC_PROTOCOL or
``_GRPC_PROTOCOL | tcp | unix | +| OC_GRPC_PROTOCOL or
``_GRPC_PROTOCOL | tcp | unix | | ``_GRPC_ADDR | 127.0.0.1:`` | /var/run/opencloud/``.sock | -| GATEWAY_``_ENDPOINT | eu.opencloud.api.`` | unix:/var/run/opencloud/``.sock
dns: ...
kubernetes: ... | +| GATEWAY_``_ENDPOINT | eu.opencloud.api.`` | unix:/var/run/opencloud/``.sock
dns: ...
kubernetes: ... | ```console USERS_GRPC_PROTOCOL=unix" diff --git a/static/env-vars/global_configvars.md b/static/env-vars/global_configvars.md index b2d2d2ea..4aa978fd 100644 --- a/static/env-vars/global_configvars.md +++ b/static/env-vars/global_configvars.md @@ -3,21 +3,21 @@ | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| `IDM_CREATE_DEMO_USERS` | 1.0.0 | bool | The default role assignments the demo users should be setup. | false | -`OC_ADMIN_USER_ID` | 1.0.0 | string | ID of the user who collects all necessary information for deletion. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. | | +`OC_ADMIN_USER_ID` | 1.0.0 | string | ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. | | `OC_ASYNC_UPLOADS` | 1.0.0 | bool | Enable asynchronous file uploads. | true | -`OC_CACHE_AUTH_PASSWORD` | 1.0.0 | string | The password to use for authentication. Only applies when store type 'nats-js-kv' is configured. | | -`OC_CACHE_AUTH_USERNAME` | 1.0.0 | string | The username to use for authentication. Only applies when store type 'nats-js-kv' is configured. | | -`OC_CACHE_DATABASE` | 1.0.0 | string | The database name the configured store should use. | cache-providers | -`OC_CACHE_DISABLE_PERSISTENCE` | 1.0.0 | bool | Disables persistence of the provider cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false. | false | -`OC_CACHE_STORE` | 1.0.0 | string | The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details. | noop | +`OC_CACHE_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. | | +`OC_CACHE_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. | | +`OC_CACHE_DATABASE` | 1.0.0 | string | The database name the configured store should use. | cache-userinfo | +`OC_CACHE_DISABLE_PERSISTENCE` | 1.0.0 | bool | Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false. | false | +`OC_CACHE_STORE` | 1.0.0 | string | The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details. | memory | `OC_CACHE_STORE_NODES` | 1.0.0 | []string | A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details. | [127.0.0.1:9233] | -`OC_CACHE_TTL` | 1.0.0 | Duration | Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details. | 5m0s | +`OC_CACHE_TTL` | 1.0.0 | Duration | Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details. | 10s | `OC_CORS_ALLOW_CREDENTIALS` | 1.0.0 | bool | Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. | true | `OC_CORS_ALLOW_HEADERS` | 1.0.0 | []string | A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details. | [Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control] | `OC_CORS_ALLOW_METHODS` | 1.0.0 | []string | A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details. | [GET POST PUT PATCH DELETE OPTIONS] | `OC_CORS_ALLOW_ORIGINS` | 1.0.0 | []string | A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details. | [*] | `OC_DECOMPOSEDFS_PROPAGATOR` | 1.0.0 | string | The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option. | sync | -`OC_DEFAULT_LANGUAGE` | 1.0.0 | string | The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details. | | +`OC_DEFAULT_LANGUAGE` | 1.0.0 | string | The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details. | en | `OC_DISABLE_VERSIONING` | 1.0.0 | bool | Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version. | false | `OC_EDITION` | 1.0.0 | string | Edition of OpenCloud. Used for branding purposes. | | `OC_ENABLE_OCM` | 1.0.0 | bool | Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed. | false | @@ -26,59 +26,59 @@ `OC_EVENTS_CLUSTER` | 1.0.0 | string | The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system. | opencloud-cluster | `OC_EVENTS_ENABLE_TLS` | 1.0.0 | bool | Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. | false | `OC_EVENTS_ENDPOINT` | 1.0.0 | string | The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. | 127.0.0.1:9233 | -`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE` | 1.0.0 | string | The root CA certificate used to validate the server's TLS certificate. If provided POLICIES_EVENTS_TLS_INSECURE will be seen as false. | | -`OC_GATEWAY_GRPC_ADDR` | 1.0.0 | string | The bind address of the GRPC service. | 127.0.0.1:9142 | +`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE` | 1.0.0 | string | The root CA certificate used to validate the server's TLS certificate. If provided ANTIVIRUS_EVENTS_TLS_INSECURE will be seen as false. | | +`OC_GATEWAY_GRPC_ADDR` | 1.0.0 | string | The bind address of the gateway GRPC address. | 127.0.0.1:9142 | `OC_GRPC_CLIENT_TLS_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. | | `OC_GRPC_CLIENT_TLS_MODE` | 1.0.0 | string | TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. | | -`OC_GRPC_PROTOCOL` | 1.0.0 | string | The transport protocol of the GRPC service. | tcp | +`OC_GRPC_PROTOCOL` | 1.0.0 | string | The transport protocol of the GPRC service. | tcp | `OC_HTTP_TLS_CERTIFICATE` | 1.0.0 | string | Path/File name of the TLS server certificate (in PEM format) for the http services. | | `OC_HTTP_TLS_ENABLED` | 1.0.0 | bool | Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. | false | `OC_HTTP_TLS_KEY` | 1.0.0 | string | Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. | | -`OC_INSECURE` | 1.0.0 | bool | Whether the server should skip the client certificate verification during the TLS handshake. | false | +`OC_INSECURE` | 1.0.0 | bool | Whether to verify the server TLS certificates. | false | `OC_JWT_SECRET` | 1.0.0 | string | The secret to mint and validate jwt tokens. | | `OC_KEYCLOAK_BASE_PATH` | 1.0.0 | string | The URL to access keycloak. | | -`OC_KEYCLOAK_CLIENT_ID` | 1.0.0 | string | The client ID to authenticate with keycloak. | | +`OC_KEYCLOAK_CLIENT_ID` | 1.0.0 | string | The client id to authenticate with keycloak. | | `OC_KEYCLOAK_CLIENT_REALM` | 1.0.0 | string | The realm the client is defined in. | | `OC_KEYCLOAK_CLIENT_SECRET` | 1.0.0 | string | The client secret to use in authentication. | | `OC_KEYCLOAK_INSECURE_SKIP_VERIFY` | 1.0.0 | bool | Disable TLS certificate validation for Keycloak connections. Do not set this in production environments. | false | `OC_KEYCLOAK_USER_REALM` | 1.0.0 | string | The realm users are defined. | | -`OC_LDAP_BIND_DN` | 1.0.0 | string | LDAP DN to use for simple bind authentication with the target LDAP server. | uid=reva,ou=sysusers,o=libregraph-idm | +`OC_LDAP_BIND_DN` | 1.0.0 | string | LDAP DN to use for simple bind authentication with the target LDAP server. | uid=idp,ou=sysusers,o=libregraph-idm | `OC_LDAP_BIND_PASSWORD` | 1.0.0 | string | Password to use for authenticating the 'bind_dn'. | | -`OC_LDAP_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm. | /var/lib/opencloud/idm/ldap.crt | +`OC_LDAP_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. | /home/chaser/.opencloud/idm/ldap.crt | `OC_LDAP_DISABLED_USERS_GROUP_DN` | 1.0.0 | string | The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'. | cn=DisabledUsersGroup,ou=groups,o=libregraph-idm | `OC_LDAP_DISABLE_USER_MECHANISM` | 1.0.0 | string | An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. | attribute | `OC_LDAP_GROUP_BASE_DN` | 1.0.0 | string | Search base DN for looking up LDAP groups. | ou=groups,o=libregraph-idm | `OC_LDAP_GROUP_FILTER` | 1.0.0 | string | LDAP filter to add to the default filters for group searches. | | -`OC_LDAP_GROUP_OBJECTCLASS` | 1.0.0 | string | The object class to use for groups in the default group search filter ('groupOfNames'). | groupOfNames | +`OC_LDAP_GROUP_OBJECTCLASS` | 1.0.0 | string | The object class to use for groups in the default group search filter like 'groupOfNames'. | groupOfNames | `OC_LDAP_GROUP_SCHEMA_DISPLAYNAME` | 1.0.0 | string | LDAP Attribute to use for the displayname of groups (often the same as groupname attribute). | cn | `OC_LDAP_GROUP_SCHEMA_GROUPNAME` | 1.0.0 | string | LDAP Attribute to use for the name of groups. | cn | -`OC_LDAP_GROUP_SCHEMA_ID` | 1.0.0 | string | LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID). | openCloudUUID | -`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group IDs. | false | +`OC_LDAP_GROUP_SCHEMA_ID` | 1.0.0 | string | LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID. | openclouduuid | +`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID's. | false | `OC_LDAP_GROUP_SCHEMA_MAIL` | 1.0.0 | string | LDAP Attribute to use for the email address of groups (can be empty). | mail | `OC_LDAP_GROUP_SCHEMA_MEMBER` | 1.0.0 | string | LDAP Attribute that is used for group members. | member | `OC_LDAP_GROUP_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'. | sub | `OC_LDAP_INSECURE` | 1.0.0 | bool | Disable TLS certificate validation for the LDAP connections. Do not set this in production environments. | false | `OC_LDAP_SERVER_WRITE_ENABLED` | 1.0.0 | bool | Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OC_LDAP_USER_SCHEMA_* and 'OC_LDAP_GROUP_SCHEMA_* variables). | true | -`OC_LDAP_URI` | 1.0.0 | string | URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://' | ldaps://localhost:9235 | +`OC_LDAP_URI` | 1.0.0 | string | Url of the LDAP service to use as IDP. | ldaps://localhost:9235 | `OC_LDAP_USER_BASE_DN` | 1.0.0 | string | Search base DN for looking up LDAP users. | ou=users,o=libregraph-idm | -`OC_LDAP_USER_ENABLED_ATTRIBUTE` | 1.0.0 | string | LDAP attribute to use as a flag telling if the user is enabled or disabled. | openCloudUserEnabled | +`OC_LDAP_USER_ENABLED_ATTRIBUTE` | 1.0.0 | string | LDAP Attribute to use as a flag telling if the user is enabled or disabled. | openCloudUserEnabled | `OC_LDAP_USER_FILTER` | 1.0.0 | string | LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'. | | -`OC_LDAP_USER_OBJECTCLASS` | 1.0.0 | string | The object class to use for users in the default user search filter ('inetOrgPerson'). | inetOrgPerson | +`OC_LDAP_USER_OBJECTCLASS` | 1.0.0 | string | LDAP User ObjectClass like 'inetOrgPerson'. | inetOrgPerson | `OC_LDAP_USER_SCHEMA_DISPLAYNAME` | 1.0.0 | string | LDAP Attribute to use for the displayname of users. | displayname | -`OC_LDAP_USER_SCHEMA_ID` | 1.0.0 | string | LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID. | openCloudUUID | -`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs. | false | -`OC_LDAP_USER_SCHEMA_MAIL` | 1.0.0 | string | LDAP Attribute to use for the email address of users. | mail | -`OC_LDAP_USER_SCHEMA_TENANT_ID` | 4.0.0 | string | LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment. | | -`OC_LDAP_USER_SCHEMA_USERNAME` | 1.0.0 | string | LDAP Attribute to use for username of users. | uid | +`OC_LDAP_USER_SCHEMA_ID` | 1.0.0 | string | LDAP User UUID attribute like 'uid'. | openCloudUUID | +`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's. | false | +`OC_LDAP_USER_SCHEMA_MAIL` | 1.0.0 | string | LDAP User email attribute like 'mail'. | mail | +`OC_LDAP_USER_SCHEMA_TENANT_ID` | next | string | LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment. | | +`OC_LDAP_USER_SCHEMA_USERNAME` | 1.0.0 | string | LDAP User name attribute like 'displayName'. | displayName | `OC_LDAP_USER_SCHEMA_USER_TYPE` | 1.0.0 | string | LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'. | openCloudUserType | -`OC_LDAP_USER_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'. | sub | +`OC_LDAP_USER_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'. | sub | `OC_LOG_COLOR` | 1.0.0 | bool | Activates colorized log output. | false | `OC_LOG_FILE` | 1.0.0 | string | The path to the log file. Activates logging to this file if set. | | `OC_LOG_LEVEL` | 1.0.0 | string | The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. | | `OC_LOG_PRETTY` | 1.0.0 | bool | Activates pretty log output. | false | `OC_MACHINE_AUTH_API_KEY` | 1.0.0 | string | Machine auth API key used to validate internal requests necessary to access resources from other services. | | `OC_MAX_CONCURRENCY` | 1.0.0 | int | Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used. | 1 | -`OC_OIDC_ISSUER` | 1.0.0 | string | The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. | https://localhost:9200 | +`OC_OIDC_ISSUER` | 1.0.0 | string | URL of the OIDC issuer. It defaults to URL of the builtin IDP. | https://localhost:9200 | `OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST` | 1.0.0 | string | Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details. | | `OC_PASSWORD_POLICY_DISABLED` | 1.0.0 | bool | Disable the password policy. Defaults to false if not set. | false | `OC_PASSWORD_POLICY_MIN_CHARACTERS` | 1.0.0 | int | Define the minimum password length. Defaults to 8 if not set. | 8 | @@ -86,27 +86,31 @@ `OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS` | 1.0.0 | int | Define the minimum number of uppercase letters. Defaults to 1 if not set. | 1 | `OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS` | 1.0.0 | int | Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set. | 1 | `OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS` | 1.0.0 | int | Define the minimum number of lowercase letters. Defaults to 1 if not set. | 1 | -`OC_PERSISTENT_STORE` | 1.0.0 | string | The type of the store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details. | nats-js-kv | +`OC_PERSISTENT_STORE` | 1.0.0 | string | The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details. | nats-js-kv | `OC_PERSISTENT_STORE_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. | | `OC_PERSISTENT_STORE_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. | | `OC_PERSISTENT_STORE_NODES` | 1.0.0 | []string | A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details. | [127.0.0.1:9233] | `OC_PERSISTENT_STORE_TTL` | 1.0.0 | Duration | Time to live for events in the store. See the Environment Variable Types description for more details. | 0s | -`OC_REVA_GATEWAY` | 1.0.0 | string | CS3 gateway used to look up user metadata | eu.opencloud.api.gateway | +`OC_REVA_GATEWAY` | 1.0.0 | string | The CS3 gateway endpoint. | eu.opencloud.api.gateway | `OC_SERVICE_ACCOUNT_ID` | 1.0.0 | string | The ID of the service account the service should use. See the 'auth-service' service description for more details. | | `OC_SERVICE_ACCOUNT_SECRET` | 1.0.0 | string | The service account secret. | | `OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords on all public shares. | true | -`OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD (deprecated) in the frontend service. | false | +`OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false. | false | `OC_SHOW_USER_EMAIL_IN_RESULTS` | 1.0.0 | bool | Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses. | false | -`OC_SPACES_MAX_QUOTA` | 1.0.0 | uint64 | Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OC_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service. | 0 | -`OC_SYSTEM_USER_API_KEY` | 1.0.0 | string | API key for the STORAGE-SYSTEM system user. | | -`OC_SYSTEM_USER_ID` | 1.0.0 | string | ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. | | -`OC_SYSTEM_USER_IDP` | 1.0.0 | string | IDP of the OpenCloud STORAGE-SYSTEM system user. | internal | -`OC_TRANSFER_SECRET` | 1.0.0 | string | The storage transfer secret. | | +`OC_SPACES_MAX_QUOTA` | 1.0.0 | uint64 | Set the global max quota value in bytes. A value of 0 equals unlimited. The value is provided via capabilities. | 0 | +`OC_SYSTEM_USER_API_KEY` | next | string | API key for the STORAGE-SYSTEM system user. | | +`OC_SYSTEM_USER_ID` | next | string | ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. | | +`OC_SYSTEM_USER_IDP` | next | string | IDP of the OpenCloud STORAGE-SYSTEM system user. | internal | +`OC_TRACING_COLLECTOR` | 1.0.0 | string | The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. | | +`OC_TRACING_ENABLED` | 1.0.0 | bool | Activates tracing. | false | +`OC_TRACING_ENDPOINT` | 1.0.0 | string | The endpoint of the tracing agent. | | +`OC_TRACING_TYPE` | 1.0.0 | string | The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. | | +`OC_TRANSFER_SECRET` | 1.0.0 | string | Transfer secret for signing file up- and download requests. | | `OC_TRANSLATION_PATH` | 1.0.0 | string | (optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details. | | -`OC_URL` | 1.0.0 | string | The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. | https://localhost:9200 | -`OC_WOPI_DISABLE_CHAT` | 1.0.0 | bool | Disable chat in the office web frontend. This feature applies to OnlyOffice and Microsoft. | false | -`SEARCH_EVENTS_ACK_WAIT` | 4.0.0 | Duration | The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes. | 1m0s | -`SEARCH_EVENTS_MAX_ACK_PENDING` | 4.0.0 | int | The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time. | 10000 | +`OC_URL` | 1.0.0 | string | Base url to navigate back from the app to the containing folder in the file list. | https://localhost:9200/ | +`OC_WOPI_DISABLE_CHAT` | 1.0.0 | bool | Disable the chat functionality of the office app. | false | +`SEARCH_EVENTS_ACK_WAIT` | next | Duration | The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes. | 1m0s | +`SEARCH_EVENTS_MAX_ACK_PENDING` | next | int | The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time. | 1000 | `STORAGE_GATEWAY_GRPC_ADDR` | 1.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system | `STORAGE_GRPC_ADDR` | 1.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system | `STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY` | 1.0.0 | Duration | The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details. | 0s | diff --git a/static/env-vars/graph-config-example.yaml b/static/env-vars/graph-config-example.yaml new file mode 100644 index 00000000..2be6dc6b --- /dev/null +++ b/static/env-vars/graph-config-example.yaml @@ -0,0 +1,169 @@ +# Autogenerated +# Filename: graph-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +cache: + store: memory + nodes: + - 127.0.0.1:9233 + database: cache-roles + table: "" + ttl: 336h0m0s + disable_persistence: false + username: "" + password: "" +debug: + addr: 127.0.0.1:9124 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9120 + root: /graph + tls: + enabled: false + cert: "" + key: "" + apitoken: "" + cors: + allow_origins: + - '*' + allow_methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + allow_headers: + - Authorization + - Origin + - Content-Type + - Accept + - X-Requested-With + - X-Request-Id + - Purge + - Restore + allow_credentials: true +api: + group_members_patch_limit: 20 + graph_username_match: default + graph_assign_default_user_role: true + graph_identity_search_min_length: 3 + show_email_in_results: false +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +token_manager: + jwt_secret: "" +grpc_client_tls: null +application: + id: "" + displayname: OpenCloud +spaces: + webdav_base: https://localhost:9200 + webdav_path: /dav/spaces/ + default_quota: "1000000000" + extended_space_properties_cache_ttl: 60000000000 + users_cache_ttl: 60000000000 + groups_cache_ttl: 60000000000 + storage_users_address: eu.opencloud.api.storage-users + default_language: "" + translation_path: "" +identity: + backend: ldap + ldap: + uri: ldaps://localhost:9235 + cacert: /home/chaser/.opencloud/idm/ldap.crt + insecure: false + bind_dn: uid=libregraph,ou=sysusers,o=libregraph-idm + bind_password: "" + use_server_uuid: false + use_password_modify_exop: true + write_enabled: true + refint_enabled: false + user_base_dn: ou=users,o=libregraph-idm + user_search_scope: sub + user_filter: "" + user_objectclass: inetOrgPerson + user_mail_attribute: mail + user_displayname_attribute: displayName + user_name_attribute: uid + user_id_attribute: openCloudUUID + user_id_is_octet_string: false + user_type_attribute: openCloudUserType + user_enabled_attribute: openCloudUserEnabled + disable_user_mechanism: attribute + ldap_disabled_users_group_dn: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm + group_base_dn: ou=groups,o=libregraph-idm + group_create_base_dn: ou=groups,o=libregraph-idm + group_search_scope: sub + group_filter: "" + group_objectclass: groupOfNames + group_name_attribute: cn + group_member_attribute: member + group_id_attribute: openCloudUUID + group_id_is_octet_string: false + education_resources_enabled: false + educationconfig: + school_base_dn: "" + school_search_scope: "" + school_filter: "" + school_objectclass: "" + school_name_attribute: "" + school_number_attribute: "" + school_id_attribute: "" + school_termination_min_grace_days: 0 +include_ocm_sharees: false +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +unified_roles: + available_roles: + - b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5 + - a8d5fe5e-96e3-418d-825b-534dbdf22b99 + - fb6c3e19-e378-47e5-b277-9732f9de6e21 + - 58c63c02-1d89-4572-916a-870abc5a1b7d + - 2d00ce52-1fc2-4dbc-8b95-a73b73395f5a + - 1c996275-f1c9-4e71-abdf-a42f6495e960 + - 312c0871-5ef7-4b3a-85b6-0e4074c64049 +max_concurrency: 20 +keycloak: + base_path: "" + client_id: "" + client_secret: "" + client_realm: "" + user_realm: "" + insecure_skip_verify: false +service_account: + service_account_id: "" + service_account_secret: "" +metadata_config: + gateway_addr: eu.opencloud.api.storage-system + storage_addr: eu.opencloud.api.storage-system + system_user_id: "" + system_user_idp: internal + system_user_api_key: "" +user_soft_delete_retention_time: 0s +store: + nodes: + - 127.0.0.1:9233 + database: graph + username: "" + password: "" diff --git a/static/env-vars/graph_configvars.md b/static/env-vars/graph_configvars.md index 6d208dd8..bb4d6025 100644 --- a/static/env-vars/graph_configvars.md +++ b/static/env-vars/graph_configvars.md @@ -1,119 +1,123 @@ Environment variables for the **graph** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`GRAPH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`GRAPH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`GRAPH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`GRAPH_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`OC_CACHE_STORE`
`GRAPH_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`memory`| -|`OC_CACHE_STORE_NODES`
`GRAPH_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`GRAPH_CACHE_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`cache-roles`| -|`GRAPH_CACHE_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|``| -|`OC_CACHE_TTL`
`GRAPH_CACHE_TTL`| 1.0.0 |Duration|`Time to live for cache records in the graph. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.`|`336h0m0s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`GRAPH_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|`false`| -|`OC_CACHE_AUTH_USERNAME`
`GRAPH_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`GRAPH_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|``| -|`GRAPH_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9124`| -|`GRAPH_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`GRAPH_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`GRAPH_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`GRAPH_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9120`| -|`GRAPH_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/graph`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`GRAPH_HTTP_API_TOKEN`| 1.0.0 |string|`An optional API bearer token`|``| -|`OC_CORS_ALLOW_ORIGINS`
`GRAPH_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[*]`| -|`OC_CORS_ALLOW_METHODS`
`GRAPH_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[GET POST PUT PATCH DELETE OPTIONS]`| -|`OC_CORS_ALLOW_HEADERS`
`GRAPH_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Purge Restore]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`GRAPH_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| -|`GRAPH_GROUP_MEMBERS_PATCH_LIMIT`| 1.0.0 |int|`The amount of group members allowed to be added with a single patch request.`|`20`| -|`GRAPH_USERNAME_MATCH`| 1.0.0 |string|`Apply restrictions to usernames. Supported values are 'default' and 'none'. When set to 'default', user names must not start with a number and are restricted to ASCII characters. When set to 'none', no restrictions are applied. The default value is 'default'.`|`default`| -|`GRAPH_ASSIGN_DEFAULT_USER_ROLE`| 1.0.0 |bool|`Whether to assign newly created users the default role 'User'. Set this to 'false' if you want to assign roles manually, or if the role assignment should happen at first login. Set this to 'true' (the default) to assign the role 'User' when creating a new user.`|`true`| -|`GRAPH_IDENTITY_SEARCH_MIN_LENGTH`| 1.0.0 |int|`The minimum length the search term needs to have for unprivileged users when searching for users or groups.`|`3`| -|`OC_SHOW_USER_EMAIL_IN_RESULTS`| 1.0.0 |bool|`Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses.`|`false`| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OC_JWT_SECRET`
`GRAPH_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`GRAPH_APPLICATION_ID`| 1.0.0 |string|`The OpenCloud application ID shown in the graph. All app roles are tied to this ID.`|``| -|`GRAPH_APPLICATION_DISPLAYNAME`| 1.0.0 |string|`The OpenCloud application name.`|`OpenCloud`| -|`OC_URL`
`GRAPH_SPACES_WEBDAV_BASE`| 1.0.0 |string|`The public facing URL of WebDAV.`|`https://localhost:9200`| -|`GRAPH_SPACES_WEBDAV_PATH`| 1.0.0 |string|`The WebDAV sub-path for spaces.`|`/dav/spaces/`| -|`GRAPH_SPACES_DEFAULT_QUOTA`| 1.0.0 |string|`The default quota in bytes.`|`1000000000`| -|`GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL`| 1.0.0 |int|`Max TTL in seconds for the spaces property cache.`|`60000000000`| -|`GRAPH_SPACES_USERS_CACHE_TTL`| 1.0.0 |int|`Max TTL in seconds for the spaces users cache.`|`60000000000`| -|`GRAPH_SPACES_GROUPS_CACHE_TTL`| 1.0.0 |int|`Max TTL in seconds for the spaces groups cache.`|`60000000000`| -|`GRAPH_SPACES_STORAGE_USERS_ADDRESS`| 1.0.0 |string|`The address of the storage-users service.`|`eu.opencloud.api.storage-users`| -|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|``| -|`OC_TRANSLATION_PATH`
`GRAPH_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|``| -|`GRAPH_IDENTITY_BACKEND`| 1.0.0 |string|`The user identity backend to use. Supported backend types are 'ldap' and 'cs3'.`|`ldap`| -|`OC_LDAP_URI`
`GRAPH_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`GRAPH_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| -|`OC_LDAP_INSECURE`
`GRAPH_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| -|`OC_LDAP_BIND_DN`
`GRAPH_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=libregraph,ou=sysusers,o=libregraph-idm`| -|`OC_LDAP_BIND_PASSWORD`
`GRAPH_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| -|`GRAPH_LDAP_SERVER_UUID`| 1.0.0 |bool|`If set to true, rely on the LDAP Server to generate a unique ID for users and groups, like when using 'entryUUID' as the user ID attribute.`|`false`| -|`GRAPH_LDAP_SERVER_USE_PASSWORD_MODIFY_EXOP`| 1.0.0 |bool|`Use the 'Password Modify Extended Operation' for updating user passwords.`|`true`| -|`OC_LDAP_SERVER_WRITE_ENABLED`
`GRAPH_LDAP_SERVER_WRITE_ENABLED`| 1.0.0 |bool|`Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OC_LDAP_USER_SCHEMA_* and 'OC_LDAP_GROUP_SCHEMA_* variables).`|`true`| -|`GRAPH_LDAP_REFINT_ENABLED`| 1.0.0 |bool|`Signals that the server has the refint plugin enabled, which makes some actions not needed.`|`false`| -|`OC_LDAP_USER_BASE_DN`
`GRAPH_LDAP_USER_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|`ou=users,o=libregraph-idm`| -|`OC_LDAP_USER_SCOPE`
`GRAPH_LDAP_USER_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.`|`sub`| -|`OC_LDAP_USER_FILTER`
`GRAPH_LDAP_USER_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|``| -|`OC_LDAP_USER_OBJECTCLASS`
`GRAPH_LDAP_USER_OBJECTCLASS`| 1.0.0 |string|`The object class to use for users in the default user search filter ('inetOrgPerson').`|`inetOrgPerson`| -|`OC_LDAP_USER_SCHEMA_MAIL`
`GRAPH_LDAP_USER_EMAIL_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|`mail`| -|`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the display name of users.`|`displayName`| -|`OC_LDAP_USER_SCHEMA_USERNAME`
`GRAPH_LDAP_USER_NAME_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for username of users.`|`uid`| -|`OC_LDAP_USER_SCHEMA_ID`
`GRAPH_LDAP_USER_UID_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|`openCloudUUID`| -|`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`GRAPH_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the user ID's.`|`false`| -|`OC_LDAP_USER_SCHEMA_USER_TYPE`
`GRAPH_LDAP_USER_TYPE_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'.`|`openCloudUserType`| -|`OC_LDAP_USER_ENABLED_ATTRIBUTE`
`GRAPH_USER_ENABLED_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as a flag telling if the user is enabled or disabled.`|`openCloudUserEnabled`| -|`OC_LDAP_DISABLE_USER_MECHANISM`
`GRAPH_DISABLE_USER_MECHANISM`| 1.0.0 |string|`An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. Default is 'attribute'.`|`attribute`| -|`OC_LDAP_DISABLED_USERS_GROUP_DN`
`GRAPH_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|`cn=DisabledUsersGroup,ou=groups,o=libregraph-idm`| -|`OC_LDAP_GROUP_BASE_DN`
`GRAPH_LDAP_GROUP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP groups.`|`ou=groups,o=libregraph-idm`| -|`GRAPH_LDAP_GROUP_CREATE_BASE_DN`| 1.0.0 |string|`Parent DN under which new groups are created. This DN needs to be subordinate to the 'GRAPH_LDAP_GROUP_BASE_DN'. This setting is only relevant when 'GRAPH_LDAP_SERVER_WRITE_ENABLED' is 'true'. It defaults to the value of 'GRAPH_LDAP_GROUP_BASE_DN'. All groups outside of this subtree are treated as readonly groups and cannot be updated.`|`ou=groups,o=libregraph-idm`| -|`OC_LDAP_GROUP_SCOPE`
`GRAPH_LDAP_GROUP_SEARCH_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.`|`sub`| -|`OC_LDAP_GROUP_FILTER`
`GRAPH_LDAP_GROUP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for group searches.`|``| -|`OC_LDAP_GROUP_OBJECTCLASS`
`GRAPH_LDAP_GROUP_OBJECTCLASS`| 1.0.0 |string|`The object class to use for groups in the default group search filter ('groupOfNames').`|`groupOfNames`| -|`OC_LDAP_GROUP_SCHEMA_GROUPNAME`
`GRAPH_LDAP_GROUP_NAME_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the name of groups.`|`cn`| -|`OC_LDAP_GROUP_SCHEMA_MEMBER`
`GRAPH_LDAP_GROUP_MEMBER_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute that is used for group members.`|`member`| -|`OC_LDAP_GROUP_SCHEMA_ID`
`GRAPH_LDAP_GROUP_ID_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.`|`openCloudUUID`| -|`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
`GRAPH_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for groups is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the group ID's.`|`false`| -|`GRAPH_LDAP_EDUCATION_RESOURCES_ENABLED`| 1.0.0 |bool|`Enable LDAP support for managing education related resources.`|`false`| -|`GRAPH_LDAP_SCHOOL_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP schools.`|``| -|`GRAPH_LDAP_SCHOOL_SEARCH_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up schools. Supported scopes are 'base', 'one' and 'sub'.`|``| -|`GRAPH_LDAP_SCHOOL_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for school searches.`|``| -|`GRAPH_LDAP_SCHOOL_OBJECTCLASS`| 1.0.0 |string|`The object class to use for schools in the default school search filter.`|``| -|`GRAPH_LDAP_SCHOOL_NAME_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the name of a school.`|``| -|`GRAPH_LDAP_SCHOOL_NUMBER_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the number of a school.`|``| -|`GRAPH_LDAP_SCHOOL_ID_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as the unique id for schools. This should be a stable globally unique ID like a UUID.`|``| -|`GRAPH_LDAP_SCHOOL_TERMINATION_MIN_GRACE_DAYS`| 1.0.0 |int|`When setting a 'terminationDate' for a school, require the date to be at least this number of days in the future.`|`0`| -|`OC_ENABLE_OCM`
`GRAPH_INCLUDE_OCM_SHAREES`| 1.0.0 |bool|`Include OCM sharees when listing users.`|`false`| -|`OC_EVENTS_ENDPOINT`
`GRAPH_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`GRAPH_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`opencloud-cluster`| -|`OC_INSECURE`
`GRAPH_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`GRAPH_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`GRAPH_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`GRAPH_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`GRAPH_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`GRAPH_AVAILABLE_ROLES`| 1.0.0 |[]string|`A comma separated list of roles that are available for assignment.`|`[b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5 a8d5fe5e-96e3-418d-825b-534dbdf22b99 fb6c3e19-e378-47e5-b277-9732f9de6e21 58c63c02-1d89-4572-916a-870abc5a1b7d 2d00ce52-1fc2-4dbc-8b95-a73b73395f5a 1c996275-f1c9-4e71-abdf-a42f6495e960 312c0871-5ef7-4b3a-85b6-0e4074c64049]`| -|`OC_MAX_CONCURRENCY`
`GRAPH_MAX_CONCURRENCY`| 1.0.0 |int|`The maximum number of concurrent requests the service will handle.`|`20`| -|`OC_KEYCLOAK_BASE_PATH`
`GRAPH_KEYCLOAK_BASE_PATH`| 1.0.0 |string|`The URL to access keycloak.`|``| -|`OC_KEYCLOAK_CLIENT_ID`
`GRAPH_KEYCLOAK_CLIENT_ID`| 1.0.0 |string|`The client id to authenticate with keycloak.`|``| -|`OC_KEYCLOAK_CLIENT_SECRET`
`GRAPH_KEYCLOAK_CLIENT_SECRET`| 1.0.0 |string|`The client secret to use in authentication.`|``| -|`OC_KEYCLOAK_CLIENT_REALM`
`GRAPH_KEYCLOAK_CLIENT_REALM`| 1.0.0 |string|`The realm the client is defined in.`|``| -|`OC_KEYCLOAK_USER_REALM`
`GRAPH_KEYCLOAK_USER_REALM`| 1.0.0 |string|`The realm users are defined.`|``| -|`OC_KEYCLOAK_INSECURE_SKIP_VERIFY`
`GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY`| 1.0.0 |bool|`Disable TLS certificate validation for Keycloak connections. Do not set this in production environments.`|`false`| -|`OC_SERVICE_ACCOUNT_ID`
`GRAPH_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`GRAPH_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| -|`GRAPH_STORAGE_GATEWAY_GRPC_ADDR`
`STORAGE_GATEWAY_GRPC_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`GRAPH_STORAGE_GRPC_ADDR`
`STORAGE_GRPC_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`OC_SYSTEM_USER_ID`
`GRAPH_SYSTEM_USER_ID`| 4.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_IDP`
`GRAPH_SYSTEM_USER_IDP`| 4.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| -|`OC_SYSTEM_USER_API_KEY`| 4.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`GRAPH_USER_SOFT_DELETE_RETENTION_TIME`| 4.0.0 |Duration|`The time after which a soft-deleted user is permanently deleted. If set to 0 (default), there is no soft delete retention time and users are deleted immediately after being soft-deleted. If set to a positive value, the user will be kept in the system for that duration before being permanently deleted.`|`0s`| -|`OC_PERSISTENT_STORE_NODES`
`GRAPH_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`GRAPH_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`graph`| -|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`GRAPH_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`GRAPH_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`GRAPH_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`GRAPH_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`GRAPH_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`GRAPH_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`GRAPH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`GRAPH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`GRAPH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`GRAPH_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_CACHE_STORE`
`GRAPH_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|memory| +|`OC_CACHE_STORE_NODES`
`GRAPH_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`GRAPH_CACHE_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|cache-roles| +|`GRAPH_CACHE_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|| +|`OC_CACHE_TTL`
`GRAPH_CACHE_TTL`| 1.0.0 |Duration|`Time to live for cache records in the graph. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.`|336h0m0s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`GRAPH_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|false| +|`OC_CACHE_AUTH_USERNAME`
`GRAPH_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`GRAPH_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|| +|`GRAPH_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9124| +|`GRAPH_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`GRAPH_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`GRAPH_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`GRAPH_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9120| +|`GRAPH_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/graph| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`GRAPH_HTTP_API_TOKEN`| 1.0.0 |string|`An optional API bearer token`|| +|`OC_CORS_ALLOW_ORIGINS`
`GRAPH_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[*]| +|`OC_CORS_ALLOW_METHODS`
`GRAPH_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[GET POST PUT PATCH DELETE OPTIONS]| +|`OC_CORS_ALLOW_HEADERS`
`GRAPH_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Purge Restore]| +|`OC_CORS_ALLOW_CREDENTIALS`
`GRAPH_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|true| +|`GRAPH_GROUP_MEMBERS_PATCH_LIMIT`| 1.0.0 |int|`The amount of group members allowed to be added with a single patch request.`|20| +|`GRAPH_USERNAME_MATCH`| 1.0.0 |string|`Apply restrictions to usernames. Supported values are 'default' and 'none'. When set to 'default', user names must not start with a number and are restricted to ASCII characters. When set to 'none', no restrictions are applied. The default value is 'default'.`|default| +|`GRAPH_ASSIGN_DEFAULT_USER_ROLE`| 1.0.0 |bool|`Whether to assign newly created users the default role 'User'. Set this to 'false' if you want to assign roles manually, or if the role assignment should happen at first login. Set this to 'true' (the default) to assign the role 'User' when creating a new user.`|true| +|`GRAPH_IDENTITY_SEARCH_MIN_LENGTH`| 1.0.0 |int|`The minimum length the search term needs to have for unprivileged users when searching for users or groups.`|3| +|`OC_SHOW_USER_EMAIL_IN_RESULTS`| 1.0.0 |bool|`Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses.`|false| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OC_JWT_SECRET`
`GRAPH_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`GRAPH_APPLICATION_ID`| 1.0.0 |string|`The OpenCloud application ID shown in the graph. All app roles are tied to this ID.`|| +|`GRAPH_APPLICATION_DISPLAYNAME`| 1.0.0 |string|`The OpenCloud application name.`|OpenCloud| +|`OC_URL`
`GRAPH_SPACES_WEBDAV_BASE`| 1.0.0 |string|`The public facing URL of WebDAV.`|https://localhost:9200| +|`GRAPH_SPACES_WEBDAV_PATH`| 1.0.0 |string|`The WebDAV sub-path for spaces.`|/dav/spaces/| +|`GRAPH_SPACES_DEFAULT_QUOTA`| 1.0.0 |string|`The default quota in bytes.`|1000000000| +|`GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL`| 1.0.0 |int|`Max TTL in seconds for the spaces property cache.`|60000000000| +|`GRAPH_SPACES_USERS_CACHE_TTL`| 1.0.0 |int|`Max TTL in seconds for the spaces users cache.`|60000000000| +|`GRAPH_SPACES_GROUPS_CACHE_TTL`| 1.0.0 |int|`Max TTL in seconds for the spaces groups cache.`|60000000000| +|`GRAPH_SPACES_STORAGE_USERS_ADDRESS`| 1.0.0 |string|`The address of the storage-users service.`|eu.opencloud.api.storage-users| +|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|| +|`OC_TRANSLATION_PATH`
`GRAPH_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|| +|`GRAPH_IDENTITY_BACKEND`| 1.0.0 |string|`The user identity backend to use. Supported backend types are 'ldap' and 'cs3'.`|ldap| +|`OC_LDAP_URI`
`GRAPH_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|ldaps://localhost:9235| +|`OC_LDAP_CACERT`
`GRAPH_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|/home/chaser/.opencloud/idm/ldap.crt| +|`OC_LDAP_INSECURE`
`GRAPH_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|false| +|`OC_LDAP_BIND_DN`
`GRAPH_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|uid=libregraph,ou=sysusers,o=libregraph-idm| +|`OC_LDAP_BIND_PASSWORD`
`GRAPH_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|| +|`GRAPH_LDAP_SERVER_UUID`| 1.0.0 |bool|`If set to true, rely on the LDAP Server to generate a unique ID for users and groups, like when using 'entryUUID' as the user ID attribute.`|false| +|`GRAPH_LDAP_SERVER_USE_PASSWORD_MODIFY_EXOP`| 1.0.0 |bool|`Use the 'Password Modify Extended Operation' for updating user passwords.`|true| +|`OC_LDAP_SERVER_WRITE_ENABLED`
`GRAPH_LDAP_SERVER_WRITE_ENABLED`| 1.0.0 |bool|`Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OC_LDAP_USER_SCHEMA_* and 'OC_LDAP_GROUP_SCHEMA_* variables).`|true| +|`GRAPH_LDAP_REFINT_ENABLED`| 1.0.0 |bool|`Signals that the server has the refint plugin enabled, which makes some actions not needed.`|false| +|`OC_LDAP_USER_BASE_DN`
`GRAPH_LDAP_USER_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|ou=users,o=libregraph-idm| +|`OC_LDAP_USER_SCOPE`
`GRAPH_LDAP_USER_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.`|sub| +|`OC_LDAP_USER_FILTER`
`GRAPH_LDAP_USER_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|| +|`OC_LDAP_USER_OBJECTCLASS`
`GRAPH_LDAP_USER_OBJECTCLASS`| 1.0.0 |string|`The object class to use for users in the default user search filter ('inetOrgPerson').`|inetOrgPerson| +|`OC_LDAP_USER_SCHEMA_MAIL`
`GRAPH_LDAP_USER_EMAIL_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|mail| +|`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the display name of users.`|displayName| +|`OC_LDAP_USER_SCHEMA_USERNAME`
`GRAPH_LDAP_USER_NAME_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for username of users.`|uid| +|`OC_LDAP_USER_SCHEMA_ID`
`GRAPH_LDAP_USER_UID_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|openCloudUUID| +|`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`GRAPH_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the user ID's.`|false| +|`OC_LDAP_USER_SCHEMA_USER_TYPE`
`GRAPH_LDAP_USER_TYPE_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'.`|openCloudUserType| +|`OC_LDAP_USER_ENABLED_ATTRIBUTE`
`GRAPH_USER_ENABLED_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as a flag telling if the user is enabled or disabled.`|openCloudUserEnabled| +|`OC_LDAP_DISABLE_USER_MECHANISM`
`GRAPH_DISABLE_USER_MECHANISM`| 1.0.0 |string|`An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. Default is 'attribute'.`|attribute| +|`OC_LDAP_DISABLED_USERS_GROUP_DN`
`GRAPH_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|cn=DisabledUsersGroup,ou=groups,o=libregraph-idm| +|`OC_LDAP_GROUP_BASE_DN`
`GRAPH_LDAP_GROUP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP groups.`|ou=groups,o=libregraph-idm| +|`GRAPH_LDAP_GROUP_CREATE_BASE_DN`| 1.0.0 |string|`Parent DN under which new groups are created. This DN needs to be subordinate to the 'GRAPH_LDAP_GROUP_BASE_DN'. This setting is only relevant when 'GRAPH_LDAP_SERVER_WRITE_ENABLED' is 'true'. It defaults to the value of 'GRAPH_LDAP_GROUP_BASE_DN'. All groups outside of this subtree are treated as readonly groups and cannot be updated.`|ou=groups,o=libregraph-idm| +|`OC_LDAP_GROUP_SCOPE`
`GRAPH_LDAP_GROUP_SEARCH_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.`|sub| +|`OC_LDAP_GROUP_FILTER`
`GRAPH_LDAP_GROUP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for group searches.`|| +|`OC_LDAP_GROUP_OBJECTCLASS`
`GRAPH_LDAP_GROUP_OBJECTCLASS`| 1.0.0 |string|`The object class to use for groups in the default group search filter ('groupOfNames').`|groupOfNames| +|`OC_LDAP_GROUP_SCHEMA_GROUPNAME`
`GRAPH_LDAP_GROUP_NAME_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the name of groups.`|cn| +|`OC_LDAP_GROUP_SCHEMA_MEMBER`
`GRAPH_LDAP_GROUP_MEMBER_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute that is used for group members.`|member| +|`OC_LDAP_GROUP_SCHEMA_ID`
`GRAPH_LDAP_GROUP_ID_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.`|openCloudUUID| +|`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
`GRAPH_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for groups is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the group ID's.`|false| +|`GRAPH_LDAP_EDUCATION_RESOURCES_ENABLED`| 1.0.0 |bool|`Enable LDAP support for managing education related resources.`|false| +|`GRAPH_LDAP_SCHOOL_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP schools.`|| +|`GRAPH_LDAP_SCHOOL_SEARCH_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up schools. Supported scopes are 'base', 'one' and 'sub'.`|| +|`GRAPH_LDAP_SCHOOL_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for school searches.`|| +|`GRAPH_LDAP_SCHOOL_OBJECTCLASS`| 1.0.0 |string|`The object class to use for schools in the default school search filter.`|| +|`GRAPH_LDAP_SCHOOL_NAME_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the name of a school.`|| +|`GRAPH_LDAP_SCHOOL_NUMBER_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use for the number of a school.`|| +|`GRAPH_LDAP_SCHOOL_ID_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as the unique id for schools. This should be a stable globally unique ID like a UUID.`|| +|`GRAPH_LDAP_SCHOOL_TERMINATION_MIN_GRACE_DAYS`| 1.0.0 |int|`When setting a 'terminationDate' for a school, require the date to be at least this number of days in the future.`|0| +|`OC_ENABLE_OCM`
`GRAPH_INCLUDE_OCM_SHAREES`| 1.0.0 |bool|`Include OCM sharees when listing users.`|false| +|`OC_EVENTS_ENDPOINT`
`GRAPH_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`GRAPH_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|opencloud-cluster| +|`OC_INSECURE`
`GRAPH_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`GRAPH_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`GRAPH_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`GRAPH_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`GRAPH_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`GRAPH_AVAILABLE_ROLES`| 1.0.0 |[]string|`A comma separated list of roles that are available for assignment.`|[b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5 a8d5fe5e-96e3-418d-825b-534dbdf22b99 fb6c3e19-e378-47e5-b277-9732f9de6e21 58c63c02-1d89-4572-916a-870abc5a1b7d 2d00ce52-1fc2-4dbc-8b95-a73b73395f5a 1c996275-f1c9-4e71-abdf-a42f6495e960 312c0871-5ef7-4b3a-85b6-0e4074c64049]| +|`OC_MAX_CONCURRENCY`
`GRAPH_MAX_CONCURRENCY`| 1.0.0 |int|`The maximum number of concurrent requests the service will handle.`|20| +|`OC_KEYCLOAK_BASE_PATH`
`GRAPH_KEYCLOAK_BASE_PATH`| 1.0.0 |string|`The URL to access keycloak.`|| +|`OC_KEYCLOAK_CLIENT_ID`
`GRAPH_KEYCLOAK_CLIENT_ID`| 1.0.0 |string|`The client id to authenticate with keycloak.`|| +|`OC_KEYCLOAK_CLIENT_SECRET`
`GRAPH_KEYCLOAK_CLIENT_SECRET`| 1.0.0 |string|`The client secret to use in authentication.`|| +|`OC_KEYCLOAK_CLIENT_REALM`
`GRAPH_KEYCLOAK_CLIENT_REALM`| 1.0.0 |string|`The realm the client is defined in.`|| +|`OC_KEYCLOAK_USER_REALM`
`GRAPH_KEYCLOAK_USER_REALM`| 1.0.0 |string|`The realm users are defined.`|| +|`OC_KEYCLOAK_INSECURE_SKIP_VERIFY`
`GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY`| 1.0.0 |bool|`Disable TLS certificate validation for Keycloak connections. Do not set this in production environments.`|false| +|`OC_SERVICE_ACCOUNT_ID`
`GRAPH_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`GRAPH_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| +|`GRAPH_STORAGE_GATEWAY_GRPC_ADDR`
`STORAGE_GATEWAY_GRPC_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`GRAPH_STORAGE_GRPC_ADDR`
`STORAGE_GRPC_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`OC_SYSTEM_USER_ID`
`GRAPH_SYSTEM_USER_ID`| next |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_IDP`
`GRAPH_SYSTEM_USER_IDP`| next |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| +|`OC_SYSTEM_USER_API_KEY`| next |string|`API key for the STORAGE-SYSTEM system user.`|| +|`GRAPH_USER_SOFT_DELETE_RETENTION_TIME`| next |Duration|`The time after which a soft-deleted user is permanently deleted. If set to 0 (default), there is no soft delete retention time and users are deleted immediately after being soft-deleted. If set to a positive value, the user will be kept in the system for that duration before being permanently deleted.`|0s| +|`OC_PERSISTENT_STORE_NODES`
`GRAPH_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`GRAPH_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|graph| +|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`GRAPH_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`GRAPH_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| diff --git a/static/env-vars/graph_readme.md b/static/env-vars/graph_readme.md index e0ce237e..270cdcbf 100644 --- a/static/env-vars/graph_readme.md +++ b/static/env-vars/graph_readme.md @@ -1,6 +1,6 @@ --- title: Graph -date: 2025-11-27T22:56:02.332815+01:00 +date: 2025-11-11T09:16:41.111563105+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/graph @@ -15,7 +15,7 @@ geekdocCollapseSection: true The graph service provides the Graph API which is a RESTful web API used to access OpenCloud resources. It is inspired by the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/use-the-api) -and can be used by clients or other services or extensions. Visit the [Libre Graph API](https://docs.opencloud.eu/swagger/libre-graph-api/) +and can be used by clients or other services or extensions. Visit the [Libre Graph API](https://docs.opencloud.eu/libre-graph-api/) for a detailed specification of the API implemented by the graph service. @@ -54,7 +54,7 @@ The graph service provides endpoints for querying users and groups. It features ### LDAP Configuration The LDAP backend is configured using a set of environment variables. A detailed list of all the -available configuration options can be found in the [documentation](https://docs.opencloud.eu/docs/dev/server/services/graph/environment-variables). +available configuration options can be found in the [documentation](https://docs.opencloud.eu/services/graph/configuration/#environment-variables). The LDAP related options are prefixed with `OC_LDAP_` (or `GRAPH_LDAP_` for settings specific to graph service). #### Read-Only Access to Existing LDAP Servers @@ -62,7 +62,8 @@ The LDAP related options are prefixed with `OC_LDAP_` (or `GRAPH_LDAP_` for sett To connect the graph service to an existing LDAP server, set `OC_LDAP_SERVER_WRITE_ENABLED` to `false` to prevent the graph service from sending write operations to the LDAP server. Also set the various `OC_LDAP_*` environment variables to match the configuration of the LDAP server you are connecting -to. A more detailed explanation can be found [here](https://docs.opencloud.eu/docs/admin/configuration/authentication-and-user-management/. +to. An example configuration for connecting OpenCloud to an instance of Microsoft Active Directory is +available [here](https://docs.opencloud.eu/opencloud/identity-provider/ldap-active-directory/). #### Using a Write Enabled LDAP Server @@ -76,13 +77,13 @@ respect to the available schema: object class for groups. * The graph service maintains a few additional attributes for users and groups that are not available in the standard LDAP schema. An schema file, ready to use with OpenLDAP, defining those - additional attributes is available [here](https://github.com/opencloud-eu/opencloud-compose/blob/main/config/ldap/schemas/10_opencloud_schema.ldif) + additional attributes is available [here](https://github.com/opencloud-eu/opencloud/blob/main/deployments/examples/shared/config/ldap/schemas/10_opencloud_schema.ldif) ## Query Filters Provided by the Graph API Some API endpoints provided by the graph service allow to specify query filters. The filter syntax is based on the [OData Specification](https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part1-protocol.html#sec_SystemQueryOptionfilter). -See the [Libre Graph API](https://docs.opencloud.eu/swagger/libre-graph-api/#/users/ListUsers) for examples +See the [Libre Graph API](https://docs.opencloud.eu/libre-graph-api/#/users/ListUsers) for examples on the filters supported when querying users. ## Caching @@ -95,6 +96,10 @@ The `graph` service can use a configured store via `GRAPH_CACHE_STORE`. Possible Other store types may work but are not supported currently. +Note: The service can only be scaled if not using `memory` store and the stores are configured identically over all instances! + +Note that if you have used one of the deprecated stores, you should reconfigure to one of the supported ones as the deprecated stores will be removed in a later version. + Store specific notes: - When using `redis-sentinel`, the Redis master to use is configured via e.g. `OC_CACHE_STORE_NODES` in the form of `:/` like `10.10.0.200:26379/mymaster`. - When using `nats-js-kv` it is recommended to set `OC_CACHE_STORE_NODES` to the same value as `OC_EVENTS_ENDPOINT`. That way the cache uses the same nats instance as the event bus. @@ -122,9 +127,7 @@ The client that is used to authenticate with keycloak has to be able to list use * `view-events` * `view-authorization` -:::note -These roles are only available to assign if the client is in the `master` realm. -::: +Note that these roles are only available to assign if the client is in the `master` realm. ## Translations @@ -140,9 +143,7 @@ For example, for the language `de`, one needs to place the corresponding transla -:::warning -For the time being, the embedded OpenCloud Web frontend only supports the main language code but does not handle any territory. When strings are available in the language code `language_territory`, the web frontend does not see it as it only requests `language`. In consequence, any translations made must exist in the requested `language` to avoid a fallback to the default. -::: +Important: For the time being, the embedded OpenCloud Web frontend only supports the main language code but does not handle any territory. When strings are available in the language code `language_territory`, the web frontend does not see it as it only requests `language`. In consequence, any translations made must exist in the requested `language` to avoid a fallback to the default. ### Translation Rules @@ -158,9 +159,8 @@ The default language can be defined via the `OC_DEFAULT_LANGUAGE` environment va Unified Roles are roles granted a user for sharing and can be enabled or disabled. A CLI command is provided to list existing roles and their state among other data. -:::info +::: info Note that a disabled role does not lose previously assigned permissions. It only means that the role is not available for new assignments. -::: The following roles are **enabled** by default: diff --git a/static/env-vars/groups-config-example.yaml b/static/env-vars/groups-config-example.yaml new file mode 100644 index 00000000..f400c81b --- /dev/null +++ b/static/env-vars/groups-config-example.yaml @@ -0,0 +1,72 @@ +# Autogenerated +# Filename: groups-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9161 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9160 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +driver: ldap +drivers: + ldap: + uri: ldaps://localhost:9235 + ca_cert: /home/chaser/.opencloud/idm/ldap.crt + insecure: false + bind_dn: uid=reva,ou=sysusers,o=libregraph-idm + bind_password: "" + user_base_dn: ou=users,o=libregraph-idm + group_base_dn: ou=groups,o=libregraph-idm + user_scope: sub + group_scope: sub + group_substring_filter_type: any + user_filter: "" + group_filter: "" + user_object_class: inetOrgPerson + group_object_class: groupOfNames + idp: https://localhost:9200 + user_schema: + id: openCloudUUID + id_is_octet_string: false + mail: mail + display_name: displayname + user_name: uid + group_schema: + id: openCloudUUID + id_is_octet_string: false + mail: mail + display_name: cn + group_name: cn + member: member + owncloudsql: + db_username: owncloud + db_password: "" + db_host: mysql + db_port: 3306 + db_name: owncloud + idp: https://localhost:9200 + nobody: 90 + join_username: false + join_owncloud_uuid: false + enable_medial_search: false diff --git a/static/env-vars/groups_configvars.md b/static/env-vars/groups_configvars.md index 5b889d21..13695054 100644 --- a/static/env-vars/groups_configvars.md +++ b/static/env-vars/groups_configvars.md @@ -1,56 +1,60 @@ Environment variables for the **groups** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`GROUPS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`GROUPS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`GROUPS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`GROUPS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`GROUPS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9161`| -|`GROUPS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`GROUPS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`GROUPS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`GROUPS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9160`| -|`OC_GRPC_PROTOCOL`
`GROUPS_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`GROUPS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`GROUPS_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`GROUPS_DRIVER`| 1.0.0 |string|`The driver which should be used by the groups service. Supported values are 'ldap' and 'owncloudsql'.`|`ldap`| -|`OC_LDAP_URI`
`GROUPS_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`GROUPS_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| -|`OC_LDAP_INSECURE`
`GROUPS_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| -|`OC_LDAP_BIND_DN`
`GROUPS_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=reva,ou=sysusers,o=libregraph-idm`| -|`OC_LDAP_BIND_PASSWORD`
`GROUPS_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| -|`OC_LDAP_USER_BASE_DN`
`GROUPS_LDAP_USER_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|`ou=users,o=libregraph-idm`| -|`OC_LDAP_GROUP_BASE_DN`
`GROUPS_LDAP_GROUP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP groups.`|`ou=groups,o=libregraph-idm`| -|`OC_LDAP_USER_SCOPE`
`GROUPS_LDAP_USER_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.`|`sub`| -|`OC_LDAP_GROUP_SCOPE`
`GROUPS_LDAP_GROUP_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.`|`sub`| -|`LDAP_GROUP_SUBSTRING_FILTER_TYPE`
`GROUPS_LDAP_GROUP_SUBSTRING_FILTER_TYPE`| 1.0.0 |string|`Type of substring search filter to use for substring searches for groups. Supported values are 'initial', 'final' and 'any'. The value 'initial' is used for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches`|`any`| -|`OC_LDAP_USER_FILTER`
`GROUPS_LDAP_USER_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|``| -|`OC_LDAP_GROUP_FILTER`
`GROUPS_LDAP_GROUP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for group searches.`|``| -|`OC_LDAP_USER_OBJECTCLASS`
`GROUPS_LDAP_USER_OBJECTCLASS`| 1.0.0 |string|`The object class to use for users in the default user search filter ('inetOrgPerson').`|`inetOrgPerson`| -|`OC_LDAP_GROUP_OBJECTCLASS`
`GROUPS_LDAP_GROUP_OBJECTCLASS`| 1.0.0 |string|`The object class to use for groups in the default group search filter ('groupOfNames').`|`groupOfNames`| -|`OC_URL`
`OC_OIDC_ISSUER`
`GROUPS_IDP_URL`| 1.0.0 |string|`The identity provider value to set in the group IDs of the CS3 group objects for groups returned by this group provider.`|`https://localhost:9200`| -|`OC_LDAP_USER_SCHEMA_ID`
`GROUPS_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID.`|`openCloudUUID`| -|`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's.`|`false`| -|`OC_LDAP_USER_SCHEMA_MAIL`
`GROUPS_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|`mail`| -|`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|`displayname`| -|`OC_LDAP_USER_SCHEMA_USERNAME`
`GROUPS_LDAP_USER_SCHEMA_USERNAME`| 1.0.0 |string|`LDAP Attribute to use for username of users.`|`uid`| -|`OC_LDAP_GROUP_SCHEMA_ID`
`GROUPS_LDAP_GROUP_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.`|`openCloudUUID`| -|`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
`GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID's.`|`false`| -|`OC_LDAP_GROUP_SCHEMA_MAIL`
`GROUPS_LDAP_GROUP_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of groups (can be empty).`|`mail`| -|`OC_LDAP_GROUP_SCHEMA_DISPLAYNAME`
`GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).`|`cn`| -|`OC_LDAP_GROUP_SCHEMA_GROUPNAME`
`GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME`| 1.0.0 |string|`LDAP Attribute to use for the name of groups.`|`cn`| -|`OC_LDAP_GROUP_SCHEMA_MEMBER`
`GROUPS_LDAP_GROUP_SCHEMA_MEMBER`| 1.0.0 |string|`LDAP Attribute that is used for group members.`|`member`| -|`GROUPS_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Database user to use for authenticating with the owncloud database.`|`owncloud`| -|`GROUPS_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database user.`|``| -|`GROUPS_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname of the database server.`|`mysql`| -|`GROUPS_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Network port to use for the database connection.`|`3306`| -|`GROUPS_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the owncloud database.`|`owncloud`| -|`GROUPS_OWNCLOUDSQL_IDP`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|`https://localhost:9200`| -|`GROUPS_OWNCLOUDSQL_NOBODY`| 1.0.0 |int64|`Fallback number if no numeric UID and GID properties are provided.`|`90`| -|`GROUPS_OWNCLOUDSQL_JOIN_USERNAME`| 1.0.0 |bool|`Join the user properties table to read usernames.`|`false`| -|`GROUPS_OWNCLOUDSQL_JOIN_OWNCLOUD_UUID`| 1.0.0 |bool|`Join the user properties table to read user IDs.`|`false`| -|`GROUPS_OWNCLOUDSQL_ENABLE_MEDIAL_SEARCH`| 1.0.0 |bool|`Allow 'medial search' when searching for users instead of just doing a prefix search. This allows finding 'Alice' when searching for 'lic'.`|`false`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`GROUPS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`GROUPS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`GROUPS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`GROUPS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`GROUPS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`GROUPS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`GROUPS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`GROUPS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`GROUPS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9161| +|`GROUPS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`GROUPS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`GROUPS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`GROUPS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9160| +|`OC_GRPC_PROTOCOL`
`GROUPS_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`GROUPS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`GROUPS_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`GROUPS_DRIVER`| 1.0.0 |string|`The driver which should be used by the groups service. Supported values are 'ldap' and 'owncloudsql'.`|ldap| +|`OC_LDAP_URI`
`GROUPS_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|ldaps://localhost:9235| +|`OC_LDAP_CACERT`
`GROUPS_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|/home/chaser/.opencloud/idm/ldap.crt| +|`OC_LDAP_INSECURE`
`GROUPS_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|false| +|`OC_LDAP_BIND_DN`
`GROUPS_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|uid=reva,ou=sysusers,o=libregraph-idm| +|`OC_LDAP_BIND_PASSWORD`
`GROUPS_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|| +|`OC_LDAP_USER_BASE_DN`
`GROUPS_LDAP_USER_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|ou=users,o=libregraph-idm| +|`OC_LDAP_GROUP_BASE_DN`
`GROUPS_LDAP_GROUP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP groups.`|ou=groups,o=libregraph-idm| +|`OC_LDAP_USER_SCOPE`
`GROUPS_LDAP_USER_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.`|sub| +|`OC_LDAP_GROUP_SCOPE`
`GROUPS_LDAP_GROUP_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.`|sub| +|`LDAP_GROUP_SUBSTRING_FILTER_TYPE`
`GROUPS_LDAP_GROUP_SUBSTRING_FILTER_TYPE`| 1.0.0 |string|`Type of substring search filter to use for substring searches for groups. Supported values are 'initial', 'final' and 'any'. The value 'initial' is used for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches`|any| +|`OC_LDAP_USER_FILTER`
`GROUPS_LDAP_USER_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|| +|`OC_LDAP_GROUP_FILTER`
`GROUPS_LDAP_GROUP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for group searches.`|| +|`OC_LDAP_USER_OBJECTCLASS`
`GROUPS_LDAP_USER_OBJECTCLASS`| 1.0.0 |string|`The object class to use for users in the default user search filter ('inetOrgPerson').`|inetOrgPerson| +|`OC_LDAP_GROUP_OBJECTCLASS`
`GROUPS_LDAP_GROUP_OBJECTCLASS`| 1.0.0 |string|`The object class to use for groups in the default group search filter ('groupOfNames').`|groupOfNames| +|`OC_URL`
`OC_OIDC_ISSUER`
`GROUPS_IDP_URL`| 1.0.0 |string|`The identity provider value to set in the group IDs of the CS3 group objects for groups returned by this group provider.`|https://localhost:9200| +|`OC_LDAP_USER_SCHEMA_ID`
`GROUPS_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID.`|openCloudUUID| +|`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's.`|false| +|`OC_LDAP_USER_SCHEMA_MAIL`
`GROUPS_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|mail| +|`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|displayname| +|`OC_LDAP_USER_SCHEMA_USERNAME`
`GROUPS_LDAP_USER_SCHEMA_USERNAME`| 1.0.0 |string|`LDAP Attribute to use for username of users.`|uid| +|`OC_LDAP_GROUP_SCHEMA_ID`
`GROUPS_LDAP_GROUP_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.`|openCloudUUID| +|`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
`GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID's.`|false| +|`OC_LDAP_GROUP_SCHEMA_MAIL`
`GROUPS_LDAP_GROUP_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of groups (can be empty).`|mail| +|`OC_LDAP_GROUP_SCHEMA_DISPLAYNAME`
`GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).`|cn| +|`OC_LDAP_GROUP_SCHEMA_GROUPNAME`
`GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME`| 1.0.0 |string|`LDAP Attribute to use for the name of groups.`|cn| +|`OC_LDAP_GROUP_SCHEMA_MEMBER`
`GROUPS_LDAP_GROUP_SCHEMA_MEMBER`| 1.0.0 |string|`LDAP Attribute that is used for group members.`|member| +|`GROUPS_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Database user to use for authenticating with the owncloud database.`|owncloud| +|`GROUPS_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database user.`|| +|`GROUPS_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname of the database server.`|mysql| +|`GROUPS_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Network port to use for the database connection.`|3306| +|`GROUPS_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the owncloud database.`|owncloud| +|`GROUPS_OWNCLOUDSQL_IDP`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|https://localhost:9200| +|`GROUPS_OWNCLOUDSQL_NOBODY`| 1.0.0 |int64|`Fallback number if no numeric UID and GID properties are provided.`|90| +|`GROUPS_OWNCLOUDSQL_JOIN_USERNAME`| 1.0.0 |bool|`Join the user properties table to read usernames.`|false| +|`GROUPS_OWNCLOUDSQL_JOIN_OWNCLOUD_UUID`| 1.0.0 |bool|`Join the user properties table to read user IDs.`|false| +|`GROUPS_OWNCLOUDSQL_ENABLE_MEDIAL_SEARCH`| 1.0.0 |bool|`Allow 'medial search' when searching for users instead of just doing a prefix search. This allows finding 'Alice' when searching for 'lic'.`|false| diff --git a/static/env-vars/idm-config-example.yaml b/static/env-vars/idm-config-example.yaml new file mode 100644 index 00000000..b527a2ae --- /dev/null +++ b/static/env-vars/idm-config-example.yaml @@ -0,0 +1,31 @@ +# Autogenerated +# Filename: idm-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9239 + token: "" + pprof: false + zpages: false +idm: + ldaps_addr: 127.0.0.1:9235 + cert: /home/chaser/.opencloud/idm/ldap.crt + key: /home/chaser/.opencloud/idm/ldap.key + database: /home/chaser/.opencloud/idm/idm.boltdb +create_demo_users: false +demo_users_issuer_url: https://localhost:9200 +service_user_passwords: + admin_password: "" + idm_password: "" + reva_password: "" + idp_password: "" +admin_user_id: "" diff --git a/static/env-vars/idm_configvars.md b/static/env-vars/idm_configvars.md index af0e5596..e01db097 100644 --- a/static/env-vars/idm_configvars.md +++ b/static/env-vars/idm_configvars.md @@ -1,23 +1,27 @@ Environment variables for the **idm** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`IDM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`IDM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`IDM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`IDM_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`IDM_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9239`| -|`IDM_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`IDM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`IDM_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`IDM_LDAPS_ADDR`| 1.0.0 |string|`Listen address for the LDAPS listener (ip-addr:port).`|`127.0.0.1:9235`| -|`IDM_LDAPS_CERT`| 1.0.0 |string|`File name of the TLS server certificate for the LDAPS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| -|`IDM_LDAPS_KEY`| 1.0.0 |string|`File name for the TLS certificate key for the server certificate. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.key`| -|`IDM_DATABASE_PATH`| 1.0.0 |string|`Full path to the IDM backend database. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/idm.boltdb`| -|`IDM_CREATE_DEMO_USERS`| 1.0.0 |bool|`Flag to enable or disable the creation of the demo users.`|`false`| -|`OC_URL`
`OC_OIDC_ISSUER`| 1.0.0 |string|`The OIDC issuer URL to assign to the demo users.`|`https://localhost:9200`| -|`IDM_ADMIN_PASSWORD`| 1.0.0 |string|`Password to set for the OpenCloud 'admin' user. Either cleartext or an argon2id hash.`|``| -|`IDM_SVC_PASSWORD`| 1.0.0 |string|`Password to set for the 'idm' service user. Either cleartext or an argon2id hash.`|``| -|`IDM_REVASVC_PASSWORD`| 1.0.0 |string|`Password to set for the 'reva' service user. Either cleartext or an argon2id hash.`|``| -|`IDM_IDPSVC_PASSWORD`| 1.0.0 |string|`Password to set for the 'idp' service user. Either cleartext or an argon2id hash.`|``| -|`OC_ADMIN_USER_ID`
`IDM_ADMIN_USER_ID`| 1.0.0 |string|`ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`IDM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`IDM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`IDM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`IDM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`IDM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`IDM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`IDM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`IDM_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`IDM_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9239| +|`IDM_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`IDM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`IDM_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`IDM_LDAPS_ADDR`| 1.0.0 |string|`Listen address for the LDAPS listener (ip-addr:port).`|127.0.0.1:9235| +|`IDM_LDAPS_CERT`| 1.0.0 |string|`File name of the TLS server certificate for the LDAPS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|/home/chaser/.opencloud/idm/ldap.crt| +|`IDM_LDAPS_KEY`| 1.0.0 |string|`File name for the TLS certificate key for the server certificate. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|/home/chaser/.opencloud/idm/ldap.key| +|`IDM_DATABASE_PATH`| 1.0.0 |string|`Full path to the IDM backend database. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|/home/chaser/.opencloud/idm/idm.boltdb| +|`IDM_CREATE_DEMO_USERS`| 1.0.0 |bool|`Flag to enable or disable the creation of the demo users.`|false| +|`OC_URL`
`OC_OIDC_ISSUER`| 1.0.0 |string|`The OIDC issuer URL to assign to the demo users.`|https://localhost:9200| +|`IDM_ADMIN_PASSWORD`| 1.0.0 |string|`Password to set for the OpenCloud 'admin' user. Either cleartext or an argon2id hash.`|| +|`IDM_SVC_PASSWORD`| 1.0.0 |string|`Password to set for the 'idm' service user. Either cleartext or an argon2id hash.`|| +|`IDM_REVASVC_PASSWORD`| 1.0.0 |string|`Password to set for the 'reva' service user. Either cleartext or an argon2id hash.`|| +|`IDM_IDPSVC_PASSWORD`| 1.0.0 |string|`Password to set for the 'idp' service user. Either cleartext or an argon2id hash.`|| +|`OC_ADMIN_USER_ID`
`IDM_ADMIN_USER_ID`| 1.0.0 |string|`ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.`|| diff --git a/static/env-vars/idm_readme.md b/static/env-vars/idm_readme.md index 684e0f20..96955c52 100644 --- a/static/env-vars/idm_readme.md +++ b/static/env-vars/idm_readme.md @@ -1,6 +1,6 @@ --- title: IDM -date: 2025-11-27T22:56:02.333155+01:00 +date: 2025-11-11T09:16:41.111633407+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/idm diff --git a/static/env-vars/idp-config-example.yaml b/static/env-vars/idp-config-example.yaml new file mode 100644 index 00000000..859f26b8 --- /dev/null +++ b/static/env-vars/idp-config-example.yaml @@ -0,0 +1,122 @@ +# Autogenerated +# Filename: idp-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9134 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9130 + root: / + tls_cert: /home/chaser/.opencloud/idp/server.crt + tls_key: /home/chaser/.opencloud/idp/server.key + tls: false +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +machine_auth_api_key: "" +asset: + asset: "" + login-background-url: "" +idp: + iss: https://localhost:9200 + identity_manager: ldap + uri_base_path: "" + sign_in_uri: "" + signed_out_uri: "" + authorization_endpoint_uri: "" + ldap_insecure: false + trusted_proxy: [] + allow_scope: [] + allow_client_guests: false + allow_dynamic_client_registration: false + encrypt_secret_file: /home/chaser/.opencloud/idp/encryption.key + listen: "" + identifierdefaultbannerlogo: "" + default_sign_in_page_text: "" + default_logo_target_uri: https://opencloud.eu + identifierdefaultusernamehinttext: "" + identifieruilocales: [] + signing_kid: private-key + signing_method: PS256 + signing_private_key_files: + - /home/chaser/.opencloud/idp/private-key.pem + validation_keys_path: "" + cookiebackenduri: "" + cookienames: [] + cookiesamesite: 3 + access_token_duration_seconds: 300 + id_token_duration_seconds: 300 + refresh_token_duration_seconds: 2592000 + dynamic_client_secret_duration_seconds: 0 +clients: +- id: web + name: OpenCloud Web App + trusted: true + secret: "" + redirect_uris: + - '{{OC_URL}}/' + - '{{OC_URL}}/oidc-callback.html' + - '{{OC_URL}}/oidc-silent-redirect.html' + post_logout_redirect_uris: [] + origins: + - '{{OC_URL}}' + application_type: "" +- id: OpenCloudDesktop + name: OpenCloud Desktop Client + trusted: false + secret: "" + redirect_uris: + - http://127.0.0.1 + - http://localhost + post_logout_redirect_uris: [] + origins: [] + application_type: native +- id: OpenCloudAndroid + name: OpenCloud Android App + trusted: false + secret: "" + redirect_uris: + - oc://android.opencloud.eu + post_logout_redirect_uris: + - oc://android.opencloud.eu + origins: [] + application_type: native +- id: OpenCloudIOS + name: OpenCloud iOS App + trusted: false + secret: "" + redirect_uris: + - oc://ios.opencloud.eu + post_logout_redirect_uris: + - oc://ios.opencloud.eu + origins: [] + application_type: native +ldap: + uri: ldaps://localhost:9235 + cacert: /home/chaser/.opencloud/idm/ldap.crt + bind_dn: uid=idp,ou=sysusers,o=libregraph-idm + bind_password: "" + base_dn: ou=users,o=libregraph-idm + scope: sub + login_attribute: uid + email_attribute: mail + name_attribute: displayName + uuid_attribute: openCloudUUID + uuid_attribute_type: text + user_enabled_attribute: openCloudUserEnabled + filter: "" + objectclass: inetOrgPerson diff --git a/static/env-vars/idp_configvars.md b/static/env-vars/idp_configvars.md index 053268ad..2f4d87f6 100644 --- a/static/env-vars/idp_configvars.md +++ b/static/env-vars/idp_configvars.md @@ -1,58 +1,62 @@ Environment variables for the **idp** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`IDP_PASSWORD_RESET_URI`| 1.0.0 |string|`The URI where a user can reset their password.`|``| -|`OC_LOG_LEVEL`
`IDP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`IDP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`IDP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`IDP_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`IDP_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9134`| -|`IDP_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`IDP_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`IDP_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`IDP_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9130`| -|`IDP_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`IDP_TRANSPORT_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/var/lib/opencloud/idp/server.crt`| -|`IDP_TRANSPORT_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/var/lib/opencloud/idp/server.key`| -|`IDP_TLS`| 1.0.0 |bool|`Disable or Enable HTTPS for the communication between the Proxy service and the IDP service. If set to 'true', the key and cert files need to be configured and present.`|`false`| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OC_MACHINE_AUTH_API_KEY`
`IDP_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary for the access to resources from other services.`|``| -|`IDP_ASSET_PATH`| 1.0.0 |string|`Serve IDP assets from a path on the filesystem instead of the builtin assets.`|``| -|`IDP_LOGIN_BACKGROUND_URL`| 1.0.0 |string|`Configure an alternative URL to the background image for the login page.`|``| -|`OC_URL`
`OC_OIDC_ISSUER`
`IDP_ISS`| 1.0.0 |string|`The OIDC issuer URL to use.`|`https://localhost:9200`| -|`IDP_IDENTITY_MANAGER`| 1.0.0 |string|`The identity manager implementation to use. Supported identity managers are 'ldap', 'cs3', 'libregraph' and 'guest'.`|`ldap`| -|`IDP_URI_BASE_PATH`| 1.0.0 |string|`IDP uri base path (defaults to '').`|``| -|`IDP_SIGN_IN_URI`| 1.0.0 |string|`IDP sign-in url.`|``| -|`IDP_SIGN_OUT_URI`| 1.0.0 |string|`IDP sign-out url.`|``| -|`IDP_ENDPOINT_URI`| 1.0.0 |string|`URL of the IDP endpoint.`|``| -|`OC_LDAP_INSECURE`
`IDP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| -|`IDP_ALLOW_CLIENT_GUESTS`| 1.0.0 |bool|`Allow guest clients to access OpenCloud.`|`false`| -|`IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION`| 1.0.0 |bool|`Allow dynamic client registration.`|`false`| -|`IDP_ENCRYPTION_SECRET_FILE`| 1.0.0 |string|`Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thus invalidating all existing sessions. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/var/lib/opencloud/idp/encryption.key`| -|`IDP_DEFAULT_SIGNIN_PAGE_TEXT`| 2.0.0 |string|``|``| -|`IDP_DEFAULT_LOGO_TARGET_URI`| 4.0.0 |string|`Default logo target URI.`|`https://opencloud.eu`| -|`IDP_SIGNING_KID`| 1.0.0 |string|`Value of the KID (Key ID) field which is used in created tokens to uniquely identify the signing-private-key.`|`private-key`| -|`IDP_SIGNING_METHOD`| 1.0.0 |string|`Signing method of IDP requests like 'PS256'`|`PS256`| -|`IDP_SIGNING_PRIVATE_KEY_FILES`| 1.0.0 |[]string|`A list of private key files for signing IDP requests. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. See the Environment Variable Types description for more details.`|`[/var/lib/opencloud/idp/private-key.pem]`| -|`IDP_VALIDATION_KEYS_PATH`| 1.0.0 |string|`Path to validation keys for IDP requests.`|``| -|`IDP_ACCESS_TOKEN_EXPIRATION`| 1.0.0 |uint64|`'Access token lifespan in seconds (time before an access token is expired).'`|`300`| -|`IDP_ID_TOKEN_EXPIRATION`| 1.0.0 |uint64|`ID token lifespan in seconds (time before an ID token is expired).`|`300`| -|`IDP_REFRESH_TOKEN_EXPIRATION`| 1.0.0 |uint64|`Refresh token lifespan in seconds (time before an refresh token is expired). This also limits the duration of an idle offline session.`|`2592000`| -|`IDP_DYNAMIC_CLIENT_SECRET_DURATION`| 1.0.0 |uint64|`Lifespan in seconds of a dynamically registered OIDC client.`|`0`| -|`OC_LDAP_URI`
`IDP_LDAP_URI`| 1.0.0 |string|`Url of the LDAP service to use as IDP.`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`IDP_LDAP_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/var/lib/opencloud/idm/ldap.crt`| -|`OC_LDAP_BIND_DN`
`IDP_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=idp,ou=sysusers,o=libregraph-idm`| -|`OC_LDAP_BIND_PASSWORD`
`IDP_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| -|`OC_LDAP_USER_BASE_DN`
`IDP_LDAP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|`ou=users,o=libregraph-idm`| -|`OC_LDAP_USER_SCOPE`
`IDP_LDAP_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.`|`sub`| -|`IDP_LDAP_LOGIN_ATTRIBUTE`| 1.0.0 |string|`LDAP User attribute to use for login like 'uid'.`|`uid`| -|`OC_LDAP_USER_SCHEMA_MAIL`
`IDP_LDAP_EMAIL_ATTRIBUTE`| 1.0.0 |string|`LDAP User email attribute like 'mail'.`|`mail`| -|`OC_LDAP_USER_SCHEMA_USERNAME`
`IDP_LDAP_NAME_ATTRIBUTE`| 1.0.0 |string|`LDAP User name attribute like 'displayName'.`|`displayName`| -|`OC_LDAP_USER_SCHEMA_ID`
`IDP_LDAP_UUID_ATTRIBUTE`| 1.0.0 |string|`LDAP User UUID attribute like 'uid'.`|`openCloudUUID`| -|`IDP_LDAP_UUID_ATTRIBUTE_TYPE`| 1.0.0 |string|`LDAP User uuid attribute type like 'text'.`|`text`| -|`OC_LDAP_USER_ENABLED_ATTRIBUTE`
`IDP_USER_ENABLED_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as a flag telling if the user is enabled or disabled.`|`openCloudUserEnabled`| -|`OC_LDAP_USER_FILTER`
`IDP_LDAP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|``| -|`OC_LDAP_USER_OBJECTCLASS`
`IDP_LDAP_OBJECTCLASS`| 1.0.0 |string|`LDAP User ObjectClass like 'inetOrgPerson'.`|`inetOrgPerson`| +|---|---|---|---|---| +|`IDP_PASSWORD_RESET_URI`| 1.0.0 |string|`The URI where a user can reset their password.`|| +|`OC_TRACING_ENABLED`
`IDP_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`IDP_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`IDP_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`IDP_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`IDP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`IDP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`IDP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`IDP_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`IDP_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9134| +|`IDP_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`IDP_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`IDP_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`IDP_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9130| +|`IDP_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`IDP_TRANSPORT_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|/home/chaser/.opencloud/idp/server.crt| +|`IDP_TRANSPORT_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the IDP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|/home/chaser/.opencloud/idp/server.key| +|`IDP_TLS`| 1.0.0 |bool|`Disable or Enable HTTPS for the communication between the Proxy service and the IDP service. If set to 'true', the key and cert files need to be configured and present.`|false| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OC_MACHINE_AUTH_API_KEY`
`IDP_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary for the access to resources from other services.`|| +|`IDP_ASSET_PATH`| 1.0.0 |string|`Serve IDP assets from a path on the filesystem instead of the builtin assets.`|| +|`IDP_LOGIN_BACKGROUND_URL`| 1.0.0 |string|`Configure an alternative URL to the background image for the login page.`|| +|`OC_URL`
`OC_OIDC_ISSUER`
`IDP_ISS`| 1.0.0 |string|`The OIDC issuer URL to use.`|https://localhost:9200| +|`IDP_IDENTITY_MANAGER`| 1.0.0 |string|`The identity manager implementation to use. Supported identity managers are 'ldap', 'cs3', 'libregraph' and 'guest'.`|ldap| +|`IDP_URI_BASE_PATH`| 1.0.0 |string|`IDP uri base path (defaults to '').`|| +|`IDP_SIGN_IN_URI`| 1.0.0 |string|`IDP sign-in url.`|| +|`IDP_SIGN_OUT_URI`| 1.0.0 |string|`IDP sign-out url.`|| +|`IDP_ENDPOINT_URI`| 1.0.0 |string|`URL of the IDP endpoint.`|| +|`OC_LDAP_INSECURE`
`IDP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|false| +|`IDP_ALLOW_CLIENT_GUESTS`| 1.0.0 |bool|`Allow guest clients to access OpenCloud.`|false| +|`IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION`| 1.0.0 |bool|`Allow dynamic client registration.`|false| +|`IDP_ENCRYPTION_SECRET_FILE`| 1.0.0 |string|`Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thus invalidating all existing sessions. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|/home/chaser/.opencloud/idp/encryption.key| +|`IDP_DEFAULT_SIGNIN_PAGE_TEXT`| 2.0.0 |string|``|| +|`IDP_DEFAULT_LOGO_TARGET_URI`| next |string|`Default logo target URI.`|https://opencloud.eu| +|`IDP_SIGNING_KID`| 1.0.0 |string|`Value of the KID (Key ID) field which is used in created tokens to uniquely identify the signing-private-key.`|private-key| +|`IDP_SIGNING_METHOD`| 1.0.0 |string|`Signing method of IDP requests like 'PS256'`|PS256| +|`IDP_SIGNING_PRIVATE_KEY_FILES`| 1.0.0 |[]string|`A list of private key files for signing IDP requests. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. See the Environment Variable Types description for more details.`|[/home/chaser/.opencloud/idp/private-key.pem]| +|`IDP_VALIDATION_KEYS_PATH`| 1.0.0 |string|`Path to validation keys for IDP requests.`|| +|`IDP_ACCESS_TOKEN_EXPIRATION`| 1.0.0 |uint64|`'Access token lifespan in seconds (time before an access token is expired).'`|300| +|`IDP_ID_TOKEN_EXPIRATION`| 1.0.0 |uint64|`ID token lifespan in seconds (time before an ID token is expired).`|300| +|`IDP_REFRESH_TOKEN_EXPIRATION`| 1.0.0 |uint64|`Refresh token lifespan in seconds (time before an refresh token is expired). This also limits the duration of an idle offline session.`|2592000| +|`IDP_DYNAMIC_CLIENT_SECRET_DURATION`| 1.0.0 |uint64|`Lifespan in seconds of a dynamically registered OIDC client.`|0| +|`OC_LDAP_URI`
`IDP_LDAP_URI`| 1.0.0 |string|`Url of the LDAP service to use as IDP.`|ldaps://localhost:9235| +|`OC_LDAP_CACERT`
`IDP_LDAP_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|/home/chaser/.opencloud/idm/ldap.crt| +|`OC_LDAP_BIND_DN`
`IDP_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|uid=idp,ou=sysusers,o=libregraph-idm| +|`OC_LDAP_BIND_PASSWORD`
`IDP_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|| +|`OC_LDAP_USER_BASE_DN`
`IDP_LDAP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|ou=users,o=libregraph-idm| +|`OC_LDAP_USER_SCOPE`
`IDP_LDAP_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.`|sub| +|`IDP_LDAP_LOGIN_ATTRIBUTE`| 1.0.0 |string|`LDAP User attribute to use for login like 'uid'.`|uid| +|`OC_LDAP_USER_SCHEMA_MAIL`
`IDP_LDAP_EMAIL_ATTRIBUTE`| 1.0.0 |string|`LDAP User email attribute like 'mail'.`|mail| +|`OC_LDAP_USER_SCHEMA_USERNAME`
`IDP_LDAP_NAME_ATTRIBUTE`| 1.0.0 |string|`LDAP User name attribute like 'displayName'.`|displayName| +|`OC_LDAP_USER_SCHEMA_ID`
`IDP_LDAP_UUID_ATTRIBUTE`| 1.0.0 |string|`LDAP User UUID attribute like 'uid'.`|openCloudUUID| +|`IDP_LDAP_UUID_ATTRIBUTE_TYPE`| 1.0.0 |string|`LDAP User uuid attribute type like 'text'.`|text| +|`OC_LDAP_USER_ENABLED_ATTRIBUTE`
`IDP_USER_ENABLED_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to use as a flag telling if the user is enabled or disabled.`|openCloudUserEnabled| +|`OC_LDAP_USER_FILTER`
`IDP_LDAP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|| +|`OC_LDAP_USER_OBJECTCLASS`
`IDP_LDAP_OBJECTCLASS`| 1.0.0 |string|`LDAP User ObjectClass like 'inetOrgPerson'.`|inetOrgPerson| diff --git a/static/env-vars/idp_readme.md b/static/env-vars/idp_readme.md index d174da2c..03a4232a 100644 --- a/static/env-vars/idp_readme.md +++ b/static/env-vars/idp_readme.md @@ -1,6 +1,6 @@ --- title: IDP -date: 2025-11-27T22:56:02.333271+01:00 +date: 2025-11-11T09:16:41.111690554+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/idp @@ -17,7 +17,7 @@ This service provides a builtin minimal OpenID Connect provider based on [LibreG It is mainly targeted at smaller installations. For larger setups it is recommended to replace IDP with an external OpenID Connect Provider. -By default, it is configured to use the OpenCloud IDM service as its LDAP backend for looking up and authenticating users. Other backends like an external LDAP server can be configured via a set of [enviroment variables](https://docs.opencloud.eu/docs/dev/server/services/idp/environment-variables). +By default, it is configured to use the OpenCloud IDM service as its LDAP backend for looking up and authenticating users. Other backends like an external LDAP server can be configured via a set of [enviroment variables](https://docs.opencloud.eu/services/idp/configuration/#environment-variables). Note that translations provided by the IDP service are not maintained via OpenCloud but part of the embedded [LibreGraph Connect Identifier](https://github.com/libregraph/lico/tree/master/identifier) package. diff --git a/static/env-vars/invitations-config-example.yaml b/static/env-vars/invitations-config-example.yaml new file mode 100644 index 00000000..8aa46fe0 --- /dev/null +++ b/static/env-vars/invitations-config-example.yaml @@ -0,0 +1,40 @@ +# Autogenerated +# Filename: invitations-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9269 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9265 + root: /graph/v1.0 + cors: + allow_origins: + - https://localhost:9200 + allow_methods: [] + allow_headers: [] + allow_credentials: false + tls: + enabled: false + cert: "" + key: "" +keycloak: + base_path: "" + client_id: "" + client_secret: "" + client_realm: "" + user_realm: "" + insecure_skip_verify: false +token_manager: + jwt_secret: "" diff --git a/static/env-vars/invitations_configvars.md b/static/env-vars/invitations_configvars.md index 6933fe38..63c9fa99 100644 --- a/static/env-vars/invitations_configvars.md +++ b/static/env-vars/invitations_configvars.md @@ -1,28 +1,32 @@ Environment variables for the **invitations** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`INVITATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`INVITATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`INVITATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`INVITATIONS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`INVITATIONS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9269`| -|`INVITATIONS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`INVITATIONS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`INVITATIONS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`INVITATIONS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9265`| -|`INVITATIONS_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/graph/v1.0`| -|`OC_CORS_ALLOW_ORIGINS`
`INVITATIONS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[https://localhost:9200]`| -|`OC_CORS_ALLOW_METHODS`
`INVITATIONS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[]`| -|`OC_CORS_ALLOW_HEADERS`
`INVITATIONS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`INVITATIONS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`false`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`OC_KEYCLOAK_BASE_PATH`
`INVITATIONS_KEYCLOAK_BASE_PATH`| 1.0.0 |string|`The URL to access keycloak.`|``| -|`OC_KEYCLOAK_CLIENT_ID`
`INVITATIONS_KEYCLOAK_CLIENT_ID`| 1.0.0 |string|`The client ID to authenticate with keycloak.`|``| -|`OC_KEYCLOAK_CLIENT_SECRET`
`INVITATIONS_KEYCLOAK_CLIENT_SECRET`| 1.0.0 |string|`The client secret to use in authentication.`|``| -|`OC_KEYCLOAK_CLIENT_REALM`
`INVITATIONS_KEYCLOAK_CLIENT_REALM`| 1.0.0 |string|`The realm the client is defined in.`|``| -|`OC_KEYCLOAK_USER_REALM`
`INVITATIONS_KEYCLOAK_USER_REALM`| 1.0.0 |string|`The realm users are defined.`|``| -|`OC_KEYCLOAK_INSECURE_SKIP_VERIFY`
`INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY`| 1.0.0 |bool|`Disable TLS certificate validation for Keycloak connections. Do not set this in production environments.`|`false`| -|`OC_JWT_SECRET`
`INVITATIONS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`INVITATIONS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`INVITATIONS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`INVITATIONS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`INVITATIONS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`INVITATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`INVITATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`INVITATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`INVITATIONS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`INVITATIONS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9269| +|`INVITATIONS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`INVITATIONS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`INVITATIONS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`INVITATIONS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9265| +|`INVITATIONS_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/graph/v1.0| +|`OC_CORS_ALLOW_ORIGINS`
`INVITATIONS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[https://localhost:9200]| +|`OC_CORS_ALLOW_METHODS`
`INVITATIONS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[]| +|`OC_CORS_ALLOW_HEADERS`
`INVITATIONS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[]| +|`OC_CORS_ALLOW_CREDENTIALS`
`INVITATIONS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|false| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`OC_KEYCLOAK_BASE_PATH`
`INVITATIONS_KEYCLOAK_BASE_PATH`| 1.0.0 |string|`The URL to access keycloak.`|| +|`OC_KEYCLOAK_CLIENT_ID`
`INVITATIONS_KEYCLOAK_CLIENT_ID`| 1.0.0 |string|`The client ID to authenticate with keycloak.`|| +|`OC_KEYCLOAK_CLIENT_SECRET`
`INVITATIONS_KEYCLOAK_CLIENT_SECRET`| 1.0.0 |string|`The client secret to use in authentication.`|| +|`OC_KEYCLOAK_CLIENT_REALM`
`INVITATIONS_KEYCLOAK_CLIENT_REALM`| 1.0.0 |string|`The realm the client is defined in.`|| +|`OC_KEYCLOAK_USER_REALM`
`INVITATIONS_KEYCLOAK_USER_REALM`| 1.0.0 |string|`The realm users are defined.`|| +|`OC_KEYCLOAK_INSECURE_SKIP_VERIFY`
`INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY`| 1.0.0 |bool|`Disable TLS certificate validation for Keycloak connections. Do not set this in production environments.`|false| +|`OC_JWT_SECRET`
`INVITATIONS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| diff --git a/static/env-vars/invitations_readme.md b/static/env-vars/invitations_readme.md index cd90e794..b0f96185 100644 --- a/static/env-vars/invitations_readme.md +++ b/static/env-vars/invitations_readme.md @@ -1,6 +1,6 @@ --- title: Invitations -date: 2025-11-27T22:56:02.333362+01:00 +date: 2025-11-11T09:16:41.111743805+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/invitations diff --git a/static/env-vars/nats-config-example.yaml b/static/env-vars/nats-config-example.yaml new file mode 100644 index 00000000..8623983a --- /dev/null +++ b/static/env-vars/nats-config-example.yaml @@ -0,0 +1,27 @@ +# Autogenerated +# Filename: nats-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9234 + token: "" + pprof: false + zpages: false +nats: + host: 127.0.0.1 + port: 9233 + clusterid: opencloud-cluster + store_dir: /home/chaser/.opencloud/nats + tls_cert: /home/chaser/.opencloud/nats/tls.crt + tls_key: /home/chaser/.opencloud/nats/tls.key + tls_skip_verify_client_cert: false + enable_tls: false diff --git a/static/env-vars/nats_configvars.md b/static/env-vars/nats_configvars.md index c792bf41..0586c4bc 100644 --- a/static/env-vars/nats_configvars.md +++ b/static/env-vars/nats_configvars.md @@ -1,20 +1,24 @@ Environment variables for the **nats** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`NATS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`NATS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`NATS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`NATS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`NATS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9234`| -|`NATS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`NATS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`NATS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`NATS_NATS_HOST`| 1.0.0 |string|`Bind address.`|`127.0.0.1`| -|`NATS_NATS_PORT`| 1.0.0 |int|`Bind port.`|`9233`| -|`NATS_NATS_CLUSTER_ID`| 1.0.0 |string|`ID of the NATS cluster.`|`opencloud-cluster`| -|`NATS_NATS_STORE_DIR`| 1.0.0 |string|`The directory where the filesystem storage will store NATS JetStream data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|`/var/lib/opencloud/nats`| -|`NATS_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the NATS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|`/var/lib/opencloud/nats/tls.crt`| -|`NATS_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the NATS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|`/var/lib/opencloud/nats/tls.key`| -|`OC_INSECURE`
`NATS_TLS_SKIP_VERIFY_CLIENT_CERT`| 1.0.0 |bool|`Whether the NATS server should skip the client certificate verification during the TLS handshake.`|`false`| -|`OC_EVENTS_ENABLE_TLS`
`NATS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`NATS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`NATS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`NATS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`NATS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`NATS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`NATS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`NATS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`NATS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`NATS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9234| +|`NATS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`NATS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`NATS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`NATS_NATS_HOST`| 1.0.0 |string|`Bind address.`|127.0.0.1| +|`NATS_NATS_PORT`| 1.0.0 |int|`Bind port.`|9233| +|`NATS_NATS_CLUSTER_ID`| 1.0.0 |string|`ID of the NATS cluster.`|opencloud-cluster| +|`NATS_NATS_STORE_DIR`| 1.0.0 |string|`The directory where the filesystem storage will store NATS JetStream data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|/home/chaser/.opencloud/nats| +|`NATS_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the NATS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|/home/chaser/.opencloud/nats/tls.crt| +|`NATS_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the NATS listener. If not defined, the root directory derives from $OC_BASE_DATA_PATH/nats.`|/home/chaser/.opencloud/nats/tls.key| +|`OC_INSECURE`
`NATS_TLS_SKIP_VERIFY_CLIENT_CERT`| 1.0.0 |bool|`Whether the NATS server should skip the client certificate verification during the TLS handshake.`|false| +|`OC_EVENTS_ENABLE_TLS`
`NATS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| diff --git a/static/env-vars/nats_readme.md b/static/env-vars/nats_readme.md index 045b5608..53708bc5 100644 --- a/static/env-vars/nats_readme.md +++ b/static/env-vars/nats_readme.md @@ -1,6 +1,6 @@ --- title: Nats -date: 2025-11-27T22:56:02.333443+01:00 +date: 2025-11-11T09:16:41.111801643+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/nats diff --git a/static/env-vars/notifications-config-example.yaml b/static/env-vars/notifications-config-example.yaml new file mode 100644 index 00000000..352c98a3 --- /dev/null +++ b/static/env-vars/notifications-config-example.yaml @@ -0,0 +1,57 @@ +# Autogenerated +# Filename: notifications-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9174 + token: "" + pprof: false + zpages: false +opencloud_url: https://localhost:9200 +notifications: + SMTP: + smtp_host: "" + smtp_port: 0 + smtp_sender: "" + smtp_username: "" + smtp_password: "" + insecure: false + smtp_authentication: "" + smtp_encryption: none + events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" + email_template_path: "" + translation_path: "" + default_language: "" + reva_gateway: eu.opencloud.api.gateway + grpc_client_tls: null +grpc_client_tls: + mode: "" + cacert: "" +service_account: + service_account_id: "" + service_account_secret: "" +store: + store: nats-js-kv + nodes: + - 127.0.0.1:9233 + database: notifications + table: "" + ttl: 336h0m0s + username: "" + password: "" diff --git a/static/env-vars/notifications_configvars.md b/static/env-vars/notifications_configvars.md index bf8ab298..d0658b78 100644 --- a/static/env-vars/notifications_configvars.md +++ b/static/env-vars/notifications_configvars.md @@ -1,43 +1,47 @@ Environment variables for the **notifications** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`NOTIFICATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`NOTIFICATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`NOTIFICATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`NOTIFICATIONS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`NOTIFICATIONS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9174`| -|`NOTIFICATIONS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`NOTIFICATIONS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`NOTIFICATIONS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OC_URL`
`NOTIFICATIONS_WEB_UI_URL`| 1.0.0 |string|`The public facing URL of the OpenCloud Web UI, used e.g. when sending notification eMails`|`https://localhost:9200`| -|`NOTIFICATIONS_SMTP_HOST`| 1.0.0 |string|`SMTP host to connect to.`|``| -|`NOTIFICATIONS_SMTP_PORT`| 1.0.0 |int|`Port of the SMTP host to connect to.`|`0`| -|`NOTIFICATIONS_SMTP_SENDER`| 1.0.0 |string|`Sender address of emails that will be sent (e.g. 'OpenCloud '.`|``| -|`NOTIFICATIONS_SMTP_USERNAME`| 1.0.0 |string|`Username for the SMTP host to connect to.`|``| -|`NOTIFICATIONS_SMTP_PASSWORD`| 1.0.0 |string|`Password for the SMTP host to connect to.`|``| -|`NOTIFICATIONS_SMTP_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the SMTP server.`|`false`| -|`NOTIFICATIONS_SMTP_AUTHENTICATION`| 1.0.0 |string|`Authentication method for the SMTP communication. Possible values are 'login', 'plain', 'crammd5', 'none' or 'auto'. If set to 'auto' or unset, the authentication method is automatically negotiated with the server.`|``| -|`NOTIFICATIONS_SMTP_ENCRYPTION`| 1.0.0 |string|`Encryption method for the SMTP communication. Possible values are 'starttls', 'ssltls' and 'none'.`|`none`| -|`OC_EVENTS_ENDPOINT`
`NOTIFICATIONS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`NOTIFICATIONS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`NOTIFICATIONS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`NOTIFICATIONS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`NOTIFICATIONS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`NOTIFICATIONS_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`NOTIFICATIONS_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EMAIL_TEMPLATE_PATH`
`NOTIFICATIONS_EMAIL_TEMPLATE_PATH`| 1.0.0 |string|`Path to Email notification templates overriding embedded ones.`|``| -|`OC_TRANSLATION_PATH`
`NOTIFICATIONS_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|``| -|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OC_SERVICE_ACCOUNT_ID`
`NOTIFICATIONS_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`NOTIFICATIONS_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| -|`OC_PERSISTENT_STORE`
`NOTIFICATIONS_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|`nats-js-kv`| -|`OC_PERSISTENT_STORE_NODES`
`NOTIFICATIONS_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`NOTIFICATIONS_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`notifications`| -|`NOTIFICATIONS_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|``| -|`OC_PERSISTENT_STORE_TTL`
`NOTIFICATIONS_STORE_TTL`| 1.0.0 |Duration|`Time to live for notifications in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.`|`336h0m0s`| -|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`NOTIFICATIONS_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`NOTIFICATIONS_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`NOTIFICATIONS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`NOTIFICATIONS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`NOTIFICATIONS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`NOTIFICATIONS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`NOTIFICATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`NOTIFICATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`NOTIFICATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`NOTIFICATIONS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`NOTIFICATIONS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9174| +|`NOTIFICATIONS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`NOTIFICATIONS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`NOTIFICATIONS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OC_URL`
`NOTIFICATIONS_WEB_UI_URL`| 1.0.0 |string|`The public facing URL of the OpenCloud Web UI, used e.g. when sending notification eMails`|https://localhost:9200| +|`NOTIFICATIONS_SMTP_HOST`| 1.0.0 |string|`SMTP host to connect to.`|| +|`NOTIFICATIONS_SMTP_PORT`| 1.0.0 |int|`Port of the SMTP host to connect to.`|0| +|`NOTIFICATIONS_SMTP_SENDER`| 1.0.0 |string|`Sender address of emails that will be sent (e.g. 'OpenCloud '.`|| +|`NOTIFICATIONS_SMTP_USERNAME`| 1.0.0 |string|`Username for the SMTP host to connect to.`|| +|`NOTIFICATIONS_SMTP_PASSWORD`| 1.0.0 |string|`Password for the SMTP host to connect to.`|| +|`NOTIFICATIONS_SMTP_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the SMTP server.`|false| +|`NOTIFICATIONS_SMTP_AUTHENTICATION`| 1.0.0 |string|`Authentication method for the SMTP communication. Possible values are 'login', 'plain', 'crammd5', 'none' or 'auto'. If set to 'auto' or unset, the authentication method is automatically negotiated with the server.`|| +|`NOTIFICATIONS_SMTP_ENCRYPTION`| 1.0.0 |string|`Encryption method for the SMTP communication. Possible values are 'starttls', 'ssltls' and 'none'.`|none| +|`OC_EVENTS_ENDPOINT`
`NOTIFICATIONS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`NOTIFICATIONS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`NOTIFICATIONS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`NOTIFICATIONS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`NOTIFICATIONS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`NOTIFICATIONS_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`NOTIFICATIONS_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EMAIL_TEMPLATE_PATH`
`NOTIFICATIONS_EMAIL_TEMPLATE_PATH`| 1.0.0 |string|`Path to Email notification templates overriding embedded ones.`|| +|`OC_TRANSLATION_PATH`
`NOTIFICATIONS_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|| +|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OC_SERVICE_ACCOUNT_ID`
`NOTIFICATIONS_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`NOTIFICATIONS_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| +|`OC_PERSISTENT_STORE`
`NOTIFICATIONS_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|nats-js-kv| +|`OC_PERSISTENT_STORE_NODES`
`NOTIFICATIONS_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`NOTIFICATIONS_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|notifications| +|`NOTIFICATIONS_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|| +|`OC_PERSISTENT_STORE_TTL`
`NOTIFICATIONS_STORE_TTL`| 1.0.0 |Duration|`Time to live for notifications in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.`|336h0m0s| +|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`NOTIFICATIONS_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`NOTIFICATIONS_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| diff --git a/static/env-vars/notifications_readme.md b/static/env-vars/notifications_readme.md index 80953feb..1f08133d 100644 --- a/static/env-vars/notifications_readme.md +++ b/static/env-vars/notifications_readme.md @@ -1,6 +1,6 @@ --- title: Notification -date: 2025-11-27T22:56:02.33353+01:00 +date: 2025-11-11T09:16:41.111855915+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/notifications diff --git a/static/env-vars/ocdav-config-example.yaml b/static/env-vars/ocdav-config-example.yaml new file mode 100644 index 00000000..797e9ba6 --- /dev/null +++ b/static/env-vars/ocdav-config-example.yaml @@ -0,0 +1,81 @@ +# Autogenerated +# Filename: ocdav-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9163 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9350 + protocol: tcp + prefix: "" + cors: + allow_origins: + - https://localhost:9200 + allow_methods: + - OPTIONS + - HEAD + - GET + - PUT + - POST + - DELETE + - MKCOL + - PROPFIND + - PROPPATCH + - MOVE + - COPY + - REPORT + - SEARCH + allow_headers: + - Origin + - Accept + - Content-Type + - Depth + - Authorization + - Ocs-Apirequest + - If-None-Match + - If-Match + - Destination + - Overwrite + - X-Request-Id + - X-Requested-With + - Tus-Resumable + - Tus-Checksum-Algorithm + - Upload-Concat + - Upload-Length + - Upload-Metadata + - Upload-Defer-Length + - Upload-Expires + - Upload-Checksum + - Upload-Offset + - X-HTTP-Method-Override + - Cache-Control + allow_credentials: false +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +webdav_namespace: /users/{{.Id.OpaqueId}} +files_namespace: /users/{{.Id.OpaqueId}} +shares_namespace: /Shares +ocm_namespace: /public +public_url: https://localhost:9200 +insecure: false +gateway_request_timeout: 84300 +machine_auth_api_key: "" +allow_propfind_depth_infinity: false diff --git a/static/env-vars/ocdav_configvars.md b/static/env-vars/ocdav_configvars.md index 3a94a26f..75eb3295 100644 --- a/static/env-vars/ocdav_configvars.md +++ b/static/env-vars/ocdav_configvars.md @@ -1,34 +1,38 @@ Environment variables for the **ocdav** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`OCDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`OCDAV_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`OCDAV_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`OCDAV_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`OCDAV_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9163`| -|`OCDAV_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`OCDAV_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`OCDAV_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OCDAV_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9350`| -|`OCDAV_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|`tcp`| -|`OCDAV_HTTP_PREFIX`| 1.0.0 |string|`A URL path prefix for the handler.`|``| -|`OC_CORS_ALLOW_ORIGINS`
`OCDAV_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[https://localhost:9200]`| -|`OC_CORS_ALLOW_METHODS`
`OCDAV_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]`| -|`OC_CORS_ALLOW_HEADERS`
`OCDAV_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`OCDAV_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`false`| -|`OC_JWT_SECRET`
`OCDAV_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OCDAV_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`OCDAV_WEBDAV_NAMESPACE`| 1.0.0 |string|`Jail requests to /dav/webdav into this CS3 namespace. Supports template layouting with CS3 User properties.`|`/users/{{.Id.OpaqueId}}`| -|`OCDAV_FILES_NAMESPACE`| 1.0.0 |string|`Jail requests to /dav/files/{username} into this CS3 namespace. Supports template layouting with CS3 User properties.`|`/users/{{.Id.OpaqueId}}`| -|`OCDAV_SHARES_NAMESPACE`| 1.0.0 |string|`The human readable path for the share jail. Relative to a users personal space root. Upcased intentionally.`|`/Shares`| -|`OCDAV_OCM_NAMESPACE`| 1.0.0 |string|`The human readable path prefix for the ocm shares.`|`/public`| -|`OC_URL`
`OCDAV_PUBLIC_URL`| 1.0.0 |string|`URL where OpenCloud is reachable for users.`|`https://localhost:9200`| -|`OC_INSECURE`
`OCDAV_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the GATEWAY service.`|`false`| -|`OCDAV_GATEWAY_REQUEST_TIMEOUT`| 1.0.0 |int64|`Request timeout in seconds for requests from the oCDAV service to the GATEWAY service.`|`84300`| -|`OC_MACHINE_AUTH_API_KEY`
`OCDAV_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary for the access to resources from other services.`|``| -|`OC_EDITION`
`OCDAV_EDITION`| 1.0.0 |string|`Edition of OpenCloud. Used for branding purposes.`|``| -|`OCDAV_ALLOW_PROPFIND_DEPTH_INFINITY`| 1.0.0 |bool|`Allow the use of depth infinity in PROPFINDS. When enabled, a propfind will traverse through all subfolders. If many subfolders are expected, depth infinity can cause heavy server load and/or delayed response times.`|`false`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`OCDAV_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`OCDAV_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`OCDAV_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`OCDAV_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`OCDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`OCDAV_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`OCDAV_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`OCDAV_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OCDAV_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9163| +|`OCDAV_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`OCDAV_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`OCDAV_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OCDAV_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9350| +|`OCDAV_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|tcp| +|`OCDAV_HTTP_PREFIX`| 1.0.0 |string|`A URL path prefix for the handler.`|| +|`OC_CORS_ALLOW_ORIGINS`
`OCDAV_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[https://localhost:9200]| +|`OC_CORS_ALLOW_METHODS`
`OCDAV_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]| +|`OC_CORS_ALLOW_HEADERS`
`OCDAV_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]| +|`OC_CORS_ALLOW_CREDENTIALS`
`OCDAV_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|false| +|`OC_JWT_SECRET`
`OCDAV_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OCDAV_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`OCDAV_WEBDAV_NAMESPACE`| 1.0.0 |string|`Jail requests to /dav/webdav into this CS3 namespace. Supports template layouting with CS3 User properties.`|/users/{{.Id.OpaqueId}}| +|`OCDAV_FILES_NAMESPACE`| 1.0.0 |string|`Jail requests to /dav/files/{username} into this CS3 namespace. Supports template layouting with CS3 User properties.`|/users/{{.Id.OpaqueId}}| +|`OCDAV_SHARES_NAMESPACE`| 1.0.0 |string|`The human readable path for the share jail. Relative to a users personal space root. Upcased intentionally.`|/Shares| +|`OCDAV_OCM_NAMESPACE`| 1.0.0 |string|`The human readable path prefix for the ocm shares.`|/public| +|`OC_URL`
`OCDAV_PUBLIC_URL`| 1.0.0 |string|`URL where OpenCloud is reachable for users.`|https://localhost:9200| +|`OC_INSECURE`
`OCDAV_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the GATEWAY service.`|false| +|`OCDAV_GATEWAY_REQUEST_TIMEOUT`| 1.0.0 |int64|`Request timeout in seconds for requests from the oCDAV service to the GATEWAY service.`|84300| +|`OC_MACHINE_AUTH_API_KEY`
`OCDAV_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary for the access to resources from other services.`|| +|`OC_EDITION`
`OCDAV_EDITION`| 1.0.0 |string|`Edition of OpenCloud. Used for branding purposes.`|| +|`OCDAV_ALLOW_PROPFIND_DEPTH_INFINITY`| 1.0.0 |bool|`Allow the use of depth infinity in PROPFINDS. When enabled, a propfind will traverse through all subfolders. If many subfolders are expected, depth infinity can cause heavy server load and/or delayed response times.`|false| diff --git a/static/env-vars/ocdav_readme.md b/static/env-vars/ocdav_readme.md index 5b67c5f5..3afabcfd 100644 --- a/static/env-vars/ocdav_readme.md +++ b/static/env-vars/ocdav_readme.md @@ -1,6 +1,6 @@ --- title: ocDAV -date: 2025-11-27T22:56:02.333616+01:00 +date: 2025-11-11T09:16:41.111916459+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/ocdav diff --git a/static/env-vars/ocm-config-example.yaml b/static/env-vars/ocm-config-example.yaml new file mode 100644 index 00000000..a633511a --- /dev/null +++ b/static/env-vars/ocm-config-example.yaml @@ -0,0 +1,116 @@ +# Autogenerated +# Filename: ocm-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9281 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9280 + protocol: tcp + prefix: "" + cors: + allow_origins: + - https://localhost:9200 + allow_methods: + - OPTIONS + - HEAD + - GET + - PUT + - POST + - DELETE + - MKCOL + - PROPFIND + - PROPPATCH + - MOVE + - COPY + - REPORT + - SEARCH + allow_headers: + - Origin + - Accept + - Content-Type + - Depth + - Authorization + - Ocs-Apirequest + - If-None-Match + - If-Match + - Destination + - Overwrite + - X-Request-Id + - X-Requested-With + - Tus-Resumable + - Tus-Checksum-Algorithm + - Upload-Concat + - Upload-Length + - Upload-Metadata + - Upload-Defer-Length + - Upload-Expires + - Upload-Checksum + - Upload-Offset + - X-HTTP-Method-Override + - Cache-Control + allow_credentials: false +middleware: + auth: + credentials_by_user_agent: {} +grpc: + addr: 127.0.0.1:9282 + tls: null + protocol: "" +grpc_client_tls: null +service_account: + service_account_id: "" + service_account_secret: "" +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +ocmd: + prefix: ocm + expose_recipient_display_name: false +sciencemesh: + prefix: sciencemesh + science_mesh_directory_url: "" +ocm_invite_manager: + driver: json + drivers: + json: + file: /home/chaser/.opencloud/storage/ocm/ocminvites.json + token_expiration: 24h0m0s + timeout: 30s + insecure: false +ocm_provider_authorizer_driver: json +ocm_provider_authorizer_drivers: + json: + providers: /home/chaser/.opencloud/config/ocmproviders.json +ocm_share_provider: + driver: json + drivers: + json: + file: /home/chaser/.opencloud/storage/ocm/ocmshares.json + insecure: false + webapp_template: "" +ocm_core: + driver: json + drivers: + json: + file: /home/chaser/.opencloud/storage/ocm/ocmshares.json +ocm_storage_provider: + insecure: false + storage_root: /home/chaser/.opencloud/storage/ocm + data_server_url: http://localhost:9280/data diff --git a/static/env-vars/ocm_configvars.md b/static/env-vars/ocm_configvars.md index 1d65d444..51c6998d 100644 --- a/static/env-vars/ocm_configvars.md +++ b/static/env-vars/ocm_configvars.md @@ -1,56 +1,58 @@ Environment variables for the **ocm** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`OCM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`OCM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`OCM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`OCM_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`OCM_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9281`| -|`OCM_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`OCM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`OCM_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OCM_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9280`| -|`OCM_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|`tcp`| -|`OCM_HTTP_PREFIX`| 1.0.0 |string|`The path prefix where OCM can be accessed (defaults to /).`|``| -|`OC_CORS_ALLOW_ORIGINS`
`OCM_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[https://localhost:9200]`| -|`OC_CORS_ALLOW_METHODS`
`OCM_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]`| -|`OC_CORS_ALLOW_HEADERS`
`OCM_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`OCM_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`false`| -|`OCM_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9282`| -|`OC_GRPC_PROTOCOL`
`OCM_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|``| -|`OC_SERVICE_ACCOUNT_ID`
`OCM_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`OCM_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| -|`OC_EVENTS_ENDPOINT`
`OCM_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`OCM_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`OCM_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`OCM_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided OCM_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`OCM_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`OCM_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`OCM_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_JWT_SECRET`
`OCM_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OCM_OCMD_PREFIX`| 1.0.0 |string|`URL path prefix for the OCMD service. Note that the string must not start with '/'.`|`ocm`| -|`OCM_OCMD_EXPOSE_RECIPIENT_DISPLAY_NAME`| 1.0.0 |bool|`Expose the display name of OCM share recipients.`|`false`| -|`OCM_SCIENCEMESH_PREFIX`| 1.0.0 |string|`URL path prefix for the ScienceMesh service. Note that the string must not start with '/'.`|`sciencemesh`| -|`OCM_MESH_DIRECTORY_URL`| 1.0.0 |string|`URL of the mesh directory service.`|``| -|`OCM_DIRECTORY_SERVICE_URLS`| 3.5.0 |string|`Space delimited URLs of the directory services.`|``| -|`OCM_INVITE_ACCEPT_DIALOG`| 3.5.0 |string|`/open-cloud-mesh/accept-invite;The frontend URL where to land when receiving an invitation`|`/open-cloud-mesh/accept-invite`| -|`OCM_OCM_INVITE_MANAGER_DRIVER`| 1.0.0 |string|`Driver to be used to persist OCM invites. Supported value is only 'json'.`|`json`| -|`OCM_OCM_INVITE_MANAGER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM invite data will be stored. This file is maintained by the instance and must not be changed manually. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/ocm.`|`/var/lib/opencloud/storage/ocm/ocminvites.json`| -|`OCM_OCM_INVITE_MANAGER_TOKEN_EXPIRATION`| 1.0.0 |Duration|`Expiry duration for invite tokens.`|`24h0m0s`| -|`OCM_OCM_INVITE_MANAGER_TIMEOUT`| 1.0.0 |Duration|`Timeout specifies a time limit for requests made to OCM endpoints.`|`30s`| -|`OCM_OCM_INVITE_MANAGER_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the OCM connections. Do not set this in production environments.`|`false`| -|`SHARING_OCM_PROVIDER_AUTHORIZER_DRIVER`| 1.0.0 |string|`Driver to be used to persist ocm invites. Supported value is only 'json'.`|`json`| -|`OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE`| 1.0.0 |string|`Path to the JSON file where ocm invite data will be stored. Defaults to $OC_CONFIG_DIR/ocmproviders.json.`|`/etc/opencloud/ocmproviders.json`| -|`OCM_OCM_SHARE_PROVIDER_DRIVER`| 1.0.0 |string|`Driver to be used for the OCM share provider. Supported value is only 'json'.`|`json`| -|`OCM_OCM_SHAREPROVIDER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM share data will be stored. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/ocm/ocmshares.json`| -|`OCM_OCM_SHARE_PROVIDER_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the OCM connections. Do not set this in production environments.`|`false`| -|`OCM_WEBAPP_TEMPLATE`| 1.0.0 |string|`Template for the webapp url.`|``| -|`OCM_OCM_CORE_DRIVER`| 1.0.0 |string|`Driver to be used for the OCM core. Supported value is only 'json'.`|`json`| -|`OCM_OCM_CORE_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM share data will be stored. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/ocm/ocmshares.json`| -|`OCM_OCM_STORAGE_PROVIDER_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the OCM connections. Do not set this in production environments.`|`false`| -|`OCM_OCM_STORAGE_PROVIDER_STORAGE_ROOT`| 1.0.0 |string|`Directory where the ocm storage provider persists its data like tus upload info files.`|`/var/lib/opencloud/storage/ocm`| -|`OCM_OCM_STORAGE_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.`|`http://localhost:9280/data`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`OCM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`OCM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`OCM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`OCM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`OCM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`OCM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`OCM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`OCM_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OCM_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9281| +|`OCM_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`OCM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`OCM_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OCM_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9280| +|`OCM_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|tcp| +|`OCM_HTTP_PREFIX`| 1.0.0 |string|`The path prefix where OCM can be accessed (defaults to /).`|| +|`OC_CORS_ALLOW_ORIGINS`
`OCM_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[https://localhost:9200]| +|`OC_CORS_ALLOW_METHODS`
`OCM_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]| +|`OC_CORS_ALLOW_HEADERS`
`OCM_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]| +|`OC_CORS_ALLOW_CREDENTIALS`
`OCM_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|false| +|`OCM_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9282| +|`OC_GRPC_PROTOCOL`
`OCM_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|| +|`OC_SERVICE_ACCOUNT_ID`
`OCM_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`OCM_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| +|`OC_EVENTS_ENDPOINT`
`OCM_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`OCM_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`OCM_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`OCM_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided OCM_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`OCM_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`OCM_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`OCM_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_JWT_SECRET`
`OCM_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OCM_OCMD_PREFIX`| 1.0.0 |string|`URL path prefix for the OCMD service. Note that the string must not start with '/'.`|ocm| +|`OCM_OCMD_EXPOSE_RECIPIENT_DISPLAY_NAME`| 1.0.0 |bool|`Expose the display name of OCM share recipients.`|false| +|`OCM_SCIENCEMESH_PREFIX`| 1.0.0 |string|`URL path prefix for the ScienceMesh service. Note that the string must not start with '/'.`|sciencemesh| +|`OCM_MESH_DIRECTORY_URL`| 1.0.0 |string|`URL of the mesh directory service.`|| +|`OCM_OCM_INVITE_MANAGER_DRIVER`| 1.0.0 |string|`Driver to be used to persist OCM invites. Supported value is only 'json'.`|json| +|`OCM_OCM_INVITE_MANAGER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM invite data will be stored. This file is maintained by the instance and must not be changed manually. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/ocm.`|/home/chaser/.opencloud/storage/ocm/ocminvites.json| +|`OCM_OCM_INVITE_MANAGER_TOKEN_EXPIRATION`| 1.0.0 |Duration|`Expiry duration for invite tokens.`|24h0m0s| +|`OCM_OCM_INVITE_MANAGER_TIMEOUT`| 1.0.0 |Duration|`Timeout specifies a time limit for requests made to OCM endpoints.`|30s| +|`OCM_OCM_INVITE_MANAGER_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the OCM connections. Do not set this in production environments.`|false| +|`SHARING_OCM_PROVIDER_AUTHORIZER_DRIVER`| 1.0.0 |string|`Driver to be used to persist ocm invites. Supported value is only 'json'.`|json| +|`OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE`| 1.0.0 |string|`Path to the JSON file where ocm invite data will be stored. Defaults to $OC_CONFIG_DIR/ocmproviders.json.`|/home/chaser/.opencloud/config/ocmproviders.json| +|`OCM_OCM_SHARE_PROVIDER_DRIVER`| 1.0.0 |string|`Driver to be used for the OCM share provider. Supported value is only 'json'.`|json| +|`OCM_OCM_SHAREPROVIDER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM share data will be stored. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|/home/chaser/.opencloud/storage/ocm/ocmshares.json| +|`OCM_OCM_SHARE_PROVIDER_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the OCM connections. Do not set this in production environments.`|false| +|`OCM_WEBAPP_TEMPLATE`| 1.0.0 |string|`Template for the webapp url.`|| +|`OCM_OCM_CORE_DRIVER`| 1.0.0 |string|`Driver to be used for the OCM core. Supported value is only 'json'.`|json| +|`OCM_OCM_CORE_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM share data will be stored. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|/home/chaser/.opencloud/storage/ocm/ocmshares.json| +|`OCM_OCM_STORAGE_PROVIDER_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the OCM connections. Do not set this in production environments.`|false| +|`OCM_OCM_STORAGE_PROVIDER_STORAGE_ROOT`| 1.0.0 |string|`Directory where the ocm storage provider persists its data like tus upload info files.`|/home/chaser/.opencloud/storage/ocm| +|`OCM_OCM_STORAGE_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.`|http://localhost:9280/data| diff --git a/static/env-vars/ocm_readme.md b/static/env-vars/ocm_readme.md index 4910053b..e082ef26 100644 --- a/static/env-vars/ocm_readme.md +++ b/static/env-vars/ocm_readme.md @@ -1,6 +1,6 @@ --- title: OCM -date: 2025-11-27T22:56:02.333689+01:00 +date: 2025-11-11T09:16:41.111971653+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/ocm @@ -126,9 +126,8 @@ When all instances of a federation should trust each other, an `ocmproviders.jso ] ``` -:::info +::: info Note: the `domain` must not contain the protocol as it has to match the [GOCDB site object domain](https://developer.sciencemesh.io/docs/technical-documentation/central-database/#site-object). -::: The above federation consists of two instances: `cloud1.opencloud.test` and `cloud2.opencloud.test` that can use the Invitation workflow described below to generate, send and accept invitations. @@ -136,19 +135,18 @@ The above federation consists of two instances: `cloud1.opencloud.test` and `clo Before sharing a resource with a remote user this user has to be invited by the sharer. -In order to do so a POST request is sent to the `generate-invite` endpoint of the sciencemesh API. The generated token is passed on to the receiver, who will then use the `accept-invite` endpoint to accept the invitation. As a result remote users will be added to the `ocminvitemanager` on both sides. See [invitation flow](invitation-flow) for the according sequence diagram. +In order to do so a POST request is sent to the `generate-invite` endpoint of the sciencemesh API. The generated token is passed on to the receiver, who will then use the `accept-invite` endpoint to accept the invitation. As a result remote users will be added to the `ocminvitemanager` on both sides. See [invitation flow](invitation_flow) for the according sequence diagram. The data backend of the `ocminvitemanager` is configurable. The only supported backend currently is `json` which stores the data in a json file on disk. ## Creating Shares -:::info +::: info The below info is outdated as we allow creating federated shares using the graph API. Clients can now discover the available sharing roles and invite federated users using the graph API. -::: OCM Shares are currently created using the ocs API, just like regular shares. The difference is the share type, which is 6 (ShareTypeFederatedCloudShare) in this case, and a few additional parameters required for identifying the remote user. -See [Create share flow](create-share-flow) for the according sequence diagram. +See [Create share flow](create_share_flow) for the according sequence diagram. The data backends of the `ocmshareprovider` and `ocmcore` services are configurable. The only supported backend currently is `json` which stores the data in a json file on disk. diff --git a/static/env-vars/ocs-config-example.yaml b/static/env-vars/ocs-config-example.yaml new file mode 100644 index 00000000..ff512367 --- /dev/null +++ b/static/env-vars/ocs-config-example.yaml @@ -0,0 +1,54 @@ +# Autogenerated +# Filename: ocs-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9114 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9110 + root: /ocs + cors: + allow_origins: + - '*' + allow_methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + allow_headers: + - Authorization + - Origin + - Content-Type + - Accept + - X-Requested-With + - X-Request-Id + - Cache-Control + allow_credentials: true + tls: + enabled: false + cert: "" + key: "" +grpc_client_tls: null +signing_keys: + store: nats-js-kv + addresses: + - 127.0.0.1:9233 + ttl: 12h0m0s + username: "" + password: "" +token_manager: + jwt_secret: "" diff --git a/static/env-vars/ocs_configvars.md b/static/env-vars/ocs_configvars.md index acd077d8..7e87ce0e 100644 --- a/static/env-vars/ocs_configvars.md +++ b/static/env-vars/ocs_configvars.md @@ -1,27 +1,31 @@ Environment variables for the **ocs** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`OCS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`OCS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`OCS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`OCS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`OCS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9114`| -|`OCS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`OCS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`OCS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OCS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9110`| -|`OCS_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/ocs`| -|`OC_CORS_ALLOW_ORIGINS`
`OCS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[*]`| -|`OC_CORS_ALLOW_METHODS`
`OCS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[GET POST PUT PATCH DELETE OPTIONS]`| -|`OC_CORS_ALLOW_HEADERS`
`OCS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`OCS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`OC_CACHE_STORE`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE`| 1.0.0 |string|`The type of the signing key store. Supported values are: 'redis-sentinel' and 'nats-js-kv'. See the text description for details.`|`nats-js-kv`| -|`OC_CACHE_STORE_NODES`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_TTL`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL`| 1.0.0 |Duration|`Default time to live for signing keys. See the Environment Variable Types description for more details.`|`12h0m0s`| -|`OC_CACHE_AUTH_USERNAME`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_JWT_SECRET`
`OCS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`OCS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`OCS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`OCS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`OCS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`OCS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`OCS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`OCS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`OCS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OCS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9114| +|`OCS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`OCS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`OCS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OCS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9110| +|`OCS_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/ocs| +|`OC_CORS_ALLOW_ORIGINS`
`OCS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[*]| +|`OC_CORS_ALLOW_METHODS`
`OCS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[GET POST PUT PATCH DELETE OPTIONS]| +|`OC_CORS_ALLOW_HEADERS`
`OCS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control]| +|`OC_CORS_ALLOW_CREDENTIALS`
`OCS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|true| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`OC_CACHE_STORE`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE`| 1.0.0 |string|`The type of the signing key store. Supported values are: 'redis-sentinel' and 'nats-js-kv'. See the text description for details.`|nats-js-kv| +|`OC_CACHE_STORE_NODES`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_TTL`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL`| 1.0.0 |Duration|`Default time to live for signing keys. See the Environment Variable Types description for more details.`|12h0m0s| +|`OC_CACHE_AUTH_USERNAME`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_JWT_SECRET`
`OCS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| diff --git a/static/env-vars/ocs_readme.md b/static/env-vars/ocs_readme.md index fdb66cea..88b93754 100644 --- a/static/env-vars/ocs_readme.md +++ b/static/env-vars/ocs_readme.md @@ -1,6 +1,6 @@ --- title: OCS Service -date: 2025-11-27T22:56:02.333791+01:00 +date: 2025-11-11T09:16:41.112030514+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/ocs diff --git a/static/env-vars/policies-config-example.yaml b/static/env-vars/policies-config-example.yaml new file mode 100644 index 00000000..ac0e05f1 --- /dev/null +++ b/static/env-vars/policies-config-example.yaml @@ -0,0 +1,36 @@ +# Autogenerated +# Filename: policies-config-example.yaml + +grpc: + addr: 127.0.0.1:9125 + tls: null +debug: + addr: 127.0.0.1:9129 + token: "" + pprof: false + zpages: false +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +grpc_client_tls: null +log: + level: "" + pretty: false + color: false + file: "" +engine: + timeout: 10s + policies: [] + mimes: "" +postprocessing: + query: "" +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" diff --git a/static/env-vars/policies_configvars.md b/static/env-vars/policies_configvars.md index f0cdb8a3..51e90883 100644 --- a/static/env-vars/policies_configvars.md +++ b/static/env-vars/policies_configvars.md @@ -1,23 +1,27 @@ Environment variables for the **policies** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`POLICIES_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9125`| -|`POLICIES_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9129`| -|`POLICIES_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`POLICIES_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`POLICIES_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OC_EVENTS_ENDPOINT`
`POLICIES_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`POLICIES_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`POLICIES_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether the server should skip the client certificate verification during the TLS handshake.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`POLICIES_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided POLICIES_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`POLICIES_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`POLICIES_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`POLICIES_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_LOG_LEVEL`
`POLICIES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`POLICIES_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`POLICIES_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`POLICIES_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`POLICIES_ENGINE_TIMEOUT`| 1.0.0 |Duration|`Sets the timeout the rego expression evaluation can take. Rules default to deny if the timeout was reached. See the Environment Variable Types description for more details.`|`10s`| -|`POLICIES_ENGINE_MIMES`| 1.0.0 |string|`Sets the mimes file path which maps mimetypes to associated file extensions. See the text description for details.`|``| -|`POLICIES_POSTPROCESSING_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Defaults to deny if the variable was not found.`|``| +|---|---|---|---|---| +|`POLICIES_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9125| +|`POLICIES_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9129| +|`POLICIES_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`POLICIES_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`POLICIES_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OC_EVENTS_ENDPOINT`
`POLICIES_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`POLICIES_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`POLICIES_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether the server should skip the client certificate verification during the TLS handshake.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`POLICIES_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided POLICIES_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`POLICIES_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`POLICIES_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`POLICIES_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_LOG_LEVEL`
`POLICIES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`POLICIES_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`POLICIES_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`POLICIES_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`POLICIES_ENGINE_TIMEOUT`| 1.0.0 |Duration|`Sets the timeout the rego expression evaluation can take. Rules default to deny if the timeout was reached. See the Environment Variable Types description for more details.`|10s| +|`POLICIES_ENGINE_MIMES`| 1.0.0 |string|`Sets the mimes file path which maps mimetypes to associated file extensions. See the text description for details.`|| +|`POLICIES_POSTPROCESSING_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Defaults to deny if the variable was not found.`|| +|`OC_TRACING_ENABLED`
`POLICIES_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`POLICIES_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`POLICIES_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`POLICIES_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| diff --git a/static/env-vars/policies_readme.md b/static/env-vars/policies_readme.md index 6b35fd49..3e2cee25 100644 --- a/static/env-vars/policies_readme.md +++ b/static/env-vars/policies_readme.md @@ -1,6 +1,6 @@ --- title: Policies -date: 2025-11-27T22:56:02.33387+01:00 +date: 2025-11-11T09:16:41.112107899+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/policies @@ -165,7 +165,7 @@ Note that additional steps can be configured and their position in the list defi ## Rego Key Match -To identify available keys for OPA, you need to look at [engine.go](https://github.com/opencloud-eu/opencloud/blob/main/services/policies/pkg/engine/engine.go) and the [policies.swagger.json](https://github.com/opencloud-eu/opencloud/blob/master/protogen/gen/opencloud/services/policies/v0/policies.swagger.json) file. Note that which keys are available depends on from which module it is used. +To identify available keys for OPA, you need to look at [engine.go](https://github.com/opencloud-eu/opencloud/blob/main/services/policies/pkg/engine/engine.go) and the [policies.swagger.json](https://github.com/opencloud/blob/blob/master/protogen/gen/opencloud/services/policies/v0/policies.swagger.json) file. Note that which keys are available depends on from which module it is used. ## Extend Mimetype File Extension Mapping diff --git a/static/env-vars/postprocessing-config-example.yaml b/static/env-vars/postprocessing-config-example.yaml new file mode 100644 index 00000000..cf59105f --- /dev/null +++ b/static/env-vars/postprocessing-config-example.yaml @@ -0,0 +1,43 @@ +# Autogenerated +# Filename: postprocessing-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9255 + token: "" + pprof: false + zpages: false +store: + store: nats-js-kv + nodes: + - 127.0.0.1:9233 + database: postprocessing + table: "" + ttl: 0s + username: "" + password: "" +postprocessing: + events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" + max_ack_pending: 10000 + ack_wait: 1m0s + workers: 3 + steps: [] + delayprocessing: 0s + retry_backoff_duration: 5s + max_retries: 14 diff --git a/static/env-vars/postprocessing_configvars.md b/static/env-vars/postprocessing_configvars.md index aa6a1077..4142c4dd 100644 --- a/static/env-vars/postprocessing_configvars.md +++ b/static/env-vars/postprocessing_configvars.md @@ -1,33 +1,37 @@ Environment variables for the **postprocessing** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`POSTPROCESSING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`POSTPROCESSING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`POSTPROCESSING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`POSTPROCESSING_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`POSTPROCESSING_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9255`| -|`POSTPROCESSING_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`POSTPROCESSING_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`POSTPROCESSING_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`OC_PERSISTENT_STORE`
`POSTPROCESSING_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`nats-js-kv`| -|`OC_PERSISTENT_STORE_NODES`
`POSTPROCESSING_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`POSTPROCESSING_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`postprocessing`| -|`POSTPROCESSING_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|``| -|`OC_PERSISTENT_STORE_TTL`
`POSTPROCESSING_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. See the Environment Variable Types description for more details.`|`0s`| -|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`POSTPROCESSING_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`POSTPROCESSING_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_EVENTS_ENDPOINT`
`POSTPROCESSING_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`POSTPROCESSING_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`POSTPROCESSING_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether the OpenCloud server should skip the client certificate verification during the TLS handshake.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`POSTPROCESSING_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided POSTPROCESSING_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`POSTPROCESSING_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`POSTPROCESSING_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`POSTPROCESSING_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`SEARCH_EVENTS_MAX_ACK_PENDING`| 4.0.0 |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`10000`| -|`SEARCH_EVENTS_ACK_WAIT`| 4.0.0 |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`| -|`POSTPROCESSING_WORKERS`| 1.0.0 |int|`The number of concurrent go routines that fetch events from the event queue.`|`3`| -|`POSTPROCESSING_STEPS`| 1.0.0 |[]string|`A list of postprocessing steps processed in order of their appearance. Currently supported values by the system are: 'virusscan', 'policies' and 'delay'. Custom steps are allowed. See the documentation for instructions. See the Environment Variable Types description for more details.`|`[]`| -|`POSTPROCESSING_DELAY`| 1.0.0 |Duration|`After uploading a file but before making it available for download, a delay step can be added. Intended for developing purposes only. If a duration is set but the keyword 'delay' is not explicitely added to 'POSTPROCESSING_STEPS', the delay step will be processed as last step. In such a case, a log entry will be written on service startup to remind the admin about that situation. See the Environment Variable Types description for more details.`|`0s`| -|`POSTPROCESSING_RETRY_BACKOFF_DURATION`| 1.0.0 |Duration|`The base for the exponential backoff duration before retrying a failed postprocessing step. See the Environment Variable Types description for more details.`|`5s`| -|`POSTPROCESSING_MAX_RETRIES`| 1.0.0 |int|`The maximum number of retries for a failed postprocessing step.`|`14`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`POSTPROCESSING_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`POSTPROCESSING_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`POSTPROCESSING_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`POSTPROCESSING_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`POSTPROCESSING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`POSTPROCESSING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`POSTPROCESSING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`POSTPROCESSING_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`POSTPROCESSING_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9255| +|`POSTPROCESSING_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`POSTPROCESSING_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`POSTPROCESSING_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OC_PERSISTENT_STORE`
`POSTPROCESSING_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|nats-js-kv| +|`OC_PERSISTENT_STORE_NODES`
`POSTPROCESSING_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`POSTPROCESSING_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|postprocessing| +|`POSTPROCESSING_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|| +|`OC_PERSISTENT_STORE_TTL`
`POSTPROCESSING_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. See the Environment Variable Types description for more details.`|0s| +|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`POSTPROCESSING_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`POSTPROCESSING_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_EVENTS_ENDPOINT`
`POSTPROCESSING_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`POSTPROCESSING_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`POSTPROCESSING_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether the OpenCloud server should skip the client certificate verification during the TLS handshake.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`POSTPROCESSING_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided POSTPROCESSING_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`POSTPROCESSING_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`POSTPROCESSING_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`POSTPROCESSING_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`SEARCH_EVENTS_MAX_ACK_PENDING`| next |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|10000| +|`SEARCH_EVENTS_ACK_WAIT`| next |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|1m0s| +|`POSTPROCESSING_WORKERS`| 1.0.0 |int|`The number of concurrent go routines that fetch events from the event queue.`|3| +|`POSTPROCESSING_STEPS`| 1.0.0 |[]string|`A list of postprocessing steps processed in order of their appearance. Currently supported values by the system are: 'virusscan', 'policies' and 'delay'. Custom steps are allowed. See the documentation for instructions. See the Environment Variable Types description for more details.`|[]| +|`POSTPROCESSING_DELAY`| 1.0.0 |Duration|`After uploading a file but before making it available for download, a delay step can be added. Intended for developing purposes only. If a duration is set but the keyword 'delay' is not explicitely added to 'POSTPROCESSING_STEPS', the delay step will be processed as last step. In such a case, a log entry will be written on service startup to remind the admin about that situation. See the Environment Variable Types description for more details.`|0s| +|`POSTPROCESSING_RETRY_BACKOFF_DURATION`| 1.0.0 |Duration|`The base for the exponential backoff duration before retrying a failed postprocessing step. See the Environment Variable Types description for more details.`|5s| +|`POSTPROCESSING_MAX_RETRIES`| 1.0.0 |int|`The maximum number of retries for a failed postprocessing step.`|14| diff --git a/static/env-vars/postprocessing_readme.md b/static/env-vars/postprocessing_readme.md index 79e58d02..a9ae7b5a 100644 --- a/static/env-vars/postprocessing_readme.md +++ b/static/env-vars/postprocessing_readme.md @@ -1,6 +1,6 @@ --- title: Postprocessing -date: 2025-11-27T22:56:02.333978+01:00 +date: 2025-11-11T09:16:41.112195945+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/postprocessing diff --git a/static/env-vars/proxy-config-example.yaml b/static/env-vars/proxy-config-example.yaml new file mode 100644 index 00000000..37199dc1 --- /dev/null +++ b/static/env-vars/proxy-config-example.yaml @@ -0,0 +1,240 @@ +# Autogenerated +# Filename: proxy-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9205 + token: "" + pprof: false + zpages: false +http: + addr: 0.0.0.0:9200 + root: / + tls_cert: /home/chaser/.opencloud/proxy/server.crt + tls_key: /home/chaser/.opencloud/proxy/server.key + tls: true +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +grpc_client_tls: null +role_quotas: {} +policies: +- name: default + routes: + - endpoint: / + service: eu.opencloud.web.web + unprotected: true + skip_x_access_token: false + - endpoint: /.well-known/ocm + service: eu.opencloud.web.ocm + unprotected: true + skip_x_access_token: false + - endpoint: /.well-known/webfinger + service: eu.opencloud.web.webfinger + unprotected: true + skip_x_access_token: false + - endpoint: /.well-known/openid-configuration + service: eu.opencloud.web.idp + unprotected: true + skip_x_access_token: false + - endpoint: /branding/logo + service: eu.opencloud.web.web + skip_x_access_token: false + - endpoint: /konnect/ + service: eu.opencloud.web.idp + unprotected: true + skip_x_access_token: false + - endpoint: /signin/ + service: eu.opencloud.web.idp + unprotected: true + skip_x_access_token: false + - endpoint: /archiver + service: eu.opencloud.web.frontend + skip_x_access_token: false + - endpoint: /ocs/v2.php/apps/notifications/api/v1/notifications/sse + service: eu.opencloud.sse.sse + skip_x_access_token: false + - endpoint: /ocs/v2.php/apps/notifications/api/v1/notifications + service: eu.opencloud.web.userlog + skip_x_access_token: false + - type: regex + endpoint: /ocs/v[12].php/cloud/user/signing-key + service: eu.opencloud.web.ocs + skip_x_access_token: false + - type: regex + endpoint: /ocs/v[12].php/config + service: eu.opencloud.web.frontend + unprotected: true + skip_x_access_token: false + - endpoint: /sciencemesh/ + service: eu.opencloud.web.ocm + skip_x_access_token: false + - endpoint: /ocm/ + service: eu.opencloud.web.ocm + skip_x_access_token: false + - endpoint: /ocs/ + service: eu.opencloud.web.frontend + skip_x_access_token: false + - type: query + endpoint: /remote.php/?preview=1 + service: eu.opencloud.web.webdav + skip_x_access_token: false + - type: regex + method: REPORT + endpoint: (/remote.php)?/(web)?dav + service: eu.opencloud.web.webdav + skip_x_access_token: false + - type: query + endpoint: /dav/?preview=1 + service: eu.opencloud.web.webdav + skip_x_access_token: false + - type: query + endpoint: /webdav/?preview=1 + service: eu.opencloud.web.webdav + skip_x_access_token: false + - endpoint: /remote.php/ + service: eu.opencloud.web.ocdav + skip_x_access_token: false + - endpoint: /dav/ + service: eu.opencloud.web.ocdav + skip_x_access_token: false + - endpoint: /webdav/ + service: eu.opencloud.web.ocdav + skip_x_access_token: false + - endpoint: /status + service: eu.opencloud.web.ocdav + unprotected: true + skip_x_access_token: false + - endpoint: /status.php + service: eu.opencloud.web.ocdav + unprotected: true + skip_x_access_token: false + - endpoint: /index.php/ + service: eu.opencloud.web.ocdav + skip_x_access_token: false + - endpoint: /apps/ + service: eu.opencloud.web.ocdav + skip_x_access_token: false + - endpoint: /data + service: eu.opencloud.web.frontend + unprotected: true + skip_x_access_token: false + - endpoint: /app/list + service: eu.opencloud.web.frontend + unprotected: true + skip_x_access_token: false + - endpoint: /app/ + service: eu.opencloud.web.frontend + skip_x_access_token: false + - endpoint: /graph/v1beta1/extensions/org.libregraph/activities + service: eu.opencloud.web.activitylog + skip_x_access_token: false + - endpoint: /graph/v1.0/invitations + service: eu.opencloud.web.invitations + skip_x_access_token: false + - endpoint: /graph/ + service: eu.opencloud.web.graph + skip_x_access_token: false + - endpoint: /api/v0/settings + service: eu.opencloud.web.settings + skip_x_access_token: false + - endpoint: /auth-app/tokens + service: eu.opencloud.web.auth-app + skip_x_access_token: false + - endpoint: /wopi + service: eu.opencloud.web.collaboration + unprotected: true + skip_x_access_token: true +additional_policies: [] +oidc: + issuer: https://localhost:9200 + insecure: false + access_token_verify_method: jwt + skip_user_info: false + user_info_cache: + store: memory + addresses: + - 127.0.0.1:9233 + database: cache-userinfo + table: "" + ttl: 10s + disable_persistence: false + username: "" + password: "" + jwks: + refresh_interval: 60 + refresh_timeout: 10 + refresh_limit: 60 + refresh_unknown_kid: true + rewrite_well_known: false +service_account: + service_account_id: "" + service_account_secret: "" +role_assignment: + driver: default + oidc_role_mapper: + role_claim: roles + role_mapping: + - role_name: admin + claim_value: opencloudAdmin + - role_name: spaceadmin + claim_value: opencloudSpaceAdmin + - role_name: user + claim_value: opencloudUser + - role_name: user-light + claim_value: opencloudGuest +policy_selector: + static: + policy: default + claims: null + regex: null +pre_signed_url: + allowed_http_methods: + - GET + enabled: true + signing_keys: + store: nats-js-kv + addresses: + - 127.0.0.1:9233 + ttl: 12h0m0s + disable_persistence: true + username: "" + password: "" +account_backend: cs3 +user_oidc_claim: preferred_username +user_cs3_claim: username +machine_auth_api_key: "" +auto_provision_accounts: false +auto_provision_claims: + username: preferred_username + email: email + display_name: name + groups: groups +enable_basic_auth: false +insecure_backends: false +backend_https_cacert: "" +auth_middleware: + credentials_by_user_agent: {} + allow_app_auth: true +policies_middleware: + query: "" +csp_config_file_location: "" +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" diff --git a/static/env-vars/proxy_configvars.md b/static/env-vars/proxy_configvars.md index f55923ef..849c1284 100644 --- a/static/env-vars/proxy_configvars.md +++ b/static/env-vars/proxy_configvars.md @@ -1,71 +1,74 @@ Environment variables for the **proxy** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`PROXY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`PROXY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`PROXY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`PROXY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`PROXY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9205`| -|`PROXY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`PROXY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`PROXY_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`PROXY_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`0.0.0.0:9200`| -|`PROXY_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`PROXY_TRANSPORT_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|`/var/lib/opencloud/proxy/server.crt`| -|`PROXY_TRANSPORT_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|`/var/lib/opencloud/proxy/server.key`| -|`PROXY_TLS`| 1.0.0 |bool|`Enable/Disable HTTPS for external HTTP services. Must be set to 'true' if the built-in IDP service an no reverse proxy is used. See the text description for details.`|`true`| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OC_URL`
`OC_OIDC_ISSUER`
`PROXY_OIDC_ISSUER`| 1.0.0 |string|`URL of the OIDC issuer. It defaults to URL of the builtin IDP.`|`https://localhost:9200`| -|`OC_INSECURE`
`PROXY_OIDC_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for connections to the IDP. Note that this is not recommended for production environments.`|`false`| -|`PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD`| 1.0.0 |string|`Sets how OIDC access tokens should be verified. Possible values are 'none' and 'jwt'. When using 'none', no special validation apart from using it for accessing the IDP's userinfo endpoint will be done. When using 'jwt', it tries to parse the access token as a jwt token and verifies the signature using the keys published on the IDP's 'jwks_uri'.`|`jwt`| -|`PROXY_OIDC_SKIP_USER_INFO`| 1.0.0 |bool|`Do not look up user claims at the userinfo endpoint and directly read them from the access token. Incompatible with 'PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none'.`|`false`| -|`OC_CACHE_STORE`
`PROXY_OIDC_USERINFO_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`memory`| -|`OC_CACHE_STORE_NODES`
`PROXY_OIDC_USERINFO_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`cache-userinfo`| -|`PROXY_OIDC_USERINFO_CACHE_TABLE`| 1.0.0 |string|`The database table the store should use.`|``| -|`OC_CACHE_TTL`
`PROXY_OIDC_USERINFO_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|`10s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`PROXY_OIDC_USERINFO_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|`false`| -|`OC_CACHE_AUTH_USERNAME`
`PROXY_OIDC_USERINFO_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`PROXY_OIDC_USERINFO_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|``| -|`PROXY_OIDC_JWKS_REFRESH_INTERVAL`| 1.0.0 |uint64|`The interval for refreshing the JWKS (JSON Web Key Set) in minutes in the background via a new HTTP request to the IDP.`|`60`| -|`PROXY_OIDC_JWKS_REFRESH_TIMEOUT`| 1.0.0 |uint64|`The timeout in seconds for an outgoing JWKS request.`|`10`| -|`PROXY_OIDC_JWKS_REFRESH_RATE_LIMIT`| 1.0.0 |uint64|`Limits the rate in seconds at which refresh requests are performed for unknown keys. This is used to prevent malicious clients from imposing high network load on the IDP via OpenCloud.`|`60`| -|`PROXY_OIDC_JWKS_REFRESH_UNKNOWN_KID`| 1.0.0 |bool|`If set to 'true', the JWKS refresh request will occur every time an unknown KEY ID (KID) is seen. Always set a 'refresh_limit' when enabling this.`|`true`| -|`PROXY_OIDC_REWRITE_WELLKNOWN`| 1.0.0 |bool|`Enables rewriting the /.well-known/openid-configuration to the configured OIDC issuer. Needed by the Desktop Client, Android Client and iOS Client to discover the OIDC provider.`|`false`| -|`OC_SERVICE_ACCOUNT_ID`
`PROXY_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`PROXY_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| -|`PROXY_ROLE_ASSIGNMENT_DRIVER`| 1.0.0 |string|`The mechanism that should be used to assign roles to user upon login. Supported values: 'default' or 'oidc'. 'default' will assign the role 'user' to users which don't have a role assigned at the time they login. 'oidc' will assign the role based on the value of a claim (configured via PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM) from the users OIDC claims.`|`default`| -|`PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM`| 1.0.0 |string|`The OIDC claim used to create the users role assignment.`|`roles`| -|`PROXY_ENABLE_PRESIGNEDURLS`| 1.0.0 |bool|`Allow OCS to get a signing key to sign requests.`|`true`| -|`OC_CACHE_STORE`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE`| 1.0.0 |string|`The type of the signing key store. Supported values are: 'redis-sentinel', 'nats-js-kv' and 'opencloudstoreservice' (deprecated). See the text description for details.`|`nats-js-kv`| -|`OC_CACHE_STORE_NODES`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_TTL`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL`| 1.0.0 |Duration|`Default time to live for signing keys. See the Environment Variable Types description for more details.`|`12h0m0s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the store. Only applies when store type 'nats-js-kv' is configured. Defaults to true.`|`true`| -|`OC_CACHE_AUTH_USERNAME`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`PROXY_ACCOUNT_BACKEND_TYPE`| 1.0.0 |string|`Account backend the PROXY service should use. Currently only 'cs3' is possible here.`|`cs3`| -|`PROXY_USER_OIDC_CLAIM`| 1.0.0 |string|`The name of an OpenID Connect claim that is used for resolving users with the account backend. The value of the claim must hold a per user unique, stable and non re-assignable identifier. The availability of claims depends on your Identity Provider. There are common claims available for most Identity providers like 'email' or 'preferred_username' but you can also add your own claim.`|`preferred_username`| -|`PROXY_USER_CS3_CLAIM`| 1.0.0 |string|`The name of a CS3 user attribute (claim) that should be mapped to the 'user_oidc_claim'. Supported values are 'username', 'mail' and 'userid'.`|`username`| -|`OC_MACHINE_AUTH_API_KEY`
`PROXY_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary to access resources from other services.`|``| -|`PROXY_AUTOPROVISION_ACCOUNTS`| 1.0.0 |bool|`Set this to 'true' to automatically provision users that do not yet exist in the users service on-demand upon first sign-in. To use this a write-enabled libregraph user backend needs to be setup an running.`|`false`| -|`PROXY_AUTOPROVISION_CLAIM_USERNAME`| 1.0.0 |string|`The name of the OIDC claim that holds the username.`|`preferred_username`| -|`PROXY_AUTOPROVISION_CLAIM_EMAIL`| 1.0.0 |string|`The name of the OIDC claim that holds the email.`|`email`| -|`PROXY_AUTOPROVISION_CLAIM_DISPLAYNAME`| 1.0.0 |string|`The name of the OIDC claim that holds the display name.`|`name`| -|`PROXY_AUTOPROVISION_CLAIM_GROUPS`| 1.0.0 |string|`The name of the OIDC claim that holds the groups.`|`groups`| -|`PROXY_ENABLE_BASIC_AUTH`| 1.0.0 |bool|`Set this to true to enable 'basic authentication' (username/password).`|`false`| -|`PROXY_INSECURE_BACKENDS`| 1.0.0 |bool|`Disable TLS certificate validation for all HTTP backend connections.`|`false`| -|`PROXY_HTTPS_CACERT`| 1.0.0 |string|`Path/File for the root CA certificate used to validate the server’s TLS certificate for https enabled backend services.`|``| -|`PROXY_ENABLE_APP_AUTH`| 1.0.0 |bool|`Allow app authentication. This can be used to authenticate 3rd party applications. Note that auth-app service must be running for this feature to work.`|`true`| -|`PROXY_POLICIES_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Rules default to deny if the variable was not found.`|``| -|`PROXY_CSP_CONFIG_FILE_LOCATION`| 1.0.0 |string|`The location of the CSP configuration file.`|``| -|`PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION`| 4.0.0 |string|`The location of the CSP configuration file override.`|``| -|`OC_EVENTS_ENDPOINT`
`PROXY_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`PROXY_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`opencloud-cluster`| -|`OC_INSECURE`
`PROXY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`PROXY_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`PROXY_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`PROXY_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`PROXY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`PROXY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`PROXY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`PROXY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`PROXY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`PROXY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`PROXY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`PROXY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`PROXY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9205| +|`PROXY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`PROXY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`PROXY_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`PROXY_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|0.0.0.0:9200| +|`PROXY_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`PROXY_TRANSPORT_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|/home/chaser/.opencloud/proxy/server.crt| +|`PROXY_TRANSPORT_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|/home/chaser/.opencloud/proxy/server.key| +|`PROXY_TLS`| 1.0.0 |bool|`Enable/Disable HTTPS for external HTTP services. Must be set to 'true' if the built-in IDP service an no reverse proxy is used. See the text description for details.`|true| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OC_URL`
`OC_OIDC_ISSUER`
`PROXY_OIDC_ISSUER`| 1.0.0 |string|`URL of the OIDC issuer. It defaults to URL of the builtin IDP.`|https://localhost:9200| +|`OC_INSECURE`
`PROXY_OIDC_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for connections to the IDP. Note that this is not recommended for production environments.`|false| +|`PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD`| 1.0.0 |string|`Sets how OIDC access tokens should be verified. Possible values are 'none' and 'jwt'. When using 'none', no special validation apart from using it for accessing the IDP's userinfo endpoint will be done. When using 'jwt', it tries to parse the access token as a jwt token and verifies the signature using the keys published on the IDP's 'jwks_uri'.`|jwt| +|`PROXY_OIDC_SKIP_USER_INFO`| 1.0.0 |bool|`Do not look up user claims at the userinfo endpoint and directly read them from the access token. Incompatible with 'PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none'.`|false| +|`OC_CACHE_STORE`
`PROXY_OIDC_USERINFO_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|memory| +|`OC_CACHE_STORE_NODES`
`PROXY_OIDC_USERINFO_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|cache-userinfo| +|`PROXY_OIDC_USERINFO_CACHE_TABLE`| 1.0.0 |string|`The database table the store should use.`|| +|`OC_CACHE_TTL`
`PROXY_OIDC_USERINFO_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|10s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`PROXY_OIDC_USERINFO_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|false| +|`OC_CACHE_AUTH_USERNAME`
`PROXY_OIDC_USERINFO_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`PROXY_OIDC_USERINFO_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|| +|`PROXY_OIDC_JWKS_REFRESH_INTERVAL`| 1.0.0 |uint64|`The interval for refreshing the JWKS (JSON Web Key Set) in minutes in the background via a new HTTP request to the IDP.`|60| +|`PROXY_OIDC_JWKS_REFRESH_TIMEOUT`| 1.0.0 |uint64|`The timeout in seconds for an outgoing JWKS request.`|10| +|`PROXY_OIDC_JWKS_REFRESH_RATE_LIMIT`| 1.0.0 |uint64|`Limits the rate in seconds at which refresh requests are performed for unknown keys. This is used to prevent malicious clients from imposing high network load on the IDP via OpenCloud.`|60| +|`PROXY_OIDC_JWKS_REFRESH_UNKNOWN_KID`| 1.0.0 |bool|`If set to 'true', the JWKS refresh request will occur every time an unknown KEY ID (KID) is seen. Always set a 'refresh_limit' when enabling this.`|true| +|`PROXY_OIDC_REWRITE_WELLKNOWN`| 1.0.0 |bool|`Enables rewriting the /.well-known/openid-configuration to the configured OIDC issuer. Needed by the Desktop Client, Android Client and iOS Client to discover the OIDC provider.`|false| +|`OC_SERVICE_ACCOUNT_ID`
`PROXY_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`PROXY_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| +|`PROXY_ROLE_ASSIGNMENT_DRIVER`| 1.0.0 |string|`The mechanism that should be used to assign roles to user upon login. Supported values: 'default' or 'oidc'. 'default' will assign the role 'user' to users which don't have a role assigned at the time they login. 'oidc' will assign the role based on the value of a claim (configured via PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM) from the users OIDC claims.`|default| +|`PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM`| 1.0.0 |string|`The OIDC claim used to create the users role assignment.`|roles| +|`PROXY_ENABLE_PRESIGNEDURLS`| 1.0.0 |bool|`Allow OCS to get a signing key to sign requests.`|true| +|`OC_CACHE_STORE`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE`| 1.0.0 |string|`The type of the signing key store. Supported values are: 'redis-sentinel', 'nats-js-kv' and 'opencloudstoreservice' (deprecated). See the text description for details.`|nats-js-kv| +|`OC_CACHE_STORE_NODES`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_TTL`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL`| 1.0.0 |Duration|`Default time to live for signing keys. See the Environment Variable Types description for more details.`|12h0m0s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the store. Only applies when store type 'nats-js-kv' is configured. Defaults to true.`|true| +|`OC_CACHE_AUTH_USERNAME`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`PROXY_ACCOUNT_BACKEND_TYPE`| 1.0.0 |string|`Account backend the PROXY service should use. Currently only 'cs3' is possible here.`|cs3| +|`PROXY_USER_OIDC_CLAIM`| 1.0.0 |string|`The name of an OpenID Connect claim that is used for resolving users with the account backend. The value of the claim must hold a per user unique, stable and non re-assignable identifier. The availability of claims depends on your Identity Provider. There are common claims available for most Identity providers like 'email' or 'preferred_username' but you can also add your own claim.`|preferred_username| +|`PROXY_USER_CS3_CLAIM`| 1.0.0 |string|`The name of a CS3 user attribute (claim) that should be mapped to the 'user_oidc_claim'. Supported values are 'username', 'mail' and 'userid'.`|username| +|`OC_MACHINE_AUTH_API_KEY`
`PROXY_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary to access resources from other services.`|| +|`PROXY_AUTOPROVISION_ACCOUNTS`| 1.0.0 |bool|`Set this to 'true' to automatically provision users that do not yet exist in the users service on-demand upon first sign-in. To use this a write-enabled libregraph user backend needs to be setup an running.`|false| +|`PROXY_AUTOPROVISION_CLAIM_USERNAME`| 1.0.0 |string|`The name of the OIDC claim that holds the username.`|preferred_username| +|`PROXY_AUTOPROVISION_CLAIM_EMAIL`| 1.0.0 |string|`The name of the OIDC claim that holds the email.`|email| +|`PROXY_AUTOPROVISION_CLAIM_DISPLAYNAME`| 1.0.0 |string|`The name of the OIDC claim that holds the display name.`|name| +|`PROXY_AUTOPROVISION_CLAIM_GROUPS`| 1.0.0 |string|`The name of the OIDC claim that holds the groups.`|groups| +|`PROXY_ENABLE_BASIC_AUTH`| 1.0.0 |bool|`Set this to true to enable 'basic authentication' (username/password).`|false| +|`PROXY_INSECURE_BACKENDS`| 1.0.0 |bool|`Disable TLS certificate validation for all HTTP backend connections.`|false| +|`PROXY_HTTPS_CACERT`| 1.0.0 |string|`Path/File for the root CA certificate used to validate the server’s TLS certificate for https enabled backend services.`|| +|`PROXY_ENABLE_APP_AUTH`| 1.0.0 |bool|`Allow app authentication. This can be used to authenticate 3rd party applications. Note that auth-app service must be running for this feature to work.`|true| +|`PROXY_POLICIES_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Rules default to deny if the variable was not found.`|| +|`PROXY_CSP_CONFIG_FILE_LOCATION`| 1.0.0 |string|`The location of the CSP configuration file.`|| +|`OC_EVENTS_ENDPOINT`
`PROXY_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`PROXY_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|opencloud-cluster| +|`OC_INSECURE`
`PROXY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`PROXY_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`PROXY_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`PROXY_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/proxy_readme.md b/static/env-vars/proxy_readme.md index 0c1101b0..135b70b2 100644 --- a/static/env-vars/proxy_readme.md +++ b/static/env-vars/proxy_readme.md @@ -1,6 +1,6 @@ --- title: Proxy -date: 2025-11-27T22:56:02.334185+01:00 +date: 2025-11-11T09:16:41.112305511+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/proxy diff --git a/static/env-vars/search-config-example.yaml b/static/env-vars/search-config-example.yaml new file mode 100644 index 00000000..e7ead717 --- /dev/null +++ b/static/env-vars/search-config-example.yaml @@ -0,0 +1,78 @@ +# Autogenerated +# Filename: search-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9224 + token: "" + pprof: false + zpages: false +grpc: + disabled: false + addr: 127.0.0.1:9220 + tls: null +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +grpc_client_tls: null +events: + disabled: false + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + async_uploads: true + num_consumers: 1 + debounce_duration: 1000 + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" + max_ack_pending: 1000 + ack_wait: 1m0s +engine: + type: bleve + bleve: + data_path: /home/chaser/.opencloud/search + open_search: + client: + addresses: [] + username: "" + password: "" + header: {} + ca_cert: [] + retry_on_status: [] + disable_retry: false + enable_retry_on_timeout: false + max_retries: 0 + compress_request_body: false + discover_nodes_on_start: false + discover_nodes_interval: 0s + enable_metrics: false + enable_debug_logger: false + insecure: false + resource_index: + name: opencloud-resource +extractor: + type: basic + cs3_allow_insecure: false + tika: + tika_url: http://127.0.0.1:9998 + clean_stop_words: true +content_extraction_size_limit: 20971520 +batch_size: 500 +service_account: + service_account_id: "" + service_account_secret: "" diff --git a/static/env-vars/search_configvars.md b/static/env-vars/search_configvars.md index 82af749f..ffabbac5 100644 --- a/static/env-vars/search_configvars.md +++ b/static/env-vars/search_configvars.md @@ -1,57 +1,61 @@ Environment variables for the **search** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`SEARCH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`SEARCH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`SEARCH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`SEARCH_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`SEARCH_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9224`| -|`SEARCH_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`SEARCH_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`SEARCH_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`SEARCH_GRPC_DISABLED`| 4.0.0 |bool|`Disables the GRPC service. Set this to true if the service should only handle events.`|`false`| -|`SEARCH_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9220`| -|`OC_JWT_SECRET`
`SEARCH_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`SEARCH_EVENTS_DISABLED`| 4.0.0 |bool|`Disables listening for events. Set this to true if the service should only handle GRPC requests.`|`false`| -|`OC_EVENTS_ENDPOINT`
`SEARCH_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`SEARCH_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_ASYNC_UPLOADS`
`SEARCH_EVENTS_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|`true`| -|`SEARCH_EVENTS_NUM_CONSUMERS`| 1.0.0 |int|`The amount of concurrent event consumers to start. Event consumers are used for searching files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands.`|`1`| -|`SEARCH_EVENTS_REINDEX_DEBOUNCE_DURATION`| 1.0.0 |int|`The duration in milliseconds the reindex debouncer waits before triggering a reindex of a space that was modified.`|`1000`| -|`OC_INSECURE`
`SEARCH_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`SEARCH_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided SEARCH_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`SEARCH_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`SEARCH_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`SEARCH_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`SEARCH_EVENTS_MAX_ACK_PENDING`| 4.0.0 |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`1000`| -|`SEARCH_EVENTS_ACK_WAIT`| 4.0.0 |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`| -|`SEARCH_ENGINE_TYPE`| 1.0.0 |string|`Defines which search engine to use. Defaults to 'bleve'. Supported values are: 'bleve'.`|`bleve`| -|`SEARCH_ENGINE_BLEVE_DATA_PATH`| 1.0.0 |string|`The directory where the filesystem will store search data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/search.`|`/var/lib/opencloud/search`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ADDRESSES`| 4.0.0 |[]string|`The addresses of the OpenSearch nodes..`|`[]`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_USERNAME`| 4.0.0 |string|`Username for HTTP Basic Authentication.`|``| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_PASSWORD`| 4.0.0 |string|`Password for HTTP Basic Authentication.`|``| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_HEADER`| 4.0.0 |Header|`HTTP headers to include in requests.`|`map[]`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_CA_CERT`| 4.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the opensearch server.`|``| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_RETRY_ON_STATUS`| 4.0.0 |[]int|`HTTP status codes that trigger a retry.`|`[]`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISABLE_RETRY`| 4.0.0 |bool|`Disable retries on errors.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_RETRY_ON_TIMEOUT`| 4.0.0 |bool|`Enable retries on timeout.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_MAX_RETRIES`| 4.0.0 |int|`Maximum number of retries for requests.`|`0`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_COMPRESS_REQUEST_BODY`| 4.0.0 |bool|`Compress request bodies.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_ON_START`| 4.0.0 |bool|`Discover nodes on service start.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_INTERVAL`| 4.0.0 |Duration|`Interval for discovering nodes.`|`0s`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_METRICS`| 4.0.0 |bool|`Enable metrics collection.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_DEBUG_LOGGER`| 4.0.0 |bool|`Enable debug logging.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_INSECURE`| 4.0.0 |bool|`Skip TLS certificate verification.`|`false`| -|`SEARCH_ENGINE_OPEN_SEARCH_RESOURCE_INDEX_NAME`| 4.0.0 |string|`The name of the OpenSearch index for resources.`|`opencloud-resource`| -|`SEARCH_EXTRACTOR_TYPE`| 1.0.0 |string|`Defines the content extraction engine. Defaults to 'basic'. Supported values are: 'basic' and 'tika'.`|`basic`| -|`OC_INSECURE`
`SEARCH_EXTRACTOR_CS3SOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the CS3 source.`|`false`| -|`SEARCH_EXTRACTOR_TIKA_TIKA_URL`| 1.0.0 |string|`URL of the tika server.`|`http://127.0.0.1:9998`| -|`SEARCH_EXTRACTOR_TIKA_CLEAN_STOP_WORDS`| 1.0.0 |bool|`Defines if stop words should be cleaned or not. See the documentation for more details.`|`true`| -|`SEARCH_CONTENT_EXTRACTION_SIZE_LIMIT`| 1.0.0 |uint64|`Maximum file size in bytes that is allowed for content extraction.`|`20971520`| -|`SEARCH_BATCH_SIZE`| 1.0.0 |int|`The number of documents to process in a single batch. Defaults to 500.`|`500`| -|`OC_SERVICE_ACCOUNT_ID`
`SEARCH_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`SEARCH_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`SEARCH_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`SEARCH_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`SEARCH_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`SEARCH_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`SEARCH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`SEARCH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`SEARCH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`SEARCH_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`SEARCH_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9224| +|`SEARCH_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`SEARCH_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`SEARCH_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`SEARCH_GRPC_DISABLED`| next |bool|`Disables the GRPC service. Set this to true if the service should only handle events.`|false| +|`SEARCH_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9220| +|`OC_JWT_SECRET`
`SEARCH_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`SEARCH_EVENTS_DISABLED`| next |bool|`Disables listening for events. Set this to true if the service should only handle GRPC requests.`|false| +|`OC_EVENTS_ENDPOINT`
`SEARCH_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`SEARCH_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_ASYNC_UPLOADS`
`SEARCH_EVENTS_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|true| +|`SEARCH_EVENTS_NUM_CONSUMERS`| 1.0.0 |int|`The amount of concurrent event consumers to start. Event consumers are used for searching files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands.`|1| +|`SEARCH_EVENTS_REINDEX_DEBOUNCE_DURATION`| 1.0.0 |int|`The duration in milliseconds the reindex debouncer waits before triggering a reindex of a space that was modified.`|1000| +|`OC_INSECURE`
`SEARCH_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`SEARCH_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided SEARCH_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`SEARCH_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`SEARCH_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`SEARCH_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`SEARCH_EVENTS_MAX_ACK_PENDING`| next |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|1000| +|`SEARCH_EVENTS_ACK_WAIT`| next |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|1m0s| +|`SEARCH_ENGINE_TYPE`| 1.0.0 |string|`Defines which search engine to use. Defaults to 'bleve'. Supported values are: 'bleve'.`|bleve| +|`SEARCH_ENGINE_BLEVE_DATA_PATH`| 1.0.0 |string|`The directory where the filesystem will store search data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/search.`|/home/chaser/.opencloud/search| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ADDRESSES`| next |[]string|`The addresses of the OpenSearch nodes..`|[]| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_USERNAME`| next |string|`Username for HTTP Basic Authentication.`|| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_PASSWORD`| next |string|`Password for HTTP Basic Authentication.`|| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_HEADER`| next |Header|`HTTP headers to include in requests.`|map[]| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_CA_CERT`| next |[]uint8|`CA certificate for TLS connections.`|[]| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_RETRY_ON_STATUS`| next |[]int|`HTTP status codes that trigger a retry.`|[]| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISABLE_RETRY`| next |bool|`Disable retries on errors.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_RETRY_ON_TIMEOUT`| next |bool|`Enable retries on timeout.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_MAX_RETRIES`| next |int|`Maximum number of retries for requests.`|0| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_COMPRESS_REQUEST_BODY`| next |bool|`Compress request bodies.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_ON_START`| next |bool|`Discover nodes on service start.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_INTERVAL`| next |Duration|`Interval for discovering nodes.`|0s| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_METRICS`| next |bool|`Enable metrics collection.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_DEBUG_LOGGER`| next |bool|`Enable debug logging.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_INSECURE`| next |bool|`Skip TLS certificate verification.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_RESOURCE_INDEX_NAME`| next |string|`The name of the OpenSearch index for resources.`|opencloud-resource| +|`SEARCH_EXTRACTOR_TYPE`| 1.0.0 |string|`Defines the content extraction engine. Defaults to 'basic'. Supported values are: 'basic' and 'tika'.`|basic| +|`OC_INSECURE`
`SEARCH_EXTRACTOR_CS3SOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the CS3 source.`|false| +|`SEARCH_EXTRACTOR_TIKA_TIKA_URL`| 1.0.0 |string|`URL of the tika server.`|http://127.0.0.1:9998| +|`SEARCH_EXTRACTOR_TIKA_CLEAN_STOP_WORDS`| 1.0.0 |bool|`Defines if stop words should be cleaned or not. See the documentation for more details.`|true| +|`SEARCH_CONTENT_EXTRACTION_SIZE_LIMIT`| 1.0.0 |uint64|`Maximum file size in bytes that is allowed for content extraction.`|20971520| +|`SEARCH_BATCH_SIZE`| 1.0.0 |int|`The number of documents to process in a single batch. Defaults to 500.`|500| +|`OC_SERVICE_ACCOUNT_ID`
`SEARCH_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`SEARCH_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| diff --git a/static/env-vars/search_readme.md b/static/env-vars/search_readme.md index c5eb90f8..23d71ae5 100644 --- a/static/env-vars/search_readme.md +++ b/static/env-vars/search_readme.md @@ -1,6 +1,6 @@ --- title: Search -date: 2025-11-27T22:56:02.334322+01:00 +date: 2025-11-11T09:16:41.112426278+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/search diff --git a/static/env-vars/settings-config-example.yaml b/static/env-vars/settings-config-example.yaml new file mode 100644 index 00000000..f4f73338 --- /dev/null +++ b/static/env-vars/settings-config-example.yaml @@ -0,0 +1,73 @@ +# Autogenerated +# Filename: settings-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9194 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9190 + tls: + enabled: false + cert: "" + key: "" + root: / + cors: + allow_origins: + - '*' + allow_methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + allow_headers: + - Authorization + - Origin + - Content-Type + - Accept + - X-Requested-With + - X-Request-Id + allow_credentials: true +grpc: + addr: 127.0.0.1:9191 + tls: null +grpc_client_tls: null +metadata_config: + gateway_addr: eu.opencloud.api.storage-system + storage_addr: eu.opencloud.api.storage-system + system_user_id: "" + system_user_idp: internal + system_user_api_key: "" + cache: + store: memory + addresses: + - 127.0.0.1:9233 + database: settings-cache + files_table: settings_files + directories_table: settings_dirs + ttl: 10m0s + disable_persistence: false + username: "" + password: "" +bundles_path: "" +admin_user_id: "" +token_manager: + jwt_secret: "" +set_default_assignments: false +service_account_ids: +- service-user-id +default_language: "" +translation_path: "" diff --git a/static/env-vars/settings_configvars.md b/static/env-vars/settings_configvars.md index 11531d2c..a4758dd9 100644 --- a/static/env-vars/settings_configvars.md +++ b/static/env-vars/settings_configvars.md @@ -1,43 +1,47 @@ Environment variables for the **settings** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`SETTINGS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`SETTINGS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`SETTINGS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`SETTINGS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`SETTINGS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9194`| -|`SETTINGS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`SETTINGS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`SETTINGS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`SETTINGS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9190`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`SETTINGS_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`OC_CORS_ALLOW_ORIGINS`
`SETTINGS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[*]`| -|`OC_CORS_ALLOW_METHODS`
`SETTINGS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[GET POST PUT PATCH DELETE OPTIONS]`| -|`OC_CORS_ALLOW_HEADERS`
`SETTINGS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`SETTINGS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| -|`SETTINGS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9191`| -|`SETTINGS_STORAGE_GATEWAY_GRPC_ADDR`
`STORAGE_GATEWAY_GRPC_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`SETTINGS_STORAGE_GRPC_ADDR`
`STORAGE_GRPC_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`OC_SYSTEM_USER_ID`
`SETTINGS_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_IDP`
`SETTINGS_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| -|`OC_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`OC_CACHE_STORE`
`SETTINGS_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`memory`| -|`OC_CACHE_STORE_NODES`
`SETTINGS_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`settings-cache`| -|`SETTINGS_FILE_CACHE_TABLE`| 1.0.0 |string|`The database table the store should use for the file cache.`|`settings_files`| -|`SETTINGS_DIRECTORY_CACHE_TABLE`| 1.0.0 |string|`The database table the store should use for the directory cache.`|`settings_dirs`| -|`OC_CACHE_TTL`
`SETTINGS_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for entries in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|`10m0s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`SETTINGS_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|`false`| -|`OC_CACHE_AUTH_USERNAME`
`SETTINGS_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`SETTINGS_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|``| -|`SETTINGS_BUNDLES_PATH`| 1.0.0 |string|`The path to a JSON file with a list of bundles. If not defined, the default bundles will be loaded.`|``| -|`OC_ADMIN_USER_ID`
`SETTINGS_ADMIN_USER_ID`| 1.0.0 |string|`ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.`|``| -|`OC_JWT_SECRET`
`SETTINGS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`IDM_CREATE_DEMO_USERS`
`SETTINGS_SETUP_DEFAULT_ASSIGNMENTS`| 1.0.0 |bool|`The default role assignments the demo users should be setup.`|`false`| -|`SETTINGS_SERVICE_ACCOUNT_IDS`
`OC_SERVICE_ACCOUNT_ID`| 1.0.0 |[]string|`The list of all service account IDs. These will be assigned the hidden 'service-account' role. Note: When using 'OC_SERVICE_ACCOUNT_ID' this will contain only one value while 'SETTINGS_SERVICE_ACCOUNT_IDS' can have multiple. See the 'auth-service' service description for more details about service accounts.`|`[service-user-id]`| -|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|``| -|`OC_TRANSLATION_PATH`
`SETTINGS_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`SETTINGS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`SETTINGS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`SETTINGS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`SETTINGS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`SETTINGS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`SETTINGS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`SETTINGS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`SETTINGS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`SETTINGS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9194| +|`SETTINGS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`SETTINGS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`SETTINGS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`SETTINGS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9190| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`SETTINGS_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`OC_CORS_ALLOW_ORIGINS`
`SETTINGS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[*]| +|`OC_CORS_ALLOW_METHODS`
`SETTINGS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[GET POST PUT PATCH DELETE OPTIONS]| +|`OC_CORS_ALLOW_HEADERS`
`SETTINGS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id]| +|`OC_CORS_ALLOW_CREDENTIALS`
`SETTINGS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|true| +|`SETTINGS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9191| +|`SETTINGS_STORAGE_GATEWAY_GRPC_ADDR`
`STORAGE_GATEWAY_GRPC_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`SETTINGS_STORAGE_GRPC_ADDR`
`STORAGE_GRPC_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`OC_SYSTEM_USER_ID`
`SETTINGS_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_IDP`
`SETTINGS_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| +|`OC_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|| +|`OC_CACHE_STORE`
`SETTINGS_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|memory| +|`OC_CACHE_STORE_NODES`
`SETTINGS_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|settings-cache| +|`SETTINGS_FILE_CACHE_TABLE`| 1.0.0 |string|`The database table the store should use for the file cache.`|settings_files| +|`SETTINGS_DIRECTORY_CACHE_TABLE`| 1.0.0 |string|`The database table the store should use for the directory cache.`|settings_dirs| +|`OC_CACHE_TTL`
`SETTINGS_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for entries in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|10m0s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`SETTINGS_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|false| +|`OC_CACHE_AUTH_USERNAME`
`SETTINGS_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`SETTINGS_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.`|| +|`SETTINGS_BUNDLES_PATH`| 1.0.0 |string|`The path to a JSON file with a list of bundles. If not defined, the default bundles will be loaded.`|| +|`OC_ADMIN_USER_ID`
`SETTINGS_ADMIN_USER_ID`| 1.0.0 |string|`ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.`|| +|`OC_JWT_SECRET`
`SETTINGS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`IDM_CREATE_DEMO_USERS`
`SETTINGS_SETUP_DEFAULT_ASSIGNMENTS`| 1.0.0 |bool|`The default role assignments the demo users should be setup.`|false| +|`SETTINGS_SERVICE_ACCOUNT_IDS`
`OC_SERVICE_ACCOUNT_ID`| 1.0.0 |[]string|`The list of all service account IDs. These will be assigned the hidden 'service-account' role. Note: When using 'OC_SERVICE_ACCOUNT_ID' this will contain only one value while 'SETTINGS_SERVICE_ACCOUNT_IDS' can have multiple. See the 'auth-service' service description for more details about service accounts.`|[service-user-id]| +|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|| +|`OC_TRANSLATION_PATH`
`SETTINGS_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|| diff --git a/static/env-vars/settings_readme.md b/static/env-vars/settings_readme.md index fca4650e..9b37f908 100644 --- a/static/env-vars/settings_readme.md +++ b/static/env-vars/settings_readme.md @@ -1,6 +1,6 @@ --- title: Settings -date: 2025-11-27T22:56:02.334436+01:00 +date: 2025-11-11T09:16:41.11261832+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/settings diff --git a/static/env-vars/sharing-config-example.yaml b/static/env-vars/sharing-config-example.yaml new file mode 100644 index 00000000..41556a87 --- /dev/null +++ b/static/env-vars/sharing-config-example.yaml @@ -0,0 +1,85 @@ +# Autogenerated +# Filename: sharing-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9151 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9150 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_cert_path: "" + enable_tls: false + auth_username: "" + auth_password: "" +skip_user_groups_in_token: false +user_sharing_driver: jsoncs3 +user_sharing_drivers: + jsoncs3: + provider_addr: eu.opencloud.api.storage-system + system_user_id: "" + system_user_idp: internal + system_user_api_key: "" + cache_ttl: 0 + max_concurrency: 1 + json: + file: /home/chaser/.opencloud/storage/shares.json + cs3: + provider_addr: eu.opencloud.api.storage-system + system_user_id: "" + system_user_idp: internal + system_user_api_key: "" + owncloudsql: + db_username: owncloud + db_password: "" + db_host: mysql + db_port: 3306 + db_name: owncloud + user_storage_mount_id: "" +public_sharing_driver: jsoncs3 +public_sharing_drivers: + json: + file: /home/chaser/.opencloud/storage/publicshares.json + jsoncs3: + provider_addr: eu.opencloud.api.storage-system + system_user_id: "" + system_user_idp: internal + system_user_api_key: "" + cs3: + provider_addr: eu.opencloud.api.storage-system + system_user_id: "" + system_user_idp: internal + system_user_api_key: "" +public_sharing_writeableshare_must_have_password: false +public_sharing_share_must_have_password: true +enable_expired_shares_cleanup: true +password_policy: + min_characters: 8 + min_lowercase_characters: 1 + min_uppercase_characters: 1 + min_digits: 1 + min_special_characters: 1 + banned_passwords_list: "" diff --git a/static/env-vars/sharing_configvars.md b/static/env-vars/sharing_configvars.md index c08c3da4..1eb7868a 100644 --- a/static/env-vars/sharing_configvars.md +++ b/static/env-vars/sharing_configvars.md @@ -1,63 +1,67 @@ Environment variables for the **sharing** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`SHARING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`SHARING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`SHARING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`SHARING_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`SHARING_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9151`| -|`SHARING_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`SHARING_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`SHARING_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`SHARING_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9150`| -|`OC_GRPC_PROTOCOL`
`SHARING_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`SHARING_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OC_EVENTS_ENDPOINT`
`SHARING_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`SHARING_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`SHARING_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`SHARING_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided SHARING_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`SHARING_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`SHARING_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`Username for the events broker.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`SHARING_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`Password for the events broker.`|``| -|`SHARING_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`SHARING_USER_DRIVER`| 1.0.0 |string|`Driver to be used to persist shares. Supported values are 'jsoncs3', 'json', 'cs3' (deprecated) and 'owncloudsql'.`|`jsoncs3`| -|`SHARING_USER_JSONCS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`OC_SYSTEM_USER_ID`
`SHARING_USER_JSONCS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_IDP`
`SHARING_USER_JSONCS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| -|`OC_SYSTEM_USER_API_KEY`
`SHARING_USER_JSONCS3_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`SHARING_USER_JSONCS3_CACHE_TTL`| 1.0.0 |int|`TTL for the internal caches in seconds.`|`0`| -|`OC_MAX_CONCURRENCY`
`SHARING_USER_JSONCS3_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|`1`| -|`SHARING_USER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where shares will be persisted. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/shares.json`| -|`SHARING_USER_CS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`OC_SYSTEM_USER_ID`
`SHARING_USER_CS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_IDP`
`SHARING_USER_CS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| -|`OC_SYSTEM_USER_API_KEY`
`SHARING_USER_CS3_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`SHARING_USER_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Username for the database.`|`owncloud`| -|`SHARING_USER_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database.`|``| -|`SHARING_USER_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname or IP of the database server.`|`mysql`| -|`SHARING_USER_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Port that the database server is listening on.`|`3306`| -|`SHARING_USER_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the database to be used.`|`owncloud`| -|`SHARING_USER_OWNCLOUDSQL_USER_STORAGE_MOUNT_ID`| 1.0.0 |string|`Mount ID of the ownCloudSQL users storage for mapping ownCloud 10 shares.`|``| -|`SHARING_PUBLIC_DRIVER`| 1.0.0 |string|`Driver to be used to persist public shares. Supported values are 'jsoncs3', 'json' and 'cs3' (deprecated).`|`jsoncs3`| -|`SHARING_PUBLIC_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where public share meta-data will be stored. This JSON file contains the information about public shares that have been created. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/publicshares.json`| -|`SHARING_PUBLIC_JSONCS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`OC_SYSTEM_USER_ID`
`SHARING_PUBLIC_JSONCS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_IDP`
`SHARING_PUBLIC_JSONCS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| -|`OC_SYSTEM_USER_API_KEY`
`SHARING_PUBLIC_JSONCS3_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`SHARING_PUBLIC_CS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`| -|`OC_SYSTEM_USER_ID`
`SHARING_PUBLIC_CS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_IDP`
`SHARING_PUBLIC_CS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`| -|`OC_SYSTEM_USER_API_KEY`
`SHARING_PUBLIC_CS3_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`
`SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD (deprecated) in the frontend service.`|`false`| -|`OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD`
`SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords on all public shares.`|`true`| -|`OC_PASSWORD_POLICY_DISABLED`
`SHARING_PASSWORD_POLICY_DISABLED`| 1.0.0 |bool|`Disable the password policy. Defaults to false if not set.`|`false`| -|`OC_PASSWORD_POLICY_MIN_CHARACTERS`
`SHARING_PASSWORD_POLICY_MIN_CHARACTERS`| 1.0.0 |int|`Define the minimum password length. Defaults to 8 if not set.`|`8`| -|`OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`
`SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`| 1.0.0 |int|`Define the minimum number of uppercase letters. Defaults to 1 if not set.`|`1`| -|`OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`
`SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`| 1.0.0 |int|`Define the minimum number of lowercase letters. Defaults to 1 if not set.`|`1`| -|`OC_PASSWORD_POLICY_MIN_DIGITS`
`SHARING_PASSWORD_POLICY_MIN_DIGITS`| 1.0.0 |int|`Define the minimum number of digits. Defaults to 1 if not set.`|`1`| -|`OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`
`SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`| 1.0.0 |int|`Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set.`|`1`| -|`OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`
`SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`| 1.0.0 |string|`Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`SHARING_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`SHARING_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`SHARING_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`SHARING_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`SHARING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`SHARING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`SHARING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`SHARING_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`SHARING_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9151| +|`SHARING_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`SHARING_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`SHARING_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`SHARING_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9150| +|`OC_GRPC_PROTOCOL`
`SHARING_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`SHARING_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OC_EVENTS_ENDPOINT`
`SHARING_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`SHARING_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`SHARING_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`SHARING_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided SHARING_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`SHARING_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`SHARING_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`Username for the events broker.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`SHARING_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`Password for the events broker.`|| +|`SHARING_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`SHARING_USER_DRIVER`| 1.0.0 |string|`Driver to be used to persist shares. Supported values are 'jsoncs3', 'json', 'cs3' (deprecated) and 'owncloudsql'.`|jsoncs3| +|`SHARING_USER_JSONCS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`OC_SYSTEM_USER_ID`
`SHARING_USER_JSONCS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_IDP`
`SHARING_USER_JSONCS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| +|`OC_SYSTEM_USER_API_KEY`
`SHARING_USER_JSONCS3_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|| +|`SHARING_USER_JSONCS3_CACHE_TTL`| 1.0.0 |int|`TTL for the internal caches in seconds.`|0| +|`OC_MAX_CONCURRENCY`
`SHARING_USER_JSONCS3_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|1| +|`SHARING_USER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where shares will be persisted. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|/home/chaser/.opencloud/storage/shares.json| +|`SHARING_USER_CS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`OC_SYSTEM_USER_ID`
`SHARING_USER_CS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_IDP`
`SHARING_USER_CS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| +|`OC_SYSTEM_USER_API_KEY`
`SHARING_USER_CS3_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|| +|`SHARING_USER_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Username for the database.`|owncloud| +|`SHARING_USER_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database.`|| +|`SHARING_USER_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname or IP of the database server.`|mysql| +|`SHARING_USER_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Port that the database server is listening on.`|3306| +|`SHARING_USER_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the database to be used.`|owncloud| +|`SHARING_USER_OWNCLOUDSQL_USER_STORAGE_MOUNT_ID`| 1.0.0 |string|`Mount ID of the ownCloudSQL users storage for mapping ownCloud 10 shares.`|| +|`SHARING_PUBLIC_DRIVER`| 1.0.0 |string|`Driver to be used to persist public shares. Supported values are 'jsoncs3', 'json' and 'cs3' (deprecated).`|jsoncs3| +|`SHARING_PUBLIC_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where public share meta-data will be stored. This JSON file contains the information about public shares that have been created. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|/home/chaser/.opencloud/storage/publicshares.json| +|`SHARING_PUBLIC_JSONCS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`OC_SYSTEM_USER_ID`
`SHARING_PUBLIC_JSONCS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_IDP`
`SHARING_PUBLIC_JSONCS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| +|`OC_SYSTEM_USER_API_KEY`
`SHARING_PUBLIC_JSONCS3_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|| +|`SHARING_PUBLIC_CS3_PROVIDER_ADDR`| 1.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`OC_SYSTEM_USER_ID`
`SHARING_PUBLIC_CS3_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_IDP`
`SHARING_PUBLIC_CS3_SYSTEM_USER_IDP`| 1.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| +|`OC_SYSTEM_USER_API_KEY`
`SHARING_PUBLIC_CS3_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|| +|`OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`
`SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD (deprecated) in the frontend service.`|false| +|`OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD`
`SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords on all public shares.`|true| +|`OC_PASSWORD_POLICY_DISABLED`
`SHARING_PASSWORD_POLICY_DISABLED`| 1.0.0 |bool|`Disable the password policy. Defaults to false if not set.`|false| +|`OC_PASSWORD_POLICY_MIN_CHARACTERS`
`SHARING_PASSWORD_POLICY_MIN_CHARACTERS`| 1.0.0 |int|`Define the minimum password length. Defaults to 8 if not set.`|8| +|`OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`
`SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`| 1.0.0 |int|`Define the minimum number of uppercase letters. Defaults to 1 if not set.`|1| +|`OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`
`SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`| 1.0.0 |int|`Define the minimum number of lowercase letters. Defaults to 1 if not set.`|1| +|`OC_PASSWORD_POLICY_MIN_DIGITS`
`SHARING_PASSWORD_POLICY_MIN_DIGITS`| 1.0.0 |int|`Define the minimum number of digits. Defaults to 1 if not set.`|1| +|`OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`
`SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`| 1.0.0 |int|`Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set.`|1| +|`OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`
`SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`| 1.0.0 |string|`Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details.`|| diff --git a/static/env-vars/sse-config-example.yaml b/static/env-vars/sse-config-example.yaml new file mode 100644 index 00000000..5b884d17 --- /dev/null +++ b/static/env-vars/sse-config-example.yaml @@ -0,0 +1,50 @@ +# Autogenerated +# Filename: sse-config-example.yaml + +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9139 + token: "" + pprof: false + zpages: false +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +keepalive_interval: 0s +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +http: + addr: 127.0.0.1:9135 + root: / + cors: + allow_origins: + - '*' + allow_methods: + - GET + allow_headers: + - Authorization + - Origin + - Content-Type + - Accept + - X-Requested-With + - X-Request-Id + - Ocs-Apirequest + allow_credentials: true + tls: + enabled: false + cert: "" + key: "" +token_manager: + jwt_secret: "" diff --git a/static/env-vars/sse_configvars.md b/static/env-vars/sse_configvars.md index 4214aad8..ae16b4f5 100644 --- a/static/env-vars/sse_configvars.md +++ b/static/env-vars/sse_configvars.md @@ -1,30 +1,34 @@ Environment variables for the **sse** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`SSE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`SSE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`SSE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`SSE_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`SSE_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9139`| -|`SSE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`SSE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`SSE_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`SSE_KEEPALIVE_INTERVAL`| 1.0.0 |Duration|`To prevent intermediate proxies from closing the SSE connection, send periodic SSE comments to keep it open.`|`0s`| -|`OC_EVENTS_ENDPOINT`
`SSE_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`SSE_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`SSE_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`SSE_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided SSE_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`SSE_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`SSE_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`SSE_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`SSE_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9135`| -|`SSE_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`OC_CORS_ALLOW_ORIGINS`
`SSE_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[*]`| -|`OC_CORS_ALLOW_METHODS`
`SSE_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[GET]`| -|`OC_CORS_ALLOW_HEADERS`
`SSE_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`SSE_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`OC_JWT_SECRET`
`SSE_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| +|---|---|---|---|---| +|`OC_LOG_LEVEL`
`SSE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`SSE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`SSE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`SSE_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`SSE_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9139| +|`SSE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`SSE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`SSE_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`OC_TRACING_ENABLED`
`SSE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`SSE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`SSE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`SSE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`SSE_KEEPALIVE_INTERVAL`| 1.0.0 |Duration|`To prevent intermediate proxies from closing the SSE connection, send periodic SSE comments to keep it open.`|0s| +|`OC_EVENTS_ENDPOINT`
`SSE_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`SSE_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`SSE_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`SSE_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided SSE_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`SSE_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`SSE_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`SSE_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`SSE_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9135| +|`SSE_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`OC_CORS_ALLOW_ORIGINS`
`SSE_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[*]| +|`OC_CORS_ALLOW_METHODS`
`SSE_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[GET]| +|`OC_CORS_ALLOW_HEADERS`
`SSE_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]| +|`OC_CORS_ALLOW_CREDENTIALS`
`SSE_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|true| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`OC_JWT_SECRET`
`SSE_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| diff --git a/static/env-vars/sse_readme.md b/static/env-vars/sse_readme.md index 49aea22f..40860d9e 100644 --- a/static/env-vars/sse_readme.md +++ b/static/env-vars/sse_readme.md @@ -1,6 +1,6 @@ --- title: SSE -date: 2025-11-27T22:56:02.334591+01:00 +date: 2025-11-11T09:16:41.112998164+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/sse diff --git a/static/env-vars/storage-publiclink-config-example.yaml b/static/env-vars/storage-publiclink-config-example.yaml new file mode 100644 index 00000000..fb3cf2d4 --- /dev/null +++ b/static/env-vars/storage-publiclink-config-example.yaml @@ -0,0 +1,32 @@ +# Autogenerated +# Filename: storage-publiclink-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9179 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9178 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +storage_provider: + mount_id: 7993447f-687f-490d-875c-ac95e89a62a4 diff --git a/static/env-vars/storage-publiclink_configvars.md b/static/env-vars/storage-publiclink_configvars.md index e2ba94f3..ee7394e4 100644 --- a/static/env-vars/storage-publiclink_configvars.md +++ b/static/env-vars/storage-publiclink_configvars.md @@ -1,20 +1,24 @@ Environment variables for the **storage-publiclink** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`STORAGE_PUBLICLINK_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`STORAGE_PUBLICLINK_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`STORAGE_PUBLICLINK_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`STORAGE_PUBLICLINK_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`STORAGE_PUBLICLINK_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9179`| -|`STORAGE_PUBLICLINK_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`STORAGE_PUBLICLINK_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`STORAGE_PUBLICLINK_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`STORAGE_PUBLICLINK_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9178`| -|`OC_GRPC_PROTOCOL`
`STORAGE_PUBLICLINK_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`STORAGE_PUBLICLINK_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`STORAGE_PUBLICLINK_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`STORAGE_PUBLICLINK_STORAGE_PROVIDER_MOUNT_ID`| 1.0.0 |string|`Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|`7993447f-687f-490d-875c-ac95e89a62a4`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`STORAGE_PUBLICLINK_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`STORAGE_PUBLICLINK_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`STORAGE_PUBLICLINK_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`STORAGE_PUBLICLINK_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`STORAGE_PUBLICLINK_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`STORAGE_PUBLICLINK_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`STORAGE_PUBLICLINK_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`STORAGE_PUBLICLINK_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`STORAGE_PUBLICLINK_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9179| +|`STORAGE_PUBLICLINK_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`STORAGE_PUBLICLINK_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`STORAGE_PUBLICLINK_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`STORAGE_PUBLICLINK_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9178| +|`OC_GRPC_PROTOCOL`
`STORAGE_PUBLICLINK_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`STORAGE_PUBLICLINK_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`STORAGE_PUBLICLINK_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`STORAGE_PUBLICLINK_STORAGE_PROVIDER_MOUNT_ID`| 1.0.0 |string|`Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|7993447f-687f-490d-875c-ac95e89a62a4| diff --git a/static/env-vars/storage-shares-config-example.yaml b/static/env-vars/storage-shares-config-example.yaml new file mode 100644 index 00000000..2f19daa8 --- /dev/null +++ b/static/env-vars/storage-shares-config-example.yaml @@ -0,0 +1,33 @@ +# Autogenerated +# Filename: storage-shares-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9156 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9154 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +mount_id: 7639e57c-4433-4a12-8201-722fd0009154 +readonly: false +user_share_provider_endpoint: eu.opencloud.api.sharing diff --git a/static/env-vars/storage-shares_configvars.md b/static/env-vars/storage-shares_configvars.md index ce9b2bf6..48de0880 100644 --- a/static/env-vars/storage-shares_configvars.md +++ b/static/env-vars/storage-shares_configvars.md @@ -1,22 +1,26 @@ Environment variables for the **storage-shares** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`STORAGE_SHARES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`STORAGE_SHARES_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`STORAGE_SHARES_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`STORAGE_SHARES_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`STORAGE_SHARES_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9156`| -|`STORAGE_SHARES_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`STORAGE_SHARES_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`STORAGE_SHARES_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`STORAGE_SHARES_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9154`| -|`OC_GRPC_PROTOCOL`
`STORAGE_SHARES_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|`tcp`| -|`OC_JWT_SECRET`
`STORAGE_SHARES_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`STORAGE_SHARES_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`STORAGE_SHARES_MOUNT_ID`| 1.0.0 |string|`Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|`7639e57c-4433-4a12-8201-722fd0009154`| -|`STORAGE_SHARES_READ_ONLY`| 1.0.0 |bool|`Set this storage to be read-only.`|`false`| -|`STORAGE_SHARES_USER_SHARE_PROVIDER_ENDPOINT`| 1.0.0 |string|`GRPC endpoint of the SHARING service.`|`eu.opencloud.api.sharing`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`STORAGE_SHARES_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`STORAGE_SHARES_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`STORAGE_SHARES_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`STORAGE_SHARES_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`STORAGE_SHARES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`STORAGE_SHARES_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`STORAGE_SHARES_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`STORAGE_SHARES_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`STORAGE_SHARES_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9156| +|`STORAGE_SHARES_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`STORAGE_SHARES_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`STORAGE_SHARES_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`STORAGE_SHARES_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9154| +|`OC_GRPC_PROTOCOL`
`STORAGE_SHARES_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GRPC service.`|tcp| +|`OC_JWT_SECRET`
`STORAGE_SHARES_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`STORAGE_SHARES_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`STORAGE_SHARES_MOUNT_ID`| 1.0.0 |string|`Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|7639e57c-4433-4a12-8201-722fd0009154| +|`STORAGE_SHARES_READ_ONLY`| 1.0.0 |bool|`Set this storage to be read-only.`|false| +|`STORAGE_SHARES_USER_SHARE_PROVIDER_ENDPOINT`| 1.0.0 |string|`GRPC endpoint of the SHARING service.`|eu.opencloud.api.sharing| diff --git a/static/env-vars/storage-system-config-example.yaml b/static/env-vars/storage-system-config-example.yaml new file mode 100644 index 00000000..fb284651 --- /dev/null +++ b/static/env-vars/storage-system-config-example.yaml @@ -0,0 +1,51 @@ +# Autogenerated +# Filename: storage-system-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9217 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9215 + tls: null + protocol: tcp +http: + addr: 127.0.0.1:9216 + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +system_user_id: "" +system_user_api_key: "" +skip_user_groups_in_token: false +cache: + store: memory + nodes: + - 127.0.0.1:9233 + database: storage-system + ttl: 24m0s + disable_persistence: false + auth_username: "" + auth_password: "" +driver: decomposed +drivers: + decomposed: + root: /home/chaser/.opencloud/storage/metadata + max_acquire_lock_cycles: 20 + lock_cycle_duration_factor: 30 +data_server_url: http://localhost:9216/data diff --git a/static/env-vars/storage-system_configvars.md b/static/env-vars/storage-system_configvars.md index 2b7ef3ae..34d66712 100644 --- a/static/env-vars/storage-system_configvars.md +++ b/static/env-vars/storage-system_configvars.md @@ -1,35 +1,39 @@ Environment variables for the **storage-system** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`STORAGE_SYSTEM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`STORAGE_SYSTEM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`STORAGE_SYSTEM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`STORAGE_SYSTEM_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`STORAGE_SYSTEM_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9217`| -|`STORAGE_SYSTEM_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint`|``| -|`STORAGE_SYSTEM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling`|`false`| -|`STORAGE_SYSTEM_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`STORAGE_SYSTEM_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9215`| -|`OC_GRPC_PROTOCOL`
`STORAGE_SYSTEM_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GPRC service.`|`tcp`| -|`STORAGE_SYSTEM_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9216`| -|`STORAGE_SYSTEM_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|`tcp`| -|`OC_JWT_SECRET`
`STORAGE_SYSTEM_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`OC_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud storage-system system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``| -|`OC_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``| -|`STORAGE_SYSTEM_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`OC_CACHE_STORE`
`STORAGE_SYSTEM_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`memory`| -|`OC_CACHE_STORE_NODES`
`STORAGE_SYSTEM_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`storage-system`| -|`OC_CACHE_TTL`
`STORAGE_SYSTEM_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|`24m0s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`STORAGE_SYSTEM_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|`false`| -|`OC_CACHE_AUTH_USERNAME`
`STORAGE_SYSTEM_CACHE_AUTH_USERNAME`| 1.0.0 |string|`Username for the configured store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`STORAGE_SYSTEM_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`Password for the configured store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`STORAGE_SYSTEM_DRIVER`| 1.0.0 |string|`The driver which should be used by the service. The only supported driver is 'decomposed'. For backwards compatibility reasons it's also possible to use the 'ocis' driver and configure it using the 'decomposed' options. `|`decomposed`| -|`STORAGE_SYSTEM_OC_ROOT`| 1.0.0 |string|`Path for the directory where the STORAGE-SYSTEM service stores it's persistent data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|`/var/lib/opencloud/storage/metadata`| -|`STORAGE_SYSTEM_OC_MAX_ACQUIRE_LOCK_CYCLES`| 1.0.0 |int|`When trying to lock files, OpenCloud will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.`|`20`| -|`STORAGE_SYSTEM_OC_LOCK_CYCLE_DURATION_FACTOR`| 1.0.0 |int|`When trying to lock files, OpenCloud will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.`|`30`| -|`STORAGE_SYSTEM_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by other services using this service.`|`http://localhost:9216/data`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`STORAGE_SYSTEM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`STORAGE_SYSTEM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`STORAGE_SYSTEM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`STORAGE_SYSTEM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`STORAGE_SYSTEM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`STORAGE_SYSTEM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`STORAGE_SYSTEM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`STORAGE_SYSTEM_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`STORAGE_SYSTEM_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9217| +|`STORAGE_SYSTEM_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint`|| +|`STORAGE_SYSTEM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling`|false| +|`STORAGE_SYSTEM_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`STORAGE_SYSTEM_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9215| +|`OC_GRPC_PROTOCOL`
`STORAGE_SYSTEM_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GPRC service.`|tcp| +|`STORAGE_SYSTEM_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9216| +|`STORAGE_SYSTEM_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|tcp| +|`OC_JWT_SECRET`
`STORAGE_SYSTEM_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`OC_SYSTEM_USER_ID`| 1.0.0 |string|`ID of the OpenCloud storage-system system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_API_KEY`| 1.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|| +|`STORAGE_SYSTEM_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`OC_CACHE_STORE`
`STORAGE_SYSTEM_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|memory| +|`OC_CACHE_STORE_NODES`
`STORAGE_SYSTEM_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|storage-system| +|`OC_CACHE_TTL`
`STORAGE_SYSTEM_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|24m0s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`STORAGE_SYSTEM_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|false| +|`OC_CACHE_AUTH_USERNAME`
`STORAGE_SYSTEM_CACHE_AUTH_USERNAME`| 1.0.0 |string|`Username for the configured store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`STORAGE_SYSTEM_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`Password for the configured store. Only applies when store type 'nats-js-kv' is configured.`|| +|`STORAGE_SYSTEM_DRIVER`| 1.0.0 |string|`The driver which should be used by the service. The only supported driver is 'decomposed'. For backwards compatibility reasons it's also possible to use the 'ocis' driver and configure it using the 'decomposed' options. `|decomposed| +|`STORAGE_SYSTEM_OC_ROOT`| 1.0.0 |string|`Path for the directory where the STORAGE-SYSTEM service stores it's persistent data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage.`|/home/chaser/.opencloud/storage/metadata| +|`STORAGE_SYSTEM_OC_MAX_ACQUIRE_LOCK_CYCLES`| 1.0.0 |int|`When trying to lock files, OpenCloud will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.`|20| +|`STORAGE_SYSTEM_OC_LOCK_CYCLE_DURATION_FACTOR`| 1.0.0 |int|`When trying to lock files, OpenCloud will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.`|30| +|`STORAGE_SYSTEM_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by other services using this service.`|http://localhost:9216/data| diff --git a/static/env-vars/storage-system_readme.md b/static/env-vars/storage-system_readme.md index 4137d732..b2d947fb 100644 --- a/static/env-vars/storage-system_readme.md +++ b/static/env-vars/storage-system_readme.md @@ -1,6 +1,6 @@ --- title: Storage-System -date: 2025-11-27T22:56:02.33479+01:00 +date: 2025-11-11T09:16:41.113094426+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-system diff --git a/static/env-vars/storage-users-config-example.yaml b/static/env-vars/storage-users-config-example.yaml new file mode 100644 index 00000000..eb0224f6 --- /dev/null +++ b/static/env-vars/storage-users-config-example.yaml @@ -0,0 +1,204 @@ +# Autogenerated +# Filename: storage-users-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9159 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9157 + tls: null + protocol: tcp +http: + addr: 127.0.0.1:9158 + protocol: tcp + prefix: data + cors: + allow_origins: + - https://localhost:9200 + allow_methods: + - POST + - HEAD + - PATCH + - OPTIONS + - GET + - DELETE + allow_headers: + - Authorization + - Origin + - X-Requested-With + - X-Request-Id + - X-HTTP-Method-Override + - Content-Type + - Upload-Length + - Upload-Offset + - Tus-Resumable + - Upload-Metadata + - Upload-Defer-Length + - Upload-Concat + - Upload-Incomplete + - Upload-Draft-Interop-Version + allow_credentials: false + expose_headers: + - Upload-Offset + - Location + - Upload-Length + - Tus-Version + - Tus-Resumable + - Tus-Max-Size + - Tus-Extension + - Upload-Metadata + - Upload-Defer-Length + - Upload-Concat + - Upload-Incomplete + - Upload-Draft-Interop-Version + max_age: 86400 +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +graceful_shutdown_timeout: 30 +driver: posix +drivers: + decomposed: + propagator: sync + async_propagator_options: + propagation_delay: 0s + root: /home/chaser/.opencloud/storage/users + user_layout: '{{.Id.OpaqueId}}' + permissions_endpoint: eu.opencloud.api.settings + personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}' + personalspacepath_template: "" + generalspacealias_template: '{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}' + generalspacepath_template: "" + share_folder: /Shares + max_acquire_lock_cycles: 20 + lock_cycle_duration_factor: 30 + max_concurrency: 5 + async_uploads: true + max_quota: 0 + disable_versioning: false + decomposeds3: + propagator: sync + async_propagator_options: + propagation_delay: 0s + root: /home/chaser/.opencloud/storage/users + user_layout: '{{.Id.OpaqueId}}' + permissions_endpoint: eu.opencloud.api.settings + region: default + access_key: "" + secret_key: "" + endpoint: "" + bucket: "" + put_object_disable_content_sha254: false + put_object_disable_multipart: false + put_object_send_content_md5: true + put_object_concurrent_stream_parts: false + put_object_num_threads: 4 + put_object_part_size: 0 + personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}' + personalspacepath_template: "" + generalspacealias_template: '{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}' + generalspacepath_template: "" + share_folder: /Shares + max_acquire_lock_cycles: 20 + lock_cycle_duration_factor: 30 + max_concurrency: 5 + async_uploads: true + disable_versioning: false + owncloudsql: + root: /home/chaser/.opencloud/storage/owncloud + share_folder: /Shares + user_layout: '{{.Username}}' + upload_info_dir: /home/chaser/.opencloud/storage/uploadinfo + db_username: owncloud + db_password: owncloud + db_host: "" + db_port: 3306 + db_name: owncloud + users_provider_endpoint: eu.opencloud.api.users + posix: + root: /home/chaser/.opencloud/storage/users + propagator: "" + async_propagator_options: + propagation_delay: 0s + personalspacealias_template: '{{.SpaceType}}/{{.User.Username | lower}}' + personalspacepath_template: users/{{.User.Id.OpaqueId}} + generalspacealias_template: '{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}' + generalspacepath_template: projects/{{.SpaceId}} + permissions_endpoint: eu.opencloud.api.settings + async_uploads: true + scan_debounce_delay: 1s + max_quota: 0 + max_acquire_lock_cycles: 0 + lock_cycle_duration_factor: 0 + max_concurrency: 0 + disable_versioning: false + use_space_groups: false + enable_fs_revisions: false + watch_fs: false + watch_type: "" + watch_path: "" + watch_notification_brokers: "" + watch_root: "" + inotify_stats_frequency: 5m0s +data_server_url: http://localhost:9158/data +data_gateway_url: http://localhost:9140/data +transfer_expires: 86400 +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_cert_path: "" + enable_tls: false + num_consumers: 0 + username: "" + password: "" +filemetadata_cache: + store: memory + nodes: + - 127.0.0.1:9233 + database: storage-users + ttl: 24m0s + disable_persistence: false + username: "" + password: "" +id_cache: + store: nats-js-kv + nodes: + - 127.0.0.1:9233 + database: ids-storage-users + ttl: 24m0s + disable_persistence: false + username: "" + password: "" +mount_id: "" +expose_data_server: false +readonly: false +upload_expiration: 86400 +tasks: + purge_trash_bin: + user_id: "" + personal_delete_before: 720h0m0s + project_delete_before: 720h0m0s +service_account: + service_account_id: "" + service_account_secret: "" +gateway_addr: 127.0.0.1:9142 +machine_auth_api_key: "" +max_attempts_rename_file: 0 diff --git a/static/env-vars/storage-users_configvars.md b/static/env-vars/storage-users_configvars.md index 185cd3b9..0e1490ca 100644 --- a/static/env-vars/storage-users_configvars.md +++ b/static/env-vars/storage-users_configvars.md @@ -1,150 +1,154 @@ -2025-11-27-22-55-58 +2025-11-11-09-16-18 # Deprecation Notice | Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement | -|---|---|---|:---| -| | 4.0.0 | | | +|---|---|---|---| +| | next | | | Environment variables for the **storage-users** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`STORAGE_USERS_SERVICE_NAME`| 1.0.0 |string|`Service name to use. Change this when starting an additional storage provider with a custom configuration to prevent it from colliding with the default 'storage-users' service.`|`storage-users`| -|`OC_LOG_LEVEL`
`STORAGE_USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`STORAGE_USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`STORAGE_USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`STORAGE_USERS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`STORAGE_USERS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9159`| -|`STORAGE_USERS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`STORAGE_USERS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`STORAGE_USERS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`STORAGE_USERS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9157`| -|`OC_GRPC_PROTOCOL`
`STORAGE_USERS_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GPRC service.`|`tcp`| -|`STORAGE_USERS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9158`| -|`STORAGE_USERS_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|`tcp`| -|`OC_CORS_ALLOW_ORIGINS`
`STORAGE_USERS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[https://localhost:9200]`| -|`OC_CORS_ALLOW_METHODS`
`STORAGE_USERS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[POST HEAD PATCH OPTIONS GET DELETE]`| -|`OC_CORS_ALLOW_HEADERS`
`STORAGE_USERS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin X-Requested-With X-Request-Id X-HTTP-Method-Override Content-Type Upload-Length Upload-Offset Tus-Resumable Upload-Metadata Upload-Defer-Length Upload-Concat Upload-Incomplete Upload-Draft-Interop-Version]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`STORAGE_USERS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`false`| -|`OC_CORS_EXPOSE_HEADERS`
`STORAGE_USERS_CORS_EXPOSE_HEADERS`| 1.0.0 |[]string|`A list of exposed CORS headers. See following chapter for more details: *Access-Control-Expose-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers. See the Environment Variable Types description for more details.`|`[Upload-Offset Location Upload-Length Tus-Version Tus-Resumable Tus-Max-Size Tus-Extension Upload-Metadata Upload-Defer-Length Upload-Concat Upload-Incomplete Upload-Draft-Interop-Version]`| -|`OC_CORS_MAX_AGE`
`STORAGE_USERS_CORS_MAX_AGE`| 1.0.0 |uint|`The max cache duration of preflight headers. See following chapter for more details: *Access-Control-Max-Age* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age. See the Environment Variable Types description for more details.`|`86400`| -|`OC_JWT_SECRET`
`STORAGE_USERS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`STORAGE_USERS_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`STORAGE_USERS_GRACEFUL_SHUTDOWN_TIMEOUT`| 1.0.0 |int|`The number of seconds to wait for the 'storage-users' service to shutdown cleanly before exiting with an error that gets logged. Note: This setting is only applicable when running the 'storage-users' service as a standalone service. See the text description for more details.`|`30`| -|`STORAGE_USERS_DRIVER`| 1.0.0 |string|`The storage driver which should be used by the service. Defaults to 'posix'. Supported values are: 'posix', 'decomposed', 'decomposeds3' and 'owncloudsql'. For backwards compatibility reasons it's also possible to use the 'ocis' and 's3ng' driver and configure them using the 'decomposed'/'decomposeds3' options. The 'posix' driver stores data directly on a POSIX-compliant filesystem. The 'decomposed' driver stores all data (blob and meta data) in a POSIX compliant volume. The 'decomposeds3' driver stores metadata in a POSIX compliant volume and uploads blobs to the s3 bucket.`|`posix`| -|`OC_DECOMPOSEDFS_PROPAGATOR`
`STORAGE_USERS_DECOMPOSED_PROPAGATOR`| 1.0.0 |string|`The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.`|`sync`| -|`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`| 1.0.0 |Duration|`The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.`|`0s`| -|`STORAGE_USERS_DECOMPOSED_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store blobs and metadata. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|`/var/lib/opencloud/storage/users`| -|`STORAGE_USERS_DECOMPOSED_USER_LAYOUT`| 1.0.0 |string|`Template string for the user storage layout in the user directory.`|`{{.Id.OpaqueId}}`| -|`STORAGE_USERS_PERMISSION_ENDPOINT`
`STORAGE_USERS_DECOMPOSED_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`Endpoint of the permissions service. The endpoints can differ for 'decomposed' and 'decomposeds3'.`|`eu.opencloud.api.settings`| -|`STORAGE_USERS_DECOMPOSED_PERSONAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct personal space aliases.`|`{{.SpaceType}}/{{.User.Username \| lower}}`| -|`STORAGE_USERS_DECOMPOSED_PERSONAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the personal space roots.`|``| -|`STORAGE_USERS_DECOMPOSED_GENERAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct general space aliases.`|`{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}`| -|`STORAGE_USERS_DECOMPOSED_GENERAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the projects space roots.`|``| -|`STORAGE_USERS_DECOMPOSED_SHARE_FOLDER`| 1.0.0 |string|`Name of the folder jailing all shares.`|`/Shares`| -|`STORAGE_USERS_DECOMPOSED_MAX_ACQUIRE_LOCK_CYCLES`| 1.0.0 |int|`When trying to lock files, OpenCloud will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value will be used.`|`20`| -|`STORAGE_USERS_DECOMPOSED_LOCK_CYCLE_DURATION_FACTOR`| 1.0.0 |int|`When trying to lock files, OpenCloud will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value will be used.`|`30`| -|`OC_MAX_CONCURRENCY`
`STORAGE_USERS_DECOMPOSED_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|`5`| -|`OC_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|`true`| -|`OC_SPACES_MAX_QUOTA`
`STORAGE_USERS_DECOMPOSED_MAX_QUOTA`| 1.0.0 |uint64|`Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OC_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.`|`0`| -|`OC_DISABLE_VERSIONING`| 1.0.0 |bool|`Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version.`|`false`| -|`OC_DECOMPOSEDFS_PROPAGATOR`
`STORAGE_USERS_DECOMPOSEDS3_PROPAGATOR`| 1.0.0 |string|`The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.`|`sync`| -|`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`| 1.0.0 |Duration|`The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.`|`0s`| -|`STORAGE_USERS_DECOMPOSEDS3_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store metadata for blobs. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|`/var/lib/opencloud/storage/users`| -|`STORAGE_USERS_DECOMPOSEDS3_USER_LAYOUT`| 1.0.0 |string|`Template string for the user storage layout in the user directory.`|`{{.Id.OpaqueId}}`| -|`STORAGE_USERS_PERMISSION_ENDPOINT`
`STORAGE_USERS_DECOMPOSEDS3_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`Endpoint of the permissions service. The endpoints can differ for 'decomposed' and 'decomposeds3'.`|`eu.opencloud.api.settings`| -|`STORAGE_USERS_DECOMPOSEDS3_REGION`| 1.0.0 |string|`Region of the S3 bucket.`|`default`| -|`STORAGE_USERS_DECOMPOSEDS3_ACCESS_KEY`| 1.0.0 |string|`Access key for the S3 bucket.`|``| -|`STORAGE_USERS_DECOMPOSEDS3_SECRET_KEY`| 1.0.0 |string|`Secret key for the S3 bucket.`|``| -|`STORAGE_USERS_DECOMPOSEDS3_ENDPOINT`| 1.0.0 |string|`Endpoint for the S3 bucket.`|``| -|`STORAGE_USERS_DECOMPOSEDS3_BUCKET`| 1.0.0 |string|`Name of the S3 bucket.`|``| -|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_DISABLE_CONTENT_SHA256`| 1.0.0 |bool|`Disable sending content sha256 when copying objects to S3.`|`false`| -|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_DISABLE_MULTIPART`| 1.0.0 |bool|`Disable multipart uploads when copying objects to S3.`|`false`| -|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_SEND_CONTENT_MD5`| 1.0.0 |bool|`Send a Content-MD5 header when copying objects to S3.`|`true`| -|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_CONCURRENT_STREAM_PARTS`| 1.0.0 |bool|`Always precreate parts when copying objects to S3. This is not recommended. It uses a memory buffer. If true, PartSize needs to be set.`|`false`| -|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_NUM_THREADS`| 1.0.0 |uint|`Number of concurrent uploads to use when copying objects to S3.`|`4`| -|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_PART_SIZE`| 1.0.0 |uint64|`Part size for concurrent uploads to S3. If no value or 0 is set, the library automatically calculates the part size according to the total size of the file to be uploaded. The value range is min 5MB and max 5GB.`|`0`| -|`STORAGE_USERS_DECOMPOSEDS3_PERSONAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct personal space aliases.`|`{{.SpaceType}}/{{.User.Username \| lower}}`| -|`STORAGE_USERS_DECOMPOSEDS3_PERSONAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the personal space roots.`|``| -|`STORAGE_USERS_DECOMPOSEDS3_GENERAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct general space aliases.`|`{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}`| -|`STORAGE_USERS_DECOMPOSEDS3_GENERAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the projects space roots.`|``| -|`STORAGE_USERS_DECOMPOSEDS3_SHARE_FOLDER`| 1.0.0 |string|`Name of the folder jailing all shares.`|`/Shares`| -|`STORAGE_USERS_DECOMPOSEDS3_MAX_ACQUIRE_LOCK_CYCLES`| 1.0.0 |int|`When trying to lock files, OpenCloud will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.`|`20`| -|`STORAGE_USERS_DECOMPOSEDS3_LOCK_CYCLE_DURATION_FACTOR`| 1.0.0 |int|`When trying to lock files, OpenCloud will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.`|`30`| -|`OC_MAX_CONCURRENCY`
`STORAGE_USERS_DECOMPOSEDS3_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used.`|`5`| -|`OC_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|`true`| -|`OC_DISABLE_VERSIONING`| 1.0.0 |bool|`Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version.`|`false`| -|`STORAGE_USERS_OWNCLOUDSQL_DATADIR`| 1.0.0 |string|`The directory where the filesystem storage will store SQL migration data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/owncloud.`|`/var/lib/opencloud/storage/owncloud`| -|`STORAGE_USERS_OWNCLOUDSQL_SHARE_FOLDER`| 1.0.0 |string|`Name of the folder jailing all shares.`|`/Shares`| -|`STORAGE_USERS_OWNCLOUDSQL_LAYOUT`| 1.0.0 |string|`Path layout to use to navigate into a users folder in an owncloud data directory`|`{{.Username}}`| -|`STORAGE_USERS_OWNCLOUDSQL_UPLOADINFO_DIR`| 1.0.0 |string|`The directory where the filesystem will store uploads temporarily. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/uploadinfo.`|`/var/lib/opencloud/storage/uploadinfo`| -|`STORAGE_USERS_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Username for the database.`|`owncloud`| -|`STORAGE_USERS_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database.`|`owncloud`| -|`STORAGE_USERS_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname or IP of the database server.`|``| -|`STORAGE_USERS_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Port that the database server is listening on.`|`3306`| -|`STORAGE_USERS_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the database to be used.`|`owncloud`| -|`STORAGE_USERS_OWNCLOUDSQL_USERS_PROVIDER_ENDPOINT`| 1.0.0 |string|`Endpoint of the users provider.`|`eu.opencloud.api.users`| -|`STORAGE_USERS_POSIX_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store its data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|`/var/lib/opencloud/storage/users`| -|`OC_DECOMPOSEDFS_PROPAGATOR`
`STORAGE_USERS_POSIX_PROPAGATOR`| 2.0.0 |string|`The propagator used for the posix driver. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.`|``| -|`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`| 1.0.0 |Duration|`The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.`|`0s`| -|`STORAGE_USERS_POSIX_PERSONAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct personal space aliases.`|`{{.SpaceType}}/{{.User.Username \| lower}}`| -|`STORAGE_USERS_POSIX_PERSONAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the personal space roots.`|`users/{{.User.Id.OpaqueId}}`| -|`STORAGE_USERS_POSIX_GENERAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct general space aliases.`|`{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}`| -|`STORAGE_USERS_POSIX_GENERAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the projects space roots.`|`projects/{{.SpaceId}}`| -|`STORAGE_USERS_PERMISSION_ENDPOINT`
`STORAGE_USERS_POSIX_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`Endpoint of the permissions service. The endpoints can differ for 'decomposed', 'posix' and 'decomposeds3'.`|`eu.opencloud.api.settings`| -|`OC_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|`true`| -|`STORAGE_USERS_POSIX_SCAN_DEBOUNCE_DELAY`| 1.0.0 |Duration|`The time in milliseconds to wait before scanning the filesystem for changes after a change has been detected.`|`1s`| -|`OC_SPACES_MAX_QUOTA`
`STORAGE_USERS_POSIX_MAX_QUOTA`| 2.0.0 |uint64|`Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OC_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.`|`0`| -|`STORAGE_USERS_POSIX_MAX_ACQUIRE_LOCK_CYCLES`| 2.0.0 |int|`When trying to lock files, OpenCloud will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value will be used.`|`0`| -|`STORAGE_USERS_POSIX_LOCK_CYCLE_DURATION_FACTOR`| 2.0.0 |int|`When trying to lock files, OpenCloud will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value will be used.`|`0`| -|`OC_MAX_CONCURRENCY`
`STORAGE_USERS_POSIX_MAX_CONCURRENCY`| 2.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|`0`| -|`OC_DISABLE_VERSIONING`| 2.0.0 |bool|`Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version.`|`false`| -|`STORAGE_USERS_POSIX_USE_SPACE_GROUPS`| 1.0.0 |bool|`Use space groups to manage permissions on spaces.`|`false`| -|`STORAGE_USERS_POSIX_ENABLE_FS_REVISIONS`| 1.0.0 |bool|`Allow for generating revisions from changes done to the local storage. Note: This doubles the number of bytes stored on disk because a copy of the current revision is stored to be turned into a revision later.`|`false`| -|`STORAGE_USERS_POSIX_WATCH_FS`| 2.0.0 |bool|`Enable the filesystem watcher to detect changes to the filesystem. This is used to detect changes to the filesystem and update the metadata accordingly.`|`false`| -|`STORAGE_USERS_POSIX_WATCH_TYPE`| 1.0.0 |string|`Type of the watcher to use for getting notified about changes to the filesystem. Currently available options are 'inotifywait' (default), 'cephfs', 'gpfswatchfolder' and 'gpfsfileauditlogging'.`|``| -|`STORAGE_USERS_POSIX_WATCH_PATH`| 1.0.0 |string|`Path to the watch directory/file. Only applies to the 'gpfsfileauditlogging' and 'inotifywait' watcher, in which case it is the path of the file audit log file/base directory to watch.`|``| -|`STORAGE_USERS_POSIX_WATCH_NOTIFICATION_BROKERS,STORAGE_USERS_POSIX_WATCH_FOLDER_KAFKA_BROKERS`| 1.0.0 |string|`Comma-separated list of kafka brokers to read the watchfolder events from.`|``| -|`STORAGE_USERS_POSIX_WATCH_ROOT`| 4.0.0 |string|`Path to the watch root directory. Event paths will be considered relative to this path. Only applies to the 'gpswatchfolder' and 'cephfs' watchers.`|``| -|`STORAGE_USERS_POSIX_INOTIFY_STATS_FREQUENCY`| 4.0.0 |Duration|`Frequency to log inotify stats.`|`5m0s`| -|`STORAGE_USERS_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.`|`http://localhost:9158/data`| -|`STORAGE_USERS_DATA_GATEWAY_URL`| 1.0.0 |string|`URL of the data gateway server`|`http://localhost:9140/data`| -|`STORAGE_USERS_TRANSFER_EXPIRES`| 1.0.0 |int64|`The time after which the token for upload postprocessing expires`|`86400`| -|`OC_EVENTS_ENDPOINT`
`STORAGE_USERS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`STORAGE_USERS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`STORAGE_USERS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`STORAGE_USERS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`STORAGE_USERS_EVENTS_NUM_CONSUMERS`| 1.0.0 |int|`The amount of concurrent event consumers to start. Event consumers are used for post-processing files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands. The setting has no effect when the OC_ASYNC_UPLOADS is set to false. The default and minimum value is 1.`|`0`| -|`OC_EVENTS_AUTH_USERNAME`
`STORAGE_USERS_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`STORAGE_USERS_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_CACHE_STORE`
`STORAGE_USERS_FILEMETADATA_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`memory`| -|`OC_CACHE_STORE_NODES`
`STORAGE_USERS_FILEMETADATA_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`storage-users`| -|`OC_CACHE_TTL`
`STORAGE_USERS_FILEMETADATA_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|`24m0s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`STORAGE_USERS_FILEMETADATA_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|`false`| -|`OC_CACHE_AUTH_USERNAME`
`STORAGE_USERS_FILEMETADATA_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`STORAGE_USERS_FILEMETADATA_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_STORE`
`STORAGE_USERS_ID_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|`nats-js-kv`| -|`OC_CACHE_STORE_NODES`
`STORAGE_USERS_ID_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`| -|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`ids-storage-users`| -|`OC_CACHE_TTL`
`STORAGE_USERS_ID_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the user info cache. Only applied when access tokens have no expiration. Defaults to 300s which is derived from the underlaying package though not explicitly set as default. See the Environment Variable Types description for more details.`|`24m0s`| -|`OC_CACHE_DISABLE_PERSISTENCE`
`STORAGE_USERS_ID_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|`false`| -|`OC_CACHE_AUTH_USERNAME`
`STORAGE_USERS_ID_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_CACHE_AUTH_PASSWORD`
`STORAGE_USERS_ID_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`STORAGE_USERS_MOUNT_ID`| 1.0.0 |string|`Mount ID of this storage.`|``| -|`STORAGE_USERS_EXPOSE_DATA_SERVER`| 1.0.0 |bool|`Exposes the data server directly to users and bypasses the data gateway. Ensure that the data server address is reachable by users.`|`false`| -|`STORAGE_USERS_READ_ONLY`| 1.0.0 |bool|`Set this storage to be read-only.`|`false`| -|`STORAGE_USERS_UPLOAD_EXPIRATION`| 1.0.0 |int64|`Duration in seconds after which uploads will expire. Note that when setting this to a low number, uploads could be cancelled before they are finished and return a 403 to the user.`|`86400`| -|`OC_ADMIN_USER_ID`
`STORAGE_USERS_PURGE_TRASH_BIN_USER_ID`| 1.0.0 |string|`ID of the user who collects all necessary information for deletion. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.`|``| -|`STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE`| 1.0.0 |Duration|`Specifies the period of time in which items that have been in the personal trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. See the Environment Variable Types description for more details.`|`720h0m0s`| -|`STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE`| 1.0.0 |Duration|`Specifies the period of time in which items that have been in the project trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. See the Environment Variable Types description for more details.`|`720h0m0s`| -|`OC_SERVICE_ACCOUNT_ID`
`STORAGE_USERS_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`STORAGE_USERS_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| -|`OC_GATEWAY_GRPC_ADDR`
`STORAGE_USERS_GATEWAY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the gateway GRPC address.`|`127.0.0.1:9142`| -|`OC_MACHINE_AUTH_API_KEY`
`STORAGE_USERS_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary for the access to resources from other services.`|``| -|`STORAGE_USERS_CLI_MAX_ATTEMPTS_RENAME_FILE`| 1.0.0 |int|`The maximum number of attempts to rename a file when a user restores a file to an existing destination with the same name. The minimum value is 100.`|`0`| +|---|---|---|---|---| +|`STORAGE_USERS_SERVICE_NAME`| 1.0.0 |string|`Service name to use. Change this when starting an additional storage provider with a custom configuration to prevent it from colliding with the default 'storage-users' service.`|storage-users| +|`OC_TRACING_ENABLED`
`STORAGE_USERS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`STORAGE_USERS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`STORAGE_USERS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`STORAGE_USERS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`STORAGE_USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`STORAGE_USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`STORAGE_USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`STORAGE_USERS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`STORAGE_USERS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9159| +|`STORAGE_USERS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`STORAGE_USERS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`STORAGE_USERS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`STORAGE_USERS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9157| +|`OC_GRPC_PROTOCOL`
`STORAGE_USERS_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GPRC service.`|tcp| +|`STORAGE_USERS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9158| +|`STORAGE_USERS_HTTP_PROTOCOL`| 1.0.0 |string|`The transport protocol of the HTTP service.`|tcp| +|`OC_CORS_ALLOW_ORIGINS`
`STORAGE_USERS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[https://localhost:9200]| +|`OC_CORS_ALLOW_METHODS`
`STORAGE_USERS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[POST HEAD PATCH OPTIONS GET DELETE]| +|`OC_CORS_ALLOW_HEADERS`
`STORAGE_USERS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin X-Requested-With X-Request-Id X-HTTP-Method-Override Content-Type Upload-Length Upload-Offset Tus-Resumable Upload-Metadata Upload-Defer-Length Upload-Concat Upload-Incomplete Upload-Draft-Interop-Version]| +|`OC_CORS_ALLOW_CREDENTIALS`
`STORAGE_USERS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|false| +|`OC_CORS_EXPOSE_HEADERS`
`STORAGE_USERS_CORS_EXPOSE_HEADERS`| 1.0.0 |[]string|`A list of exposed CORS headers. See following chapter for more details: *Access-Control-Expose-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers. See the Environment Variable Types description for more details.`|[Upload-Offset Location Upload-Length Tus-Version Tus-Resumable Tus-Max-Size Tus-Extension Upload-Metadata Upload-Defer-Length Upload-Concat Upload-Incomplete Upload-Draft-Interop-Version]| +|`OC_CORS_MAX_AGE`
`STORAGE_USERS_CORS_MAX_AGE`| 1.0.0 |uint|`The max cache duration of preflight headers. See following chapter for more details: *Access-Control-Max-Age* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age. See the Environment Variable Types description for more details.`|86400| +|`OC_JWT_SECRET`
`STORAGE_USERS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`STORAGE_USERS_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`STORAGE_USERS_GRACEFUL_SHUTDOWN_TIMEOUT`| 1.0.0 |int|`The number of seconds to wait for the 'storage-users' service to shutdown cleanly before exiting with an error that gets logged. Note: This setting is only applicable when running the 'storage-users' service as a standalone service. See the text description for more details.`|30| +|`STORAGE_USERS_DRIVER`| 1.0.0 |string|`The storage driver which should be used by the service. Defaults to 'posix'. Supported values are: 'posix', 'decomposed', 'decomposeds3' and 'owncloudsql'. For backwards compatibility reasons it's also possible to use the 'ocis' and 's3ng' driver and configure them using the 'decomposed'/'decomposeds3' options. The 'posix' driver stores data directly on a POSIX-compliant filesystem. The 'decomposed' driver stores all data (blob and meta data) in a POSIX compliant volume. The 'decomposeds3' driver stores metadata in a POSIX compliant volume and uploads blobs to the s3 bucket.`|posix| +|`OC_DECOMPOSEDFS_PROPAGATOR`
`STORAGE_USERS_DECOMPOSED_PROPAGATOR`| 1.0.0 |string|`The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.`|sync| +|`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`| 1.0.0 |Duration|`The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.`|0s| +|`STORAGE_USERS_DECOMPOSED_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store blobs and metadata. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|/home/chaser/.opencloud/storage/users| +|`STORAGE_USERS_DECOMPOSED_USER_LAYOUT`| 1.0.0 |string|`Template string for the user storage layout in the user directory.`|{{.Id.OpaqueId}}| +|`STORAGE_USERS_PERMISSION_ENDPOINT`
`STORAGE_USERS_DECOMPOSED_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`Endpoint of the permissions service. The endpoints can differ for 'decomposed' and 'decomposeds3'.`|eu.opencloud.api.settings| +|`STORAGE_USERS_DECOMPOSED_PERSONAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct personal space aliases.`|{{.SpaceType}}/{{.User.Username \| lower}}| +|`STORAGE_USERS_DECOMPOSED_PERSONAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the personal space roots.`|| +|`STORAGE_USERS_DECOMPOSED_GENERAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct general space aliases.`|{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}| +|`STORAGE_USERS_DECOMPOSED_GENERAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the projects space roots.`|| +|`STORAGE_USERS_DECOMPOSED_SHARE_FOLDER`| 1.0.0 |string|`Name of the folder jailing all shares.`|/Shares| +|`STORAGE_USERS_DECOMPOSED_MAX_ACQUIRE_LOCK_CYCLES`| 1.0.0 |int|`When trying to lock files, OpenCloud will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value will be used.`|20| +|`STORAGE_USERS_DECOMPOSED_LOCK_CYCLE_DURATION_FACTOR`| 1.0.0 |int|`When trying to lock files, OpenCloud will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value will be used.`|30| +|`OC_MAX_CONCURRENCY`
`STORAGE_USERS_DECOMPOSED_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|5| +|`OC_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|true| +|`OC_SPACES_MAX_QUOTA`
`STORAGE_USERS_DECOMPOSED_MAX_QUOTA`| 1.0.0 |uint64|`Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OC_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.`|0| +|`OC_DISABLE_VERSIONING`| 1.0.0 |bool|`Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version.`|false| +|`OC_DECOMPOSEDFS_PROPAGATOR`
`STORAGE_USERS_DECOMPOSEDS3_PROPAGATOR`| 1.0.0 |string|`The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.`|sync| +|`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`| 1.0.0 |Duration|`The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.`|0s| +|`STORAGE_USERS_DECOMPOSEDS3_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store metadata for blobs. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|/home/chaser/.opencloud/storage/users| +|`STORAGE_USERS_DECOMPOSEDS3_USER_LAYOUT`| 1.0.0 |string|`Template string for the user storage layout in the user directory.`|{{.Id.OpaqueId}}| +|`STORAGE_USERS_PERMISSION_ENDPOINT`
`STORAGE_USERS_DECOMPOSEDS3_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`Endpoint of the permissions service. The endpoints can differ for 'decomposed' and 'decomposeds3'.`|eu.opencloud.api.settings| +|`STORAGE_USERS_DECOMPOSEDS3_REGION`| 1.0.0 |string|`Region of the S3 bucket.`|default| +|`STORAGE_USERS_DECOMPOSEDS3_ACCESS_KEY`| 1.0.0 |string|`Access key for the S3 bucket.`|| +|`STORAGE_USERS_DECOMPOSEDS3_SECRET_KEY`| 1.0.0 |string|`Secret key for the S3 bucket.`|| +|`STORAGE_USERS_DECOMPOSEDS3_ENDPOINT`| 1.0.0 |string|`Endpoint for the S3 bucket.`|| +|`STORAGE_USERS_DECOMPOSEDS3_BUCKET`| 1.0.0 |string|`Name of the S3 bucket.`|| +|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_DISABLE_CONTENT_SHA256`| 1.0.0 |bool|`Disable sending content sha256 when copying objects to S3.`|false| +|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_DISABLE_MULTIPART`| 1.0.0 |bool|`Disable multipart uploads when copying objects to S3.`|false| +|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_SEND_CONTENT_MD5`| 1.0.0 |bool|`Send a Content-MD5 header when copying objects to S3.`|true| +|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_CONCURRENT_STREAM_PARTS`| 1.0.0 |bool|`Always precreate parts when copying objects to S3. This is not recommended. It uses a memory buffer. If true, PartSize needs to be set.`|false| +|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_NUM_THREADS`| 1.0.0 |uint|`Number of concurrent uploads to use when copying objects to S3.`|4| +|`STORAGE_USERS_DECOMPOSEDS3_PUT_OBJECT_PART_SIZE`| 1.0.0 |uint64|`Part size for concurrent uploads to S3. If no value or 0 is set, the library automatically calculates the part size according to the total size of the file to be uploaded. The value range is min 5MB and max 5GB.`|0| +|`STORAGE_USERS_DECOMPOSEDS3_PERSONAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct personal space aliases.`|{{.SpaceType}}/{{.User.Username \| lower}}| +|`STORAGE_USERS_DECOMPOSEDS3_PERSONAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the personal space roots.`|| +|`STORAGE_USERS_DECOMPOSEDS3_GENERAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct general space aliases.`|{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}| +|`STORAGE_USERS_DECOMPOSEDS3_GENERAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the projects space roots.`|| +|`STORAGE_USERS_DECOMPOSEDS3_SHARE_FOLDER`| 1.0.0 |string|`Name of the folder jailing all shares.`|/Shares| +|`STORAGE_USERS_DECOMPOSEDS3_MAX_ACQUIRE_LOCK_CYCLES`| 1.0.0 |int|`When trying to lock files, OpenCloud will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used.`|20| +|`STORAGE_USERS_DECOMPOSEDS3_LOCK_CYCLE_DURATION_FACTOR`| 1.0.0 |int|`When trying to lock files, OpenCloud will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used.`|30| +|`OC_MAX_CONCURRENCY`
`STORAGE_USERS_DECOMPOSEDS3_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used.`|5| +|`OC_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|true| +|`OC_DISABLE_VERSIONING`| 1.0.0 |bool|`Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version.`|false| +|`STORAGE_USERS_OWNCLOUDSQL_DATADIR`| 1.0.0 |string|`The directory where the filesystem storage will store SQL migration data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/owncloud.`|/home/chaser/.opencloud/storage/owncloud| +|`STORAGE_USERS_OWNCLOUDSQL_SHARE_FOLDER`| 1.0.0 |string|`Name of the folder jailing all shares.`|/Shares| +|`STORAGE_USERS_OWNCLOUDSQL_LAYOUT`| 1.0.0 |string|`Path layout to use to navigate into a users folder in an owncloud data directory`|{{.Username}}| +|`STORAGE_USERS_OWNCLOUDSQL_UPLOADINFO_DIR`| 1.0.0 |string|`The directory where the filesystem will store uploads temporarily. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/uploadinfo.`|/home/chaser/.opencloud/storage/uploadinfo| +|`STORAGE_USERS_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Username for the database.`|owncloud| +|`STORAGE_USERS_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database.`|owncloud| +|`STORAGE_USERS_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname or IP of the database server.`|| +|`STORAGE_USERS_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Port that the database server is listening on.`|3306| +|`STORAGE_USERS_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the database to be used.`|owncloud| +|`STORAGE_USERS_OWNCLOUDSQL_USERS_PROVIDER_ENDPOINT`| 1.0.0 |string|`Endpoint of the users provider.`|eu.opencloud.api.users| +|`STORAGE_USERS_POSIX_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store its data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/users.`|/home/chaser/.opencloud/storage/users| +|`OC_DECOMPOSEDFS_PROPAGATOR`
`STORAGE_USERS_POSIX_PROPAGATOR`| 2.0.0 |string|`The propagator used for the posix driver. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.`|| +|`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`| 1.0.0 |Duration|`The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.`|0s| +|`STORAGE_USERS_POSIX_PERSONAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct personal space aliases.`|{{.SpaceType}}/{{.User.Username \| lower}}| +|`STORAGE_USERS_POSIX_PERSONAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the personal space roots.`|users/{{.User.Id.OpaqueId}}| +|`STORAGE_USERS_POSIX_GENERAL_SPACE_ALIAS_TEMPLATE`| 1.0.0 |string|`Template string to construct general space aliases.`|{{.SpaceType}}/{{.SpaceName \| replace " " "-" \| lower}}| +|`STORAGE_USERS_POSIX_GENERAL_SPACE_PATH_TEMPLATE`| 1.0.0 |string|`Template string to construct the paths of the projects space roots.`|projects/{{.SpaceId}}| +|`STORAGE_USERS_PERMISSION_ENDPOINT`
`STORAGE_USERS_POSIX_PERMISSIONS_ENDPOINT`| 1.0.0 |string|`Endpoint of the permissions service. The endpoints can differ for 'decomposed', 'posix' and 'decomposeds3'.`|eu.opencloud.api.settings| +|`OC_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|true| +|`STORAGE_USERS_POSIX_SCAN_DEBOUNCE_DELAY`| 1.0.0 |Duration|`The time in milliseconds to wait before scanning the filesystem for changes after a change has been detected.`|1s| +|`OC_SPACES_MAX_QUOTA`
`STORAGE_USERS_POSIX_MAX_QUOTA`| 2.0.0 |uint64|`Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OC_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.`|0| +|`STORAGE_USERS_POSIX_MAX_ACQUIRE_LOCK_CYCLES`| 2.0.0 |int|`When trying to lock files, OpenCloud will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value will be used.`|0| +|`STORAGE_USERS_POSIX_LOCK_CYCLE_DURATION_FACTOR`| 2.0.0 |int|`When trying to lock files, OpenCloud will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value will be used.`|0| +|`OC_MAX_CONCURRENCY`
`STORAGE_USERS_POSIX_MAX_CONCURRENCY`| 2.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|0| +|`OC_DISABLE_VERSIONING`| 2.0.0 |bool|`Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version.`|false| +|`STORAGE_USERS_POSIX_USE_SPACE_GROUPS`| 1.0.0 |bool|`Use space groups to manage permissions on spaces.`|false| +|`STORAGE_USERS_POSIX_ENABLE_FS_REVISIONS`| 1.0.0 |bool|`Allow for generating revisions from changes done to the local storage. Note: This doubles the number of bytes stored on disk because a copy of the current revision is stored to be turned into a revision later.`|false| +|`STORAGE_USERS_POSIX_WATCH_FS`| 2.0.0 |bool|`Enable the filesystem watcher to detect changes to the filesystem. This is used to detect changes to the filesystem and update the metadata accordingly.`|false| +|`STORAGE_USERS_POSIX_WATCH_TYPE`| 1.0.0 |string|`Type of the watcher to use for getting notified about changes to the filesystem. Currently available options are 'inotifywait' (default), 'cephfs', 'gpfswatchfolder' and 'gpfsfileauditlogging'.`|| +|`STORAGE_USERS_POSIX_WATCH_PATH`| 1.0.0 |string|`Path to the watch directory/file. Only applies to the 'gpfsfileauditlogging' and 'inotifywait' watcher, in which case it is the path of the file audit log file/base directory to watch.`|| +|`STORAGE_USERS_POSIX_WATCH_NOTIFICATION_BROKERS,STORAGE_USERS_POSIX_WATCH_FOLDER_KAFKA_BROKERS`| 1.0.0 |string|`Comma-separated list of kafka brokers to read the watchfolder events from.`|| +|`STORAGE_USERS_POSIX_WATCH_ROOT`| next |string|`Path to the watch root directory. Event paths will be considered relative to this path. Only applies to the 'gpswatchfolder' and 'cephfs' watchers.`|| +|`STORAGE_USERS_POSIX_INOTIFY_STATS_FREQUENCY`| next |Duration|`Frequency to log inotify stats.`|5m0s| +|`STORAGE_USERS_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.`|http://localhost:9158/data| +|`STORAGE_USERS_DATA_GATEWAY_URL`| 1.0.0 |string|`URL of the data gateway server`|http://localhost:9140/data| +|`STORAGE_USERS_TRANSFER_EXPIRES`| 1.0.0 |int64|`The time after which the token for upload postprocessing expires`|86400| +|`OC_EVENTS_ENDPOINT`
`STORAGE_USERS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`STORAGE_USERS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`STORAGE_USERS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`STORAGE_USERS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`STORAGE_USERS_EVENTS_NUM_CONSUMERS`| 1.0.0 |int|`The amount of concurrent event consumers to start. Event consumers are used for post-processing files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands. The setting has no effect when the OC_ASYNC_UPLOADS is set to false. The default and minimum value is 1.`|0| +|`OC_EVENTS_AUTH_USERNAME`
`STORAGE_USERS_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`STORAGE_USERS_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_CACHE_STORE`
`STORAGE_USERS_FILEMETADATA_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|memory| +|`OC_CACHE_STORE_NODES`
`STORAGE_USERS_FILEMETADATA_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|storage-users| +|`OC_CACHE_TTL`
`STORAGE_USERS_FILEMETADATA_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.`|24m0s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`STORAGE_USERS_FILEMETADATA_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|false| +|`OC_CACHE_AUTH_USERNAME`
`STORAGE_USERS_FILEMETADATA_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`STORAGE_USERS_FILEMETADATA_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_STORE`
`STORAGE_USERS_ID_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|nats-js-kv| +|`OC_CACHE_STORE_NODES`
`STORAGE_USERS_ID_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| +|`OC_CACHE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|ids-storage-users| +|`OC_CACHE_TTL`
`STORAGE_USERS_ID_CACHE_TTL`| 1.0.0 |Duration|`Default time to live for user info in the user info cache. Only applied when access tokens have no expiration. Defaults to 300s which is derived from the underlaying package though not explicitly set as default. See the Environment Variable Types description for more details.`|24m0s| +|`OC_CACHE_DISABLE_PERSISTENCE`
`STORAGE_USERS_ID_CACHE_DISABLE_PERSISTENCE`| 1.0.0 |bool|`Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.`|false| +|`OC_CACHE_AUTH_USERNAME`
`STORAGE_USERS_ID_CACHE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_CACHE_AUTH_PASSWORD`
`STORAGE_USERS_ID_CACHE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured.`|| +|`STORAGE_USERS_MOUNT_ID`| 1.0.0 |string|`Mount ID of this storage.`|| +|`STORAGE_USERS_EXPOSE_DATA_SERVER`| 1.0.0 |bool|`Exposes the data server directly to users and bypasses the data gateway. Ensure that the data server address is reachable by users.`|false| +|`STORAGE_USERS_READ_ONLY`| 1.0.0 |bool|`Set this storage to be read-only.`|false| +|`STORAGE_USERS_UPLOAD_EXPIRATION`| 1.0.0 |int64|`Duration in seconds after which uploads will expire. Note that when setting this to a low number, uploads could be cancelled before they are finished and return a 403 to the user.`|86400| +|`OC_ADMIN_USER_ID`
`STORAGE_USERS_PURGE_TRASH_BIN_USER_ID`| 1.0.0 |string|`ID of the user who collects all necessary information for deletion. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.`|| +|`STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE`| 1.0.0 |Duration|`Specifies the period of time in which items that have been in the personal trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. See the Environment Variable Types description for more details.`|720h0m0s| +|`STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE`| 1.0.0 |Duration|`Specifies the period of time in which items that have been in the project trash-bin for longer than this value should be deleted. A value of 0 means no automatic deletion. See the Environment Variable Types description for more details.`|720h0m0s| +|`OC_SERVICE_ACCOUNT_ID`
`STORAGE_USERS_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`STORAGE_USERS_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| +|`OC_GATEWAY_GRPC_ADDR`
`STORAGE_USERS_GATEWAY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the gateway GRPC address.`|127.0.0.1:9142| +|`OC_MACHINE_AUTH_API_KEY`
`STORAGE_USERS_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary for the access to resources from other services.`|| +|`STORAGE_USERS_CLI_MAX_ATTEMPTS_RENAME_FILE`| 1.0.0 |int|`The maximum number of attempts to rename a file when a user restores a file to an existing destination with the same name. The minimum value is 100.`|0| diff --git a/static/env-vars/storage-users_readme.md b/static/env-vars/storage-users_readme.md index 51c7064e..25af3718 100644 --- a/static/env-vars/storage-users_readme.md +++ b/static/env-vars/storage-users_readme.md @@ -1,6 +1,6 @@ --- title: Storage-Users -date: 2025-11-27T22:56:02.334862+01:00 +date: 2025-11-11T09:16:41.113215473+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-users diff --git a/static/env-vars/thumbnails-config-example.yaml b/static/env-vars/thumbnails-config-example.yaml new file mode 100644 index 00000000..2acda547 --- /dev/null +++ b/static/env-vars/thumbnails-config-example.yaml @@ -0,0 +1,72 @@ +# Autogenerated +# Filename: thumbnails-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9189 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9185 + tls: null + max_concurrent_requests: 0 +http: + addr: 127.0.0.1:9186 + tls: + enabled: false + cert: "" + key: "" + root: /thumbnails + cors: + allow_origins: + - '*' + allow_methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + allow_headers: + - Authorization + - Origin + - Content-Type + - Accept + - X-Requested-With + - X-Request-Id + - Cache-Control + allow_credentials: true +grpc_client_tls: null +thumbnail: + resolutions: + - 16x16 + - 32x32 + - 64x64 + - 128x128 + - 1080x1920 + - 1920x1080 + - 2160x3840 + - 3840x2160 + - 4320x7680 + - 7680x4320 + filesystem_storage: + root_directory: /home/chaser/.opencloud/thumbnails + webdav_allow_insecure: false + cs3_allow_insecure: false + reva_gateway: eu.opencloud.api.gateway + font_map_file: "" + transfer_secret: "" + data_endpoint: http://127.0.0.1:9186/thumbnails/data + max_input_width: 7680 + max_input_height: 7680 + max_input_image_file_size: 50MB diff --git a/static/env-vars/thumbnails_configvars.md b/static/env-vars/thumbnails_configvars.md index b61c1386..58d0537e 100644 --- a/static/env-vars/thumbnails_configvars.md +++ b/static/env-vars/thumbnails_configvars.md @@ -1,34 +1,38 @@ Environment variables for the **thumbnails** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`THUMBNAILS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`THUMBNAILS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`THUMBNAILS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`THUMBNAILS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`THUMBNAILS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9189`| -|`THUMBNAILS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`THUMBNAILS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`THUMBNAILS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`THUMBNAILS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9185`| -|`THUMBNAILS_MAX_CONCURRENT_REQUESTS`| 1.0.0 |int|`Number of maximum concurrent thumbnail requests. Default is 0 which is unlimited.`|`0`| -|`THUMBNAILS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9186`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`THUMBNAILS_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/thumbnails`| -|`OC_CORS_ALLOW_ORIGINS`
`THUMBNAILS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[*]`| -|`OC_CORS_ALLOW_METHODS`
`THUMBNAILS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[GET POST PUT PATCH DELETE OPTIONS]`| -|`OC_CORS_ALLOW_HEADERS`
`THUMBNAILS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`THUMBNAILS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| -|`THUMBNAILS_RESOLUTIONS`| 1.0.0 |[]string|`The supported list of target resolutions in the format WidthxHeight like 32x32. You can define any resolution as required. See the Environment Variable Types description for more details.`|`[16x16 32x32 64x64 128x128 1080x1920 1920x1080 2160x3840 3840x2160 4320x7680 7680x4320]`| -|`THUMBNAILS_FILESYSTEMSTORAGE_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store the thumbnails. If not defined, the root directory derives from $OC_BASE_DATA_PATH/thumbnails.`|`/var/lib/opencloud/thumbnails`| -|`OC_INSECURE`
`THUMBNAILS_WEBDAVSOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the webdav source.`|`false`| -|`OC_INSECURE`
`THUMBNAILS_CS3SOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the CS3 source.`|`false`| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|`eu.opencloud.api.gateway`| -|`THUMBNAILS_TXT_FONTMAP_FILE`| 1.0.0 |string|`The path to a font file for txt thumbnails.`|``| -|`THUMBNAILS_TRANSFER_TOKEN`| 1.0.0 |string|`The secret to sign JWT to download the actual thumbnail file.`|``| -|`THUMBNAILS_DATA_ENDPOINT`| 1.0.0 |string|`The HTTP endpoint where the actual thumbnail file can be downloaded.`|`http://127.0.0.1:9186/thumbnails/data`| -|`THUMBNAILS_MAX_INPUT_WIDTH`| 1.0.0 |int|`The maximum width of an input image which is being processed.`|`7680`| -|`THUMBNAILS_MAX_INPUT_HEIGHT`| 1.0.0 |int|`The maximum height of an input image which is being processed.`|`7680`| -|`THUMBNAILS_MAX_INPUT_IMAGE_FILE_SIZE`| 1.0.0 |string|`The maximum file size of an input image which is being processed. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB.`|`50MB`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`THUMBNAILS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`THUMBNAILS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`THUMBNAILS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`THUMBNAILS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`THUMBNAILS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`THUMBNAILS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`THUMBNAILS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`THUMBNAILS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`THUMBNAILS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9189| +|`THUMBNAILS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`THUMBNAILS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`THUMBNAILS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`THUMBNAILS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9185| +|`THUMBNAILS_MAX_CONCURRENT_REQUESTS`| 1.0.0 |int|`Number of maximum concurrent thumbnail requests. Default is 0 which is unlimited.`|0| +|`THUMBNAILS_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9186| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`THUMBNAILS_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/thumbnails| +|`OC_CORS_ALLOW_ORIGINS`
`THUMBNAILS_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[*]| +|`OC_CORS_ALLOW_METHODS`
`THUMBNAILS_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[GET POST PUT PATCH DELETE OPTIONS]| +|`OC_CORS_ALLOW_HEADERS`
`THUMBNAILS_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control]| +|`OC_CORS_ALLOW_CREDENTIALS`
`THUMBNAILS_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|true| +|`THUMBNAILS_RESOLUTIONS`| 1.0.0 |[]string|`The supported list of target resolutions in the format WidthxHeight like 32x32. You can define any resolution as required. See the Environment Variable Types description for more details.`|[16x16 32x32 64x64 128x128 1080x1920 1920x1080 2160x3840 3840x2160 4320x7680 7680x4320]| +|`THUMBNAILS_FILESYSTEMSTORAGE_ROOT`| 1.0.0 |string|`The directory where the filesystem storage will store the thumbnails. If not defined, the root directory derives from $OC_BASE_DATA_PATH/thumbnails.`|/home/chaser/.opencloud/thumbnails| +|`OC_INSECURE`
`THUMBNAILS_WEBDAVSOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the webdav source.`|false| +|`OC_INSECURE`
`THUMBNAILS_CS3SOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the CS3 source.`|false| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|eu.opencloud.api.gateway| +|`THUMBNAILS_TXT_FONTMAP_FILE`| 1.0.0 |string|`The path to a font file for txt thumbnails.`|| +|`THUMBNAILS_TRANSFER_TOKEN`| 1.0.0 |string|`The secret to sign JWT to download the actual thumbnail file.`|| +|`THUMBNAILS_DATA_ENDPOINT`| 1.0.0 |string|`The HTTP endpoint where the actual thumbnail file can be downloaded.`|http://127.0.0.1:9186/thumbnails/data| +|`THUMBNAILS_MAX_INPUT_WIDTH`| 1.0.0 |int|`The maximum width of an input image which is being processed.`|7680| +|`THUMBNAILS_MAX_INPUT_HEIGHT`| 1.0.0 |int|`The maximum height of an input image which is being processed.`|7680| +|`THUMBNAILS_MAX_INPUT_IMAGE_FILE_SIZE`| 1.0.0 |string|`The maximum file size of an input image which is being processed. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB.`|50MB| diff --git a/static/env-vars/thumbnails_readme.md b/static/env-vars/thumbnails_readme.md index ad62b83f..e92e328a 100644 --- a/static/env-vars/thumbnails_readme.md +++ b/static/env-vars/thumbnails_readme.md @@ -1,6 +1,6 @@ --- title: Thumbnails -date: 2025-11-27T22:56:02.334947+01:00 +date: 2025-11-11T09:16:41.113342853+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/thumbnails diff --git a/static/env-vars/userlog-config-example.yaml b/static/env-vars/userlog-config-example.yaml new file mode 100644 index 00000000..03c248aa --- /dev/null +++ b/static/env-vars/userlog-config-example.yaml @@ -0,0 +1,67 @@ +# Autogenerated +# Filename: userlog-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9214 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9210 + root: / + cors: + allow_origins: + - '*' + allow_methods: + - GET + allow_headers: + - Authorization + - Origin + - Content-Type + - Accept + - X-Requested-With + - X-Request-Id + - Ocs-Apirequest + allow_credentials: true + tls: + enabled: false + cert: "" + key: "" +grpc_client_tls: null +token_manager: + jwt_secret: "" +reva_gateway: eu.opencloud.api.gateway +translation_path: "" +default_language: "" +events: + endpoint: 127.0.0.1:9233 + cluster: opencloud-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false + username: "" + password: "" +max_concurrency: 1 +persistence: + store: memory + nodes: [] + database: userlog + table: events + ttl: 336h0m0s + username: "" + password: "" +disable_sse: false +global_notifications_secret: "" +service_account: + service_account_id: "" + service_account_secret: "" diff --git a/static/env-vars/userlog_configvars.md b/static/env-vars/userlog_configvars.md index 40753381..fbd7f474 100644 --- a/static/env-vars/userlog_configvars.md +++ b/static/env-vars/userlog_configvars.md @@ -1,44 +1,48 @@ Environment variables for the **userlog** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`USERLOG_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`USERLOG_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9214`| -|`USERLOG_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`USERLOG_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`USERLOG_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`USERLOG_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9210`| -|`USERLOG_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`OC_CORS_ALLOW_ORIGINS`
`USERLOG_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[*]`| -|`OC_CORS_ALLOW_METHODS`
`USERLOG_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[GET]`| -|`OC_CORS_ALLOW_HEADERS`
`USERLOG_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`USERLOG_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`OC_JWT_SECRET`
`USERLOG_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|`eu.opencloud.api.gateway`| -|`OC_TRANSLATION_PATH`
`USERLOG_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|``| -|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|``| -|`OC_EVENTS_ENDPOINT`
`USERLOG_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`| -|`OC_EVENTS_CLUSTER`
`USERLOG_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`| -|`OC_INSECURE`
`USERLOG_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`| -|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`USERLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|``| -|`OC_EVENTS_ENABLE_TLS`
`USERLOG_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`| -|`OC_EVENTS_AUTH_USERNAME`
`USERLOG_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_EVENTS_AUTH_PASSWORD`
`USERLOG_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``| -|`OC_MAX_CONCURRENCY`
`USERLOG_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|`1`| -|`OC_PERSISTENT_STORE`
`USERLOG_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|`memory`| -|`OC_PERSISTENT_STORE_NODES`
`USERLOG_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[]`| -|`USERLOG_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`userlog`| -|`USERLOG_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|`events`| -|`OC_PERSISTENT_STORE_TTL`
`USERLOG_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.`|`336h0m0s`| -|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`USERLOG_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`USERLOG_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``| -|`OC_DISABLE_SSE,USERLOG_DISABLE_SSE`| 1.0.0 |bool|`Disables server-sent events (sse). When disabled, clients will no longer receive sse notifications.`|`false`| -|`USERLOG_GLOBAL_NOTIFICATIONS_SECRET`| 1.0.0 |string|`The secret to secure the global notifications endpoint. Only system admins and users knowing that secret can call the global notifications POST/DELETE endpoints.`|``| -|`OC_SERVICE_ACCOUNT_ID`
`USERLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``| -|`OC_SERVICE_ACCOUNT_SECRET`
`USERLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`USERLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`USERLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`USERLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`USERLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`USERLOG_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`USERLOG_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9214| +|`USERLOG_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`USERLOG_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`USERLOG_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`USERLOG_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9210| +|`USERLOG_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`OC_CORS_ALLOW_ORIGINS`
`USERLOG_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[*]| +|`OC_CORS_ALLOW_METHODS`
`USERLOG_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[GET]| +|`OC_CORS_ALLOW_HEADERS`
`USERLOG_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]| +|`OC_CORS_ALLOW_CREDENTIALS`
`USERLOG_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|true| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`OC_JWT_SECRET`
`USERLOG_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|eu.opencloud.api.gateway| +|`OC_TRANSLATION_PATH`
`USERLOG_TRANSLATION_PATH`| 1.0.0 |string|`(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.`|| +|`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|| +|`OC_EVENTS_ENDPOINT`
`USERLOG_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| +|`OC_EVENTS_CLUSTER`
`USERLOG_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| +|`OC_INSECURE`
`USERLOG_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`USERLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_EVENTS_ENABLE_TLS`
`USERLOG_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| +|`OC_EVENTS_AUTH_USERNAME`
`USERLOG_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_EVENTS_AUTH_PASSWORD`
`USERLOG_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| +|`OC_MAX_CONCURRENCY`
`USERLOG_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|1| +|`OC_PERSISTENT_STORE`
`USERLOG_STORE`| 1.0.0 |string|`The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.`|memory| +|`OC_PERSISTENT_STORE_NODES`
`USERLOG_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[]| +|`USERLOG_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|userlog| +|`USERLOG_STORE_TABLE`| 1.0.0 |string|`The database table the store should use.`|events| +|`OC_PERSISTENT_STORE_TTL`
`USERLOG_STORE_TTL`| 1.0.0 |Duration|`Time to live for events in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.`|336h0m0s| +|`OC_PERSISTENT_STORE_AUTH_USERNAME`
`USERLOG_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`USERLOG_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| +|`OC_DISABLE_SSE,USERLOG_DISABLE_SSE`| 1.0.0 |bool|`Disables server-sent events (sse). When disabled, clients will no longer receive sse notifications.`|false| +|`USERLOG_GLOBAL_NOTIFICATIONS_SECRET`| 1.0.0 |string|`The secret to secure the global notifications endpoint. Only system admins and users knowing that secret can call the global notifications POST/DELETE endpoints.`|| +|`OC_SERVICE_ACCOUNT_ID`
`USERLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| +|`OC_SERVICE_ACCOUNT_SECRET`
`USERLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| diff --git a/static/env-vars/userlog_readme.md b/static/env-vars/userlog_readme.md index e55816e7..24cef877 100644 --- a/static/env-vars/userlog_readme.md +++ b/static/env-vars/userlog_readme.md @@ -1,6 +1,6 @@ --- title: Userlog -date: 2025-11-27T22:56:02.335031+01:00 +date: 2025-11-11T09:16:41.11344777+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/userlog @@ -67,7 +67,7 @@ For the time being, the configuration which user related events are of interest ## Retrieving -The `userlog` service provides an API to retrieve configured events. For now, this API is mostly following the [oc10 notification GET API](https://doc.owncloud.com/server/next/developer_manual/core/apis/ocs-notification-endpoint-v1.html#get-user-notifications). +The `userlog` service provides an API to retrieve configured events. For now, this API is mostly following the [oc10 notification GET API](https://docs.opencloud.eu/server/next/developer_manual/core/apis/ocs-notification-endpoint-v1.html#get-user-notifications). ## Posting diff --git a/static/env-vars/users-config-example.yaml b/static/env-vars/users-config-example.yaml new file mode 100644 index 00000000..a40f5cb4 --- /dev/null +++ b/static/env-vars/users-config-example.yaml @@ -0,0 +1,77 @@ +# Autogenerated +# Filename: users-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9145 + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:9144 + tls: null + protocol: tcp +token_manager: + jwt_secret: "" +reva: + address: eu.opencloud.api.gateway + tls: + mode: "" + cacert: "" +skip_user_groups_in_token: false +driver: ldap +drivers: + ldap: + uri: ldaps://localhost:9235 + ca_cert: /home/chaser/.opencloud/idm/ldap.crt + insecure: false + bind_dn: uid=reva,ou=sysusers,o=libregraph-idm + bind_password: "" + user_base_dn: ou=users,o=libregraph-idm + group_base_dn: ou=groups,o=libregraph-idm + user_scope: sub + group_scope: sub + user_substring_filter_type: any + user_filter: "" + group_filter: "" + user_object_class: inetOrgPerson + group_object_class: groupOfNames + idp: https://localhost:9200 + disable_user_mechanism: attribute + user_type_attribute: openCloudUserType + ldap_disabled_users_group_dn: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm + user_schema: + id: openclouduuid + tenant_id: "" + id_is_octet_string: false + mail: mail + display_name: displayname + user_name: uid + user_enabled: openclouduserenabled + group_schema: + id: openclouduuid + id_is_octet_string: false + mail: mail + display_name: cn + group_name: cn + member: member + owncloudsql: + db_username: owncloud + db_password: secret + db_host: mysql + db_port: 3306 + db_name: owncloud + idp: https://localhost:9200 + nobody: 90 + join_username: false + join_owncloud_uuid: false + enable_medial_search: false diff --git a/static/env-vars/users_configvars.md b/static/env-vars/users_configvars.md index 96e4a7f8..1beb0411 100644 --- a/static/env-vars/users_configvars.md +++ b/static/env-vars/users_configvars.md @@ -1,61 +1,65 @@ Environment variables for the **users** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`USERS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`USERS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9145`| -|`USERS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`USERS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`USERS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`USERS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9144`| -|`OC_GRPC_PROTOCOL`
`USERS_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GPRC service.`|`tcp`| -|`OC_JWT_SECRET`
`USERS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`| -|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``| -|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``| -|`USERS_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|`false`| -|`USERS_DRIVER`| 1.0.0 |string|`The driver which should be used by the users service. Supported values are 'ldap' and 'owncloudsql'.`|`ldap`| -|`OC_LDAP_URI`
`USERS_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|`ldaps://localhost:9235`| -|`OC_LDAP_CACERT`
`USERS_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|`/var/lib/opencloud/idm/ldap.crt`| -|`OC_LDAP_INSECURE`
`USERS_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|`false`| -|`OC_LDAP_BIND_DN`
`USERS_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|`uid=reva,ou=sysusers,o=libregraph-idm`| -|`OC_LDAP_BIND_PASSWORD`
`USERS_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|``| -|`OC_LDAP_USER_BASE_DN`
`USERS_LDAP_USER_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|`ou=users,o=libregraph-idm`| -|`OC_LDAP_GROUP_BASE_DN`
`USERS_LDAP_GROUP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP groups.`|`ou=groups,o=libregraph-idm`| -|`OC_LDAP_USER_SCOPE`
`USERS_LDAP_USER_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'.`|`sub`| -|`OC_LDAP_GROUP_SCOPE`
`USERS_LDAP_GROUP_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'.`|`sub`| -|`LDAP_USER_SUBSTRING_FILTER_TYPE`
`USERS_LDAP_USER_SUBSTRING_FILTER_TYPE`| 1.0.0 |string|`Type of substring search filter to use for substring searches for users. Possible values: 'initial' for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches`|`any`| -|`OC_LDAP_USER_FILTER`
`USERS_LDAP_USER_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|``| -|`OC_LDAP_GROUP_FILTER`
`USERS_LDAP_GROUP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for group searches.`|``| -|`OC_LDAP_USER_OBJECTCLASS`
`USERS_LDAP_USER_OBJECTCLASS`| 1.0.0 |string|`The object class to use for users in the default user search filter like 'inetOrgPerson'.`|`inetOrgPerson`| -|`OC_LDAP_GROUP_OBJECTCLASS`
`USERS_LDAP_GROUP_OBJECTCLASS`| 1.0.0 |string|`The object class to use for groups in the default group search filter like 'groupOfNames'.`|`groupOfNames`| -|`OC_URL`
`OC_OIDC_ISSUER`
`USERS_IDP_URL`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|`https://localhost:9200`| -|`OC_LDAP_DISABLE_USER_MECHANISM`
`USERS_LDAP_DISABLE_USER_MECHANISM`| 1.0.0 |string|`An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed.`|`attribute`| -|`OC_LDAP_USER_SCHEMA_USER_TYPE`
`USERS_LDAP_USER_TYPE_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'.`|`openCloudUserType`| -|`OC_LDAP_DISABLED_USERS_GROUP_DN`
`USERS_LDAP_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|`cn=DisabledUsersGroup,ou=groups,o=libregraph-idm`| -|`OC_LDAP_USER_SCHEMA_ID`
`USERS_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|`openclouduuid`| -|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`USERS_LDAP_USER_SCHEMA_TENANT_ID`| 4.0.0 |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``| -|`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's.`|`false`| -|`OC_LDAP_USER_SCHEMA_MAIL`
`USERS_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|`mail`| -|`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`USERS_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|`displayname`| -|`OC_LDAP_USER_SCHEMA_USERNAME`
`USERS_LDAP_USER_SCHEMA_USERNAME`| 1.0.0 |string|`LDAP Attribute to use for username of users.`|`uid`| -|`OC_LDAP_USER_ENABLED_ATTRIBUTE`
`USERS_LDAP_USER_ENABLED_ATTRIBUTE`| 1.0.0 |string|`LDAP attribute to use as a flag telling if the user is enabled or disabled.`|`openclouduserenabled`| -|`OC_LDAP_GROUP_SCHEMA_ID`
`USERS_LDAP_GROUP_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID.`|`openclouduuid`| -|`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
`USERS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID's.`|`false`| -|`OC_LDAP_GROUP_SCHEMA_MAIL`
`USERS_LDAP_GROUP_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of groups (can be empty).`|`mail`| -|`OC_LDAP_GROUP_SCHEMA_DISPLAYNAME`
`USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).`|`cn`| -|`OC_LDAP_GROUP_SCHEMA_GROUPNAME`
`USERS_LDAP_GROUP_SCHEMA_GROUPNAME`| 1.0.0 |string|`LDAP Attribute to use for the name of groups.`|`cn`| -|`OC_LDAP_GROUP_SCHEMA_MEMBER`
`USERS_LDAP_GROUP_SCHEMA_MEMBER`| 1.0.0 |string|`LDAP Attribute that is used for group members.`|`member`| -|`USERS_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Database user to use for authenticating with the owncloud database.`|`owncloud`| -|`USERS_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database user.`|`secret`| -|`USERS_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname of the database server.`|`mysql`| -|`USERS_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Network port to use for the database connection.`|`3306`| -|`USERS_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the owncloud database.`|`owncloud`| -|`USERS_OWNCLOUDSQL_IDP`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|`https://localhost:9200`| -|`USERS_OWNCLOUDSQL_NOBODY`| 1.0.0 |int64|`Fallback number if no numeric UID and GID properties are provided.`|`90`| -|`USERS_OWNCLOUDSQL_JOIN_USERNAME`| 1.0.0 |bool|`Join the user properties table to read usernames`|`false`| -|`USERS_OWNCLOUDSQL_JOIN_OWNCLOUD_UUID`| 1.0.0 |bool|`Join the user properties table to read user IDs.`|`false`| -|`USERS_OWNCLOUDSQL_ENABLE_MEDIAL_SEARCH`| 1.0.0 |bool|`Allow 'medial search' when searching for users instead of just doing a prefix search. This allows finding 'Alice' when searching for 'lic'.`|`false`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`USERS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`USERS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`USERS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`USERS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`USERS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`USERS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9145| +|`USERS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`USERS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`USERS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`USERS_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9144| +|`OC_GRPC_PROTOCOL`
`USERS_GRPC_PROTOCOL`| 1.0.0 |string|`The transport protocol of the GPRC service.`|tcp| +|`OC_JWT_SECRET`
`USERS_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| +|`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| +|`USERS_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`USERS_DRIVER`| 1.0.0 |string|`The driver which should be used by the users service. Supported values are 'ldap' and 'owncloudsql'.`|ldap| +|`OC_LDAP_URI`
`USERS_LDAP_URI`| 1.0.0 |string|`URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'`|ldaps://localhost:9235| +|`OC_LDAP_CACERT`
`USERS_LDAP_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm.`|/home/chaser/.opencloud/idm/ldap.crt| +|`OC_LDAP_INSECURE`
`USERS_LDAP_INSECURE`| 1.0.0 |bool|`Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.`|false| +|`OC_LDAP_BIND_DN`
`USERS_LDAP_BIND_DN`| 1.0.0 |string|`LDAP DN to use for simple bind authentication with the target LDAP server.`|uid=reva,ou=sysusers,o=libregraph-idm| +|`OC_LDAP_BIND_PASSWORD`
`USERS_LDAP_BIND_PASSWORD`| 1.0.0 |string|`Password to use for authenticating the 'bind_dn'.`|| +|`OC_LDAP_USER_BASE_DN`
`USERS_LDAP_USER_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP users.`|ou=users,o=libregraph-idm| +|`OC_LDAP_GROUP_BASE_DN`
`USERS_LDAP_GROUP_BASE_DN`| 1.0.0 |string|`Search base DN for looking up LDAP groups.`|ou=groups,o=libregraph-idm| +|`OC_LDAP_USER_SCOPE`
`USERS_LDAP_USER_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'.`|sub| +|`OC_LDAP_GROUP_SCOPE`
`USERS_LDAP_GROUP_SCOPE`| 1.0.0 |string|`LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'.`|sub| +|`LDAP_USER_SUBSTRING_FILTER_TYPE`
`USERS_LDAP_USER_SUBSTRING_FILTER_TYPE`| 1.0.0 |string|`Type of substring search filter to use for substring searches for users. Possible values: 'initial' for doing prefix only searches, 'final' for doing suffix only searches or 'any' for doing full substring searches`|any| +|`OC_LDAP_USER_FILTER`
`USERS_LDAP_USER_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'.`|| +|`OC_LDAP_GROUP_FILTER`
`USERS_LDAP_GROUP_FILTER`| 1.0.0 |string|`LDAP filter to add to the default filters for group searches.`|| +|`OC_LDAP_USER_OBJECTCLASS`
`USERS_LDAP_USER_OBJECTCLASS`| 1.0.0 |string|`The object class to use for users in the default user search filter like 'inetOrgPerson'.`|inetOrgPerson| +|`OC_LDAP_GROUP_OBJECTCLASS`
`USERS_LDAP_GROUP_OBJECTCLASS`| 1.0.0 |string|`The object class to use for groups in the default group search filter like 'groupOfNames'.`|groupOfNames| +|`OC_URL`
`OC_OIDC_ISSUER`
`USERS_IDP_URL`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|https://localhost:9200| +|`OC_LDAP_DISABLE_USER_MECHANISM`
`USERS_LDAP_DISABLE_USER_MECHANISM`| 1.0.0 |string|`An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed.`|attribute| +|`OC_LDAP_USER_SCHEMA_USER_TYPE`
`USERS_LDAP_USER_TYPE_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'.`|openCloudUserType| +|`OC_LDAP_DISABLED_USERS_GROUP_DN`
`USERS_LDAP_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|cn=DisabledUsersGroup,ou=groups,o=libregraph-idm| +|`OC_LDAP_USER_SCHEMA_ID`
`USERS_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|openclouduuid| +|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`USERS_LDAP_USER_SCHEMA_TENANT_ID`| next |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|| +|`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's.`|false| +|`OC_LDAP_USER_SCHEMA_MAIL`
`USERS_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|mail| +|`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`USERS_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|displayname| +|`OC_LDAP_USER_SCHEMA_USERNAME`
`USERS_LDAP_USER_SCHEMA_USERNAME`| 1.0.0 |string|`LDAP Attribute to use for username of users.`|uid| +|`OC_LDAP_USER_ENABLED_ATTRIBUTE`
`USERS_LDAP_USER_ENABLED_ATTRIBUTE`| 1.0.0 |string|`LDAP attribute to use as a flag telling if the user is enabled or disabled.`|openclouduserenabled| +|`OC_LDAP_GROUP_SCHEMA_ID`
`USERS_LDAP_GROUP_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID.`|openclouduuid| +|`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
`USERS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID's.`|false| +|`OC_LDAP_GROUP_SCHEMA_MAIL`
`USERS_LDAP_GROUP_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of groups (can be empty).`|mail| +|`OC_LDAP_GROUP_SCHEMA_DISPLAYNAME`
`USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).`|cn| +|`OC_LDAP_GROUP_SCHEMA_GROUPNAME`
`USERS_LDAP_GROUP_SCHEMA_GROUPNAME`| 1.0.0 |string|`LDAP Attribute to use for the name of groups.`|cn| +|`OC_LDAP_GROUP_SCHEMA_MEMBER`
`USERS_LDAP_GROUP_SCHEMA_MEMBER`| 1.0.0 |string|`LDAP Attribute that is used for group members.`|member| +|`USERS_OWNCLOUDSQL_DB_USERNAME`| 1.0.0 |string|`Database user to use for authenticating with the owncloud database.`|owncloud| +|`USERS_OWNCLOUDSQL_DB_PASSWORD`| 1.0.0 |string|`Password for the database user.`|secret| +|`USERS_OWNCLOUDSQL_DB_HOST`| 1.0.0 |string|`Hostname of the database server.`|mysql| +|`USERS_OWNCLOUDSQL_DB_PORT`| 1.0.0 |int|`Network port to use for the database connection.`|3306| +|`USERS_OWNCLOUDSQL_DB_NAME`| 1.0.0 |string|`Name of the owncloud database.`|owncloud| +|`USERS_OWNCLOUDSQL_IDP`| 1.0.0 |string|`The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.`|https://localhost:9200| +|`USERS_OWNCLOUDSQL_NOBODY`| 1.0.0 |int64|`Fallback number if no numeric UID and GID properties are provided.`|90| +|`USERS_OWNCLOUDSQL_JOIN_USERNAME`| 1.0.0 |bool|`Join the user properties table to read usernames`|false| +|`USERS_OWNCLOUDSQL_JOIN_OWNCLOUD_UUID`| 1.0.0 |bool|`Join the user properties table to read user IDs.`|false| +|`USERS_OWNCLOUDSQL_ENABLE_MEDIAL_SEARCH`| 1.0.0 |bool|`Allow 'medial search' when searching for users instead of just doing a prefix search. This allows finding 'Alice' when searching for 'lic'.`|false| diff --git a/static/env-vars/web-config-example.yaml b/static/env-vars/web-config-example.yaml new file mode 100644 index 00000000..68dc9972 --- /dev/null +++ b/static/env-vars/web-config-example.yaml @@ -0,0 +1,131 @@ +# Autogenerated +# Filename: web-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9104 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9100 + tls: + enabled: false + cert: "" + key: "" + root: / + cache_ttl: 604800 + cors: + allow_origins: + - https://localhost:9200 + allow_methods: + - OPTIONS + - HEAD + - GET + - PUT + - PATCH + - POST + - DELETE + - MKCOL + - PROPFIND + - PROPPATCH + - MOVE + - COPY + - REPORT + - SEARCH + allow_headers: + - Origin + - Accept + - Content-Type + - Depth + - Authorization + - Ocs-Apirequest + - If-None-Match + - If-Match + - Destination + - Overwrite + - X-Request-Id + - X-Requested-With + - Tus-Resumable + - Tus-Checksum-Algorithm + - Upload-Concat + - Upload-Length + - Upload-Metadata + - Upload-Defer-Length + - Upload-Expires + - Upload-Checksum + - Upload-Offset + - X-HTTP-Method-Override + allow_credentials: false +asset: + core_path: /home/chaser/.opencloud/web/assets/core + themes_path: /home/chaser/.opencloud/web/assets/themes + apps_path: /home/chaser/.opencloud/web/assets/apps +file: "" +web: + theme_server: https://localhost:9200 + theme_path: /themes/opencloud/theme.json + config: + server: https://localhost:9200 + oidc: + metadata_url: https://localhost:9200/.well-known/openid-configuration + authority: https://localhost:9200 + client_id: web + response_type: code + scope: openid profile email + post_logout_redirect_uri: "" + apps: + - files + - search + - text-editor + - pdf-viewer + - external + - admin-settings + - epub-reader + - preview + - app-store + applications: [] + external_apps: [] + options: + accountEditLink: null + disableFeedbackLink: false + feedbackLink: null + runningOnEos: false + cernFeatures: false + upload: null + editor: null + contextHelpersReadMore: true + logoutUrl: "" + loginUrl: "" + tokenStorageLocal: true + disabledExtensions: [] + embed: + enabled: "" + target: "" + messagesOrigin: "" + delegateAuthentication: false + delegateAuthenticationOrigin: "" + userListRequiresFilter: false + concurrentRequests: + resourceBatchActions: 0 + sse: 0 + shares: + create: 0 + list: 0 + defaultAppId: "" + styles: [] + scripts: [] + custom_translations: [] +apps: {} +token_manager: + jwt_secret: "" +gateway_addr: eu.opencloud.api.gateway diff --git a/static/env-vars/web_configvars.md b/static/env-vars/web_configvars.md index 6d4b4ed9..f599c2d8 100644 --- a/static/env-vars/web_configvars.md +++ b/static/env-vars/web_configvars.md @@ -1,55 +1,59 @@ Environment variables for the **web** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`WEB_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`WEB_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`WEB_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`WEB_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`WEB_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9104`| -|`WEB_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`WEB_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`WEB_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`WEB_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9100`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`WEB_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`WEB_CACHE_TTL`| 1.0.0 |int|`Cache policy in seconds for OpenCloud Web assets.`|`604800`| -|`OC_CORS_ALLOW_ORIGINS`
`WEB_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[https://localhost:9200]`| -|`OC_CORS_ALLOW_METHODS`
`WEB_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[OPTIONS HEAD GET PUT PATCH POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]`| -|`OC_CORS_ALLOW_HEADERS`
`WEB_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`WEB_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS. See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`false`| -|`WEB_ASSET_CORE_PATH`| 1.0.0 |string|`Serve OpenCloud Web assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/core`|`/var/lib/opencloud/web/assets/core`| -|`OC_ASSET_THEMES_PATH`
`WEB_ASSET_THEMES_PATH`| 1.0.0 |string|`Serve OpenCloud themes from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/themes`|`/var/lib/opencloud/web/assets/themes`| -|`WEB_ASSET_APPS_PATH`| 1.0.0 |string|`Serve OpenCloud Web apps assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/apps`|`/var/lib/opencloud/web/assets/apps`| -|`WEB_UI_CONFIG_FILE`| 1.0.0 |string|`Read the OpenCloud Web json based configuration from this path/file. The config file takes precedence over WEB_OPTION_xxx environment variables. See the text description for more details.`|``| -|`OC_URL`
`WEB_UI_THEME_SERVER`| 1.0.0 |string|`Base URL to load themes from. Will be prepended to the theme path.`|`https://localhost:9200`| -|`WEB_UI_THEME_PATH`| 1.0.0 |string|`Path to the theme json file. Will be appended to the URL of the theme server.`|`/themes/opencloud/theme.json`| -|`OC_URL`
`WEB_UI_CONFIG_SERVER`| 1.0.0 |string|`URL, where the OpenCloud APIs are reachable for OpenCloud Web.`|`https://localhost:9200`| -|`WEB_OIDC_METADATA_URL`| 1.0.0 |string|`URL for the OIDC well-known configuration endpoint. Defaults to the OpenCloud API URL + '/.well-known/openid-configuration'.`|`https://localhost:9200/.well-known/openid-configuration`| -|`OC_URL`
`OC_OIDC_ISSUER`
`WEB_OIDC_AUTHORITY`| 1.0.0 |string|`URL of the OIDC issuer. It defaults to URL of the builtin IDP.`|`https://localhost:9200`| -|`OC_OIDC_CLIENT_ID`
`WEB_OIDC_CLIENT_ID`| 1.0.0 |string|`The OIDC client ID which OpenCloud Web uses. This client needs to be set up in your IDP. Note that this setting has no effect when using the builtin IDP.`|`web`| -|`WEB_OIDC_RESPONSE_TYPE`| 1.0.0 |string|`The OIDC response type to use for authentication.`|`code`| -|`WEB_OIDC_SCOPE`| 1.0.0 |string|`OIDC scopes to request during authentication to authorize access to user details. Defaults to 'openid profile email'. Values are separated by blank. More example values but not limited to are 'address' or 'phone' etc.`|`openid profile email`| -|`WEB_OIDC_POST_LOGOUT_REDIRECT_URI`| 1.0.0 |string|`This value needs to point to a valid and reachable web page. The web client will trigger a redirect to that page directly after the logout action. The default value is empty and redirects to the login page.`|``| -|`WEB_OPTION_DISABLE_FEEDBACK_LINK`| 1.0.0 |bool|`Set this option to 'true' to disable the feedback link in the top bar. Keeping it enabled by setting the value to 'false' or with the absence of the option, allows OpenCloud to get feedback from your user base through a dedicated survey website.`|`false`| -|`WEB_OPTION_RUNNING_ON_EOS`| 1.0.0 |bool|`Set this option to 'true' if running on an EOS storage backend (\https://eos-web.web.cern.ch/eos-web/) to enable its specific features. Defaults to 'false'.`|`false`| -|`WEB_OPTION_CONTEXTHELPERS_READ_MORE`| 1.0.0 |bool|`Specifies whether the 'Read more' link should be displayed or not.`|`true`| -|`WEB_OPTION_LOGOUT_URL`| 1.0.0 |string|`Adds a link to the user's profile page to point him to an external page, where he can manage his session and devices. This is helpful when an external IdP is used. This option is disabled by default.`|``| -|`WEB_OPTION_LOGIN_URL`| 1.0.0 |string|`Specifies the target URL to the login page. This is helpful when an external IdP is used. This option is disabled by default. Example URL like: \https://www.myidp.com/login.`|``| -|`WEB_OPTION_TOKEN_STORAGE_LOCAL`| 1.0.0 |bool|`Specifies whether the access token will be stored in the local storage when set to 'true' or in the session storage when set to 'false'. If stored in the local storage, login state will be persisted across multiple browser tabs, means no additional logins are required.`|`true`| -|`WEB_OPTION_DISABLED_EXTENSIONS`| 1.0.0 |[]string|`A list to disable specific Web extensions identified by their ID. The ID can e.g. be taken from the 'index.ts' file of the web extension. Example: 'com.github.opencloud-eu.web.files.search,com.github.opencloud-eu.web.files.print'. See the Environment Variable Types description for more details.`|`[]`| -|`WEB_OPTION_EMBED_ENABLED`| 1.0.0 |string|`Defines whether Web should be running in 'embed' mode. Setting this to 'true' will enable a stripped down version of Web with reduced functionality used to integrate Web into other applications like via iFrame. Setting it to 'false' or not setting it (default) will run Web as usual with all functionality enabled. See the text description for more details.`|``| -|`WEB_OPTION_EMBED_TARGET`| 1.0.0 |string|`Defines how Web is being integrated when running in 'embed' mode. Currently, the only supported options are '' (empty) and 'location'. With '' which is the default, Web will run regular as defined via the 'embed.enabled' config option. With 'location', Web will run embedded as location picker. Resource selection will be disabled and the selected resources array always includes the current folder as the only item. See the text description for more details.`|``| -|`WEB_OPTION_EMBED_MESSAGES_ORIGIN`| 1.0.0 |string|`Defines a URL under which Web can be integrated via iFrame in 'embed' mode. Note that setting this is mandatory when running Web in 'embed' mode. Use '*' as value to allow running the iFrame under any URL, although this is not recommended for security reasons. See the text description for more details.`|``| -|`WEB_OPTION_EMBED_DELEGATE_AUTHENTICATION`| 1.0.0 |bool|`Defines whether Web should require authentication to be done by the parent application when running in 'embed' mode. If set to 'true' Web will not try to authenticate the user on its own but will require an access token coming from the parent application. Defaults to being unset.`|`false`| -|`WEB_OPTION_EMBED_DELEGATE_AUTHENTICATION_ORIGIN`| 1.0.0 |string|`Defines the host to validate the message event origin against when running Web in 'embed' mode with delegated authentication. Defaults to event message origin validation being omitted, which is only recommended for development setups.`|``| -|`WEB_OPTION_USER_LIST_REQUIRES_FILTER`| 1.0.0 |bool|`Defines whether one or more filters must be set in order to list users in the Web admin settings. Set this option to 'true' if running in an environment with a lot of users and listing all users could slow down performance. Defaults to 'false'.`|`false`| -|`WEB_OPTION_CONCURRENT_REQUESTS_RESOURCE_BATCH_ACTIONS`| 1.0.0 |int|`Defines the maximum number of concurrent requests per file/folder/space batch action. Defaults to 4.`|`0`| -|`WEB_OPTION_CONCURRENT_REQUESTS_SSE`| 1.0.0 |int|`Defines the maximum number of concurrent requests in SSE event handlers. Defaults to 4.`|`0`| -|`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_CREATE`| 1.0.0 |int|`Defines the maximum number of concurrent requests per sharing invite batch. Defaults to 4.`|`0`| -|`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_LIST`| 1.0.0 |int|`Defines the maximum number of concurrent requests when loading individual share information inside listings. Defaults to 2.`|`0`| -|`WEB_OPTION_DEFAULT_APP_ID`| 4.0.0 |string|`Defines the entrypoint for the web ui.`|``| -|`OC_JWT_SECRET`
`WEB_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``| -|`WEB_GATEWAY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`eu.opencloud.api.gateway`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`WEB_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`WEB_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`WEB_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`WEB_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`WEB_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`WEB_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`WEB_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`WEB_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`WEB_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9104| +|`WEB_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`WEB_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`WEB_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`WEB_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9100| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`WEB_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`WEB_CACHE_TTL`| 1.0.0 |int|`Cache policy in seconds for OpenCloud Web assets.`|604800| +|`OC_CORS_ALLOW_ORIGINS`
`WEB_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[https://localhost:9200]| +|`OC_CORS_ALLOW_METHODS`
`WEB_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[OPTIONS HEAD GET PUT PATCH POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]| +|`OC_CORS_ALLOW_HEADERS`
`WEB_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override]| +|`OC_CORS_ALLOW_CREDENTIALS`
`WEB_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS. See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|false| +|`WEB_ASSET_CORE_PATH`| 1.0.0 |string|`Serve OpenCloud Web assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/core`|/home/chaser/.opencloud/web/assets/core| +|`OC_ASSET_THEMES_PATH`
`WEB_ASSET_THEMES_PATH`| 1.0.0 |string|`Serve OpenCloud themes from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/themes`|/home/chaser/.opencloud/web/assets/themes| +|`WEB_ASSET_APPS_PATH`| 1.0.0 |string|`Serve OpenCloud Web apps assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OC_BASE_DATA_PATH/web/assets/apps`|/home/chaser/.opencloud/web/assets/apps| +|`WEB_UI_CONFIG_FILE`| 1.0.0 |string|`Read the OpenCloud Web json based configuration from this path/file. The config file takes precedence over WEB_OPTION_xxx environment variables. See the text description for more details.`|| +|`OC_URL`
`WEB_UI_THEME_SERVER`| 1.0.0 |string|`Base URL to load themes from. Will be prepended to the theme path.`|https://localhost:9200| +|`WEB_UI_THEME_PATH`| 1.0.0 |string|`Path to the theme json file. Will be appended to the URL of the theme server.`|/themes/opencloud/theme.json| +|`OC_URL`
`WEB_UI_CONFIG_SERVER`| 1.0.0 |string|`URL, where the OpenCloud APIs are reachable for OpenCloud Web.`|https://localhost:9200| +|`WEB_OIDC_METADATA_URL`| 1.0.0 |string|`URL for the OIDC well-known configuration endpoint. Defaults to the OpenCloud API URL + '/.well-known/openid-configuration'.`|https://localhost:9200/.well-known/openid-configuration| +|`OC_URL`
`OC_OIDC_ISSUER`
`WEB_OIDC_AUTHORITY`| 1.0.0 |string|`URL of the OIDC issuer. It defaults to URL of the builtin IDP.`|https://localhost:9200| +|`OC_OIDC_CLIENT_ID`
`WEB_OIDC_CLIENT_ID`| 1.0.0 |string|`The OIDC client ID which OpenCloud Web uses. This client needs to be set up in your IDP. Note that this setting has no effect when using the builtin IDP.`|web| +|`WEB_OIDC_RESPONSE_TYPE`| 1.0.0 |string|`The OIDC response type to use for authentication.`|code| +|`WEB_OIDC_SCOPE`| 1.0.0 |string|`OIDC scopes to request during authentication to authorize access to user details. Defaults to 'openid profile email'. Values are separated by blank. More example values but not limited to are 'address' or 'phone' etc.`|openid profile email| +|`WEB_OIDC_POST_LOGOUT_REDIRECT_URI`| 1.0.0 |string|`This value needs to point to a valid and reachable web page. The web client will trigger a redirect to that page directly after the logout action. The default value is empty and redirects to the login page.`|| +|`WEB_OPTION_DISABLE_FEEDBACK_LINK`| 1.0.0 |bool|`Set this option to 'true' to disable the feedback link in the top bar. Keeping it enabled by setting the value to 'false' or with the absence of the option, allows OpenCloud to get feedback from your user base through a dedicated survey website.`|false| +|`WEB_OPTION_RUNNING_ON_EOS`| 1.0.0 |bool|`Set this option to 'true' if running on an EOS storage backend (\https://eos-web.web.cern.ch/eos-web/) to enable its specific features. Defaults to 'false'.`|false| +|`WEB_OPTION_CONTEXTHELPERS_READ_MORE`| 1.0.0 |bool|`Specifies whether the 'Read more' link should be displayed or not.`|true| +|`WEB_OPTION_LOGOUT_URL`| 1.0.0 |string|`Adds a link to the user's profile page to point him to an external page, where he can manage his session and devices. This is helpful when an external IdP is used. This option is disabled by default.`|| +|`WEB_OPTION_LOGIN_URL`| 1.0.0 |string|`Specifies the target URL to the login page. This is helpful when an external IdP is used. This option is disabled by default. Example URL like: \https://www.myidp.com/login.`|| +|`WEB_OPTION_TOKEN_STORAGE_LOCAL`| 1.0.0 |bool|`Specifies whether the access token will be stored in the local storage when set to 'true' or in the session storage when set to 'false'. If stored in the local storage, login state will be persisted across multiple browser tabs, means no additional logins are required.`|true| +|`WEB_OPTION_DISABLED_EXTENSIONS`| 1.0.0 |[]string|`A list to disable specific Web extensions identified by their ID. The ID can e.g. be taken from the 'index.ts' file of the web extension. Example: 'com.github.opencloud-eu.web.files.search,com.github.opencloud-eu.web.files.print'. See the Environment Variable Types description for more details.`|[]| +|`WEB_OPTION_EMBED_ENABLED`| 1.0.0 |string|`Defines whether Web should be running in 'embed' mode. Setting this to 'true' will enable a stripped down version of Web with reduced functionality used to integrate Web into other applications like via iFrame. Setting it to 'false' or not setting it (default) will run Web as usual with all functionality enabled. See the text description for more details.`|| +|`WEB_OPTION_EMBED_TARGET`| 1.0.0 |string|`Defines how Web is being integrated when running in 'embed' mode. Currently, the only supported options are '' (empty) and 'location'. With '' which is the default, Web will run regular as defined via the 'embed.enabled' config option. With 'location', Web will run embedded as location picker. Resource selection will be disabled and the selected resources array always includes the current folder as the only item. See the text description for more details.`|| +|`WEB_OPTION_EMBED_MESSAGES_ORIGIN`| 1.0.0 |string|`Defines a URL under which Web can be integrated via iFrame in 'embed' mode. Note that setting this is mandatory when running Web in 'embed' mode. Use '*' as value to allow running the iFrame under any URL, although this is not recommended for security reasons. See the text description for more details.`|| +|`WEB_OPTION_EMBED_DELEGATE_AUTHENTICATION`| 1.0.0 |bool|`Defines whether Web should require authentication to be done by the parent application when running in 'embed' mode. If set to 'true' Web will not try to authenticate the user on its own but will require an access token coming from the parent application. Defaults to being unset.`|false| +|`WEB_OPTION_EMBED_DELEGATE_AUTHENTICATION_ORIGIN`| 1.0.0 |string|`Defines the host to validate the message event origin against when running Web in 'embed' mode with delegated authentication. Defaults to event message origin validation being omitted, which is only recommended for development setups.`|| +|`WEB_OPTION_USER_LIST_REQUIRES_FILTER`| 1.0.0 |bool|`Defines whether one or more filters must be set in order to list users in the Web admin settings. Set this option to 'true' if running in an environment with a lot of users and listing all users could slow down performance. Defaults to 'false'.`|false| +|`WEB_OPTION_CONCURRENT_REQUESTS_RESOURCE_BATCH_ACTIONS`| 1.0.0 |int|`Defines the maximum number of concurrent requests per file/folder/space batch action. Defaults to 4.`|0| +|`WEB_OPTION_CONCURRENT_REQUESTS_SSE`| 1.0.0 |int|`Defines the maximum number of concurrent requests in SSE event handlers. Defaults to 4.`|0| +|`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_CREATE`| 1.0.0 |int|`Defines the maximum number of concurrent requests per sharing invite batch. Defaults to 4.`|0| +|`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_LIST`| 1.0.0 |int|`Defines the maximum number of concurrent requests when loading individual share information inside listings. Defaults to 2.`|0| +|`WEB_OPTION_DEFAULT_APP_ID`| next |string|`Defines the entrypoint for the web ui.`|| +|`OC_JWT_SECRET`
`WEB_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| +|`WEB_GATEWAY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|eu.opencloud.api.gateway| diff --git a/static/env-vars/web_readme.md b/static/env-vars/web_readme.md index 4dbda35d..b331d6a2 100644 --- a/static/env-vars/web_readme.md +++ b/static/env-vars/web_readme.md @@ -1,6 +1,6 @@ --- title: Web -date: 2025-11-27T22:56:02.335267+01:00 +date: 2025-11-11T09:16:41.113549492+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/web @@ -38,7 +38,7 @@ The web service also provides a minimal API for branding functionality like chan If you want to use your custom compiled web client assets instead of the embedded ones, then you can do that by setting the `WEB_ASSET_CORE_PATH` variable to point to your compiled files. -See [OpenCloud Web / Getting Started](https://docs.opencloud.eu/clients/web/getting-started/) for more details. +See [OpenCloud Web / Getting Started](https://docs.opencloud.eu/clients/web/getting-started/) and [OpenCloud Web / Setup with OpenCloud](https://docs.opencloud.eu/clients/web/backend-opencloud/) for more details. ## Web UI Configuration @@ -61,7 +61,7 @@ with a [json based](https://github.com/opencloud-eu/web/tree/master/config) file Web can be consumed by another application in a stripped down version called “Embed mode”. This mode is supposed to be used in the context of selecting or sharing resources. -For more details see the developer documentation [OpenCloud Web / Embed Mode](https://docs.opencloud.eu/docs/dev/web/embed-mode). +For more details see the developer documentation [OpenCloud Web / Embed Mode](https://docs.opencloud.eu/clients/web/embed-mode/). See the environment variables: `WEB_OPTION_MODE` and `WEB_OPTION_EMBED_TARGET` to configure the embedded mode. ## Web Apps diff --git a/static/env-vars/webdav-config-example.yaml b/static/env-vars/webdav-config-example.yaml new file mode 100644 index 00000000..14900fa7 --- /dev/null +++ b/static/env-vars/webdav-config-example.yaml @@ -0,0 +1,51 @@ +# Autogenerated +# Filename: webdav-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9119 + token: "" + pprof: false + zpages: false +grpc_client_tls: null +http: + addr: 127.0.0.1:9115 + root: / + cors: + allow_origins: + - '*' + allow_methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + allow_headers: + - Authorization + - Origin + - Content-Type + - Accept + - X-Requested-With + - X-Request-Id + - Cache-Control + allow_credentials: true + tls: + enabled: false + cert: "" + key: "" +disablePreviews: false +opencloud_public_url: https://localhost:9200 +webdav_namespace: /users/{{.Id.OpaqueId}} +reva_gateway: eu.opencloud.api.gateway +reva_gateway_tls_mode: "" +reva_gateway_tls_cacert: "" diff --git a/static/env-vars/webdav_configvars.md b/static/env-vars/webdav_configvars.md index eaa32876..8229d0ec 100644 --- a/static/env-vars/webdav_configvars.md +++ b/static/env-vars/webdav_configvars.md @@ -1,25 +1,31 @@ Environment variables for the **webdav** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`WEBDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`WEBDAV_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`WEBDAV_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`WEBDAV_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`WEBDAV_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9119`| -|`WEBDAV_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`WEBDAV_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`WEBDAV_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`WEBDAV_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9115`| -|`WEBDAV_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`OC_CORS_ALLOW_ORIGINS`
`WEBDAV_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[*]`| -|`OC_CORS_ALLOW_METHODS`
`WEBDAV_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[GET POST PUT PATCH DELETE OPTIONS]`| -|`OC_CORS_ALLOW_HEADERS`
`WEBDAV_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`WEBDAV_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`true`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`OC_DISABLE_PREVIEWS`
`WEBDAV_DISABLE_PREVIEWS`| 1.0.0 |bool|`Set this option to 'true' to disable rendering of thumbnails triggered via webdav access. Note that when disabled, all access to preview related webdav paths will return a 404.`|`false`| -|`OC_URL`
`OC_PUBLIC_URL`| 1.0.0 |string|`URL, where OpenCloud is reachable for users.`|`https://localhost:9200`| -|`WEBDAV_WEBDAV_NAMESPACE`| 1.0.0 |string|`CS3 path layout to use when forwarding /webdav requests`|`/users/{{.Id.OpaqueId}}`| -|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|`eu.opencloud.api.gateway`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`WEBDAV_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`WEBDAV_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`WEBDAV_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`WEBDAV_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`WEBDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`WEBDAV_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`WEBDAV_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`WEBDAV_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`WEBDAV_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9119| +|`WEBDAV_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`WEBDAV_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`WEBDAV_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`WEBDAV_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9115| +|`WEBDAV_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`OC_CORS_ALLOW_ORIGINS`
`WEBDAV_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[*]| +|`OC_CORS_ALLOW_METHODS`
`WEBDAV_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[GET POST PUT PATCH DELETE OPTIONS]| +|`OC_CORS_ALLOW_HEADERS`
`WEBDAV_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control]| +|`OC_CORS_ALLOW_CREDENTIALS`
`WEBDAV_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|true| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`OC_DISABLE_PREVIEWS`
`WEBDAV_DISABLE_PREVIEWS`| 1.0.0 |bool|`Set this option to 'true' to disable rendering of thumbnails triggered via webdav access. Note that when disabled, all access to preview related webdav paths will return a 404.`|false| +|`OC_URL`
`OC_PUBLIC_URL`| 1.0.0 |string|`URL, where OpenCloud is reachable for users.`|https://localhost:9200| +|`WEBDAV_WEBDAV_NAMESPACE`| 1.0.0 |string|`CS3 path layout to use when forwarding /webdav requests`|/users/{{.Id.OpaqueId}}| +|`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|eu.opencloud.api.gateway| +|`OC_REVA_GATEWAY_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| +|`OC_REVA_GATEWAY_TLS_CACERT`| 1.0.0 |string|`The root CA certificate used to validate the gateway's TLS certificate.`|| diff --git a/static/env-vars/webdav_readme.md b/static/env-vars/webdav_readme.md index 01c2e503..fcb55075 100644 --- a/static/env-vars/webdav_readme.md +++ b/static/env-vars/webdav_readme.md @@ -1,6 +1,6 @@ --- title: Webdav -date: 2025-11-27T22:56:02.335343+01:00 +date: 2025-11-11T09:16:41.113666081+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/webdav diff --git a/static/env-vars/webfinger-config-example.yaml b/static/env-vars/webfinger-config-example.yaml new file mode 100644 index 00000000..4c59864a --- /dev/null +++ b/static/env-vars/webfinger-config-example.yaml @@ -0,0 +1,44 @@ +# Autogenerated +# Filename: webfinger-config-example.yaml + +tracing: + enabled: false + type: "" + endpoint: "" + collector: "" +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: 127.0.0.1:9279 + token: "" + pprof: false + zpages: false +http: + addr: 127.0.0.1:9275 + root: / + cors: + allow_origins: + - https://localhost:9200 + allow_methods: [] + allow_headers: [] + allow_credentials: false + tls: + enabled: false + cert: "" + key: "" +instances: +- claim: sub + regex: .+ + href: '{{.OC_URL}}' + titles: + en: OpenCloud Instance + break: false +relations: +- http://openid.net/specs/connect/1.0/issuer +- http://webfinger.opencloud/rel/server-instance +idp: https://localhost:9200 +opencloud_url: https://localhost:9200 +insecure: false diff --git a/static/env-vars/webfinger_configvars.md b/static/env-vars/webfinger_configvars.md index 08733164..80cb2a83 100644 --- a/static/env-vars/webfinger_configvars.md +++ b/static/env-vars/webfinger_configvars.md @@ -1,25 +1,29 @@ Environment variables for the **webfinger** service | Name | Introduction Version | Type | Description | Default Value | -|---|---|---|---|:---| -|`OC_LOG_LEVEL`
`WEBFINGER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``| -|`OC_LOG_PRETTY`
`WEBFINGER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`| -|`OC_LOG_COLOR`
`WEBFINGER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`| -|`OC_LOG_FILE`
`WEBFINGER_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|``| -|`WEBFINGER_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|`127.0.0.1:9279`| -|`WEBFINGER_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``| -|`WEBFINGER_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`| -|`WEBFINGER_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`| -|`WEBFINGER_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|`127.0.0.1:9275`| -|`WEBFINGER_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|`/`| -|`OC_CORS_ALLOW_ORIGINS`
`WEBFINGER_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|`[https://localhost:9200]`| -|`OC_CORS_ALLOW_METHODS`
`WEBFINGER_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|`[]`| -|`OC_CORS_ALLOW_HEADERS`
`WEBFINGER_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|`[]`| -|`OC_CORS_ALLOW_CREDENTIALS`
`WEBFINGER_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|`false`| -|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|`false`| -|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|``| -|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|``| -|`WEBFINGER_RELATIONS`| 1.0.0 |[]string|`A list of relation URIs or registered relation types to add to webfinger responses. See the Environment Variable Types description for more details.`|`[http://openid.net/specs/connect/1.0/issuer http://webfinger.opencloud/rel/server-instance]`| -|`OC_URL`
`OC_OIDC_ISSUER`
`WEBFINGER_OIDC_ISSUER`| 1.0.0 |string|`The identity provider href for the openid-discovery relation.`|`https://localhost:9200`| -|`OC_URL`
`WEBFINGER_OPENCLOUD_SERVER_INSTANCE_URL`| 1.0.0 |string|`The URL for the legacy OpenCloud server instance relation (not to be confused with the product OpenCloud Server). It defaults to the OC_URL but can be overridden to support some reverse proxy corner cases. To shard the deployment, multiple instances can be configured in the configuration file.`|`https://localhost:9200`| -|`OC_INSECURE`
`WEBFINGER_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the WEBFINGER service.`|`false`| +|---|---|---|---|---| +|`OC_TRACING_ENABLED`
`WEBFINGER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| +|`OC_TRACING_TYPE`
`WEBFINGER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| +|`OC_TRACING_ENDPOINT`
`WEBFINGER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| +|`OC_TRACING_COLLECTOR`
`WEBFINGER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| +|`OC_LOG_LEVEL`
`WEBFINGER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| +|`OC_LOG_PRETTY`
`WEBFINGER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| +|`OC_LOG_COLOR`
`WEBFINGER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| +|`OC_LOG_FILE`
`WEBFINGER_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`WEBFINGER_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9279| +|`WEBFINGER_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| +|`WEBFINGER_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| +|`WEBFINGER_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| +|`WEBFINGER_HTTP_ADDR`| 1.0.0 |string|`The bind address of the HTTP service.`|127.0.0.1:9275| +|`WEBFINGER_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| +|`OC_CORS_ALLOW_ORIGINS`
`WEBFINGER_CORS_ALLOW_ORIGINS`| 1.0.0 |[]string|`A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.`|[https://localhost:9200]| +|`OC_CORS_ALLOW_METHODS`
`WEBFINGER_CORS_ALLOW_METHODS`| 1.0.0 |[]string|`A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.`|[]| +|`OC_CORS_ALLOW_HEADERS`
`WEBFINGER_CORS_ALLOW_HEADERS`| 1.0.0 |[]string|`A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.`|[]| +|`OC_CORS_ALLOW_CREDENTIALS`
`WEBFINGER_CORS_ALLOW_CREDENTIALS`| 1.0.0 |bool|`Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.`|false| +|`OC_HTTP_TLS_ENABLED`| 1.0.0 |bool|`Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.`|false| +|`OC_HTTP_TLS_CERTIFICATE`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the http services.`|| +|`OC_HTTP_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.`|| +|`WEBFINGER_RELATIONS`| 1.0.0 |[]string|`A list of relation URIs or registered relation types to add to webfinger responses. See the Environment Variable Types description for more details.`|[http://openid.net/specs/connect/1.0/issuer http://webfinger.opencloud/rel/server-instance]| +|`OC_URL`
`OC_OIDC_ISSUER`
`WEBFINGER_OIDC_ISSUER`| 1.0.0 |string|`The identity provider href for the openid-discovery relation.`|https://localhost:9200| +|`OC_URL`
`WEBFINGER_OPENCLOUD_SERVER_INSTANCE_URL`| 1.0.0 |string|`The URL for the legacy OpenCloud server instance relation (not to be confused with the product OpenCloud Server). It defaults to the OC_URL but can be overridden to support some reverse proxy corner cases. To shard the deployment, multiple instances can be configured in the configuration file.`|https://localhost:9200| +|`OC_INSECURE`
`WEBFINGER_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the WEBFINGER service.`|false| diff --git a/static/env-vars/webfinger_readme.md b/static/env-vars/webfinger_readme.md index 39185961..23f283c3 100644 --- a/static/env-vars/webfinger_readme.md +++ b/static/env-vars/webfinger_readme.md @@ -1,6 +1,6 @@ --- title: Webfinger -date: 2025-11-27T22:56:02.335416+01:00 +date: 2025-11-11T09:16:41.113754818+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/webfinger From 2db2cb93e3dd381f3224e13781bd0f41b5b3e08a Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 13 Jan 2026 10:10:24 +0100 Subject: [PATCH 2/2] Update docs with latest env vars --- .../env-vars/activitylog-config-example.yaml | 11 +-- static/env-vars/activitylog_configvars.md | 15 +--- static/env-vars/activitylog_readme.md | 2 +- static/env-vars/antivirus-config-example.yaml | 11 +-- static/env-vars/antivirus_configvars.md | 11 +-- static/env-vars/antivirus_readme.md | 10 +-- .../env-vars/app-provider-config-example.yaml | 11 +-- static/env-vars/app-provider_configvars.md | 9 +-- static/env-vars/app-provider_readme.md | 2 +- .../env-vars/app-registry-config-example.yaml | 11 +-- static/env-vars/app-registry_configvars.md | 9 +-- static/env-vars/app-registry_readme.md | 2 +- static/env-vars/audit-config-example.yaml | 11 +-- static/env-vars/audit_configvars.md | 11 +-- static/env-vars/audit_readme.md | 2 +- static/env-vars/auth-app-config-example.yaml | 11 +-- static/env-vars/auth-app_configvars.md | 25 +++--- static/env-vars/auth-app_readme.md | 10 +-- .../env-vars/auth-basic-config-example.yaml | 11 +-- static/env-vars/auth-basic_configvars.md | 11 +-- static/env-vars/auth-basic_readme.md | 2 +- .../env-vars/auth-bearer-config-example.yaml | 11 +-- static/env-vars/auth-bearer_configvars.md | 9 +-- static/env-vars/auth-bearer_readme.md | 2 +- .../env-vars/auth-machine-config-example.yaml | 11 +-- static/env-vars/auth-machine_configvars.md | 9 +-- static/env-vars/auth-machine_readme.md | 2 +- .../env-vars/auth-service-config-example.yaml | 11 +-- static/env-vars/auth-service_configvars.md | 9 +-- static/env-vars/auth-service_readme.md | 2 +- static/env-vars/clientlog-config-example.yaml | 11 +-- static/env-vars/clientlog_configvars.md | 11 +-- static/env-vars/clientlog_readme.md | 2 +- .../collaboration-config-example.yaml | 11 +-- static/env-vars/collaboration_configvars.md | 11 +-- static/env-vars/collaboration_readme.md | 2 +- .../env-vars/eventhistory-config-example.yaml | 11 +-- static/env-vars/eventhistory_configvars.md | 11 +-- static/env-vars/eventhistory_readme.md | 2 +- static/env-vars/extended_configvars.md | 27 +++++++ static/env-vars/frontend-config-example.yaml | 34 +++++--- static/env-vars/frontend_configvars.md | 32 +++++--- static/env-vars/frontend_readme.md | 6 +- static/env-vars/gateway-config-example.yaml | 11 +-- static/env-vars/gateway_configvars.md | 9 +-- static/env-vars/gateway_readme.md | 8 +- static/env-vars/global_configvars.md | 81 +++++++++---------- static/env-vars/graph-config-example.yaml | 11 +-- static/env-vars/graph_configvars.md | 23 ++---- static/env-vars/graph_readme.md | 28 +++---- static/env-vars/groups-config-example.yaml | 11 +-- static/env-vars/groups_configvars.md | 9 +-- static/env-vars/groups_readme.md | 2 +- static/env-vars/idm-config-example.yaml | 11 +-- static/env-vars/idm_configvars.md | 9 +-- static/env-vars/idm_readme.md | 2 +- static/env-vars/idp-config-example.yaml | 11 +-- static/env-vars/idp_configvars.md | 11 +-- static/env-vars/idp_readme.md | 4 +- .../env-vars/invitations-config-example.yaml | 11 +-- static/env-vars/invitations_configvars.md | 9 +-- static/env-vars/invitations_readme.md | 2 +- static/env-vars/nats-config-example.yaml | 11 +-- static/env-vars/nats_configvars.md | 9 +-- static/env-vars/nats_readme.md | 2 +- .../notifications-config-example.yaml | 11 +-- static/env-vars/notifications_configvars.md | 11 +-- static/env-vars/notifications_readme.md | 2 +- static/env-vars/ocm-config-example.yaml | 13 +-- static/env-vars/ocm_configvars.md | 13 +-- static/env-vars/ocm_readme.md | 12 +-- static/env-vars/ocs-config-example.yaml | 11 +-- static/env-vars/ocs_configvars.md | 9 +-- static/env-vars/ocs_readme.md | 2 +- static/env-vars/policies-config-example.yaml | 11 +-- static/env-vars/policies_configvars.md | 11 +-- static/env-vars/policies_readme.md | 6 +- .../postprocessing-config-example.yaml | 11 +-- static/env-vars/postprocessing_configvars.md | 15 +--- static/env-vars/postprocessing_readme.md | 2 +- static/env-vars/proxy-config-example.yaml | 34 ++++---- static/env-vars/proxy_configvars.md | 14 +--- static/env-vars/proxy_readme.md | 4 +- static/env-vars/search-config-example.yaml | 13 +-- static/env-vars/search_configvars.md | 51 +++++------- static/env-vars/search_readme.md | 2 +- static/env-vars/settings-config-example.yaml | 11 +-- static/env-vars/settings_configvars.md | 9 +-- static/env-vars/settings_readme.md | 2 +- static/env-vars/sharing-config-example.yaml | 11 +-- static/env-vars/sharing_configvars.md | 11 +-- static/env-vars/sharing_readme.md | 2 +- static/env-vars/sse-config-example.yaml | 11 +-- static/env-vars/sse_configvars.md | 11 +-- static/env-vars/sse_readme.md | 2 +- .../storage-publiclink-config-example.yaml | 11 +-- .../env-vars/storage-publiclink_configvars.md | 9 +-- static/env-vars/storage-publiclink_readme.md | 4 +- .../storage-shares-config-example.yaml | 11 +-- static/env-vars/storage-shares_configvars.md | 9 +-- static/env-vars/storage-shares_readme.md | 4 +- .../storage-system-config-example.yaml | 11 +-- static/env-vars/storage-system_configvars.md | 9 +-- static/env-vars/storage-system_readme.md | 2 +- .../storage-users-config-example.yaml | 11 +-- static/env-vars/storage-users_configvars.md | 19 ++--- static/env-vars/storage-users_readme.md | 2 +- .../env-vars/thumbnails-config-example.yaml | 11 +-- static/env-vars/thumbnails_configvars.md | 9 +-- static/env-vars/thumbnails_readme.md | 2 +- static/env-vars/userlog-config-example.yaml | 11 +-- static/env-vars/userlog_configvars.md | 11 +-- static/env-vars/userlog_readme.md | 4 +- static/env-vars/users-config-example.yaml | 11 +-- static/env-vars/users_configvars.md | 11 +-- static/env-vars/users_readme.md | 2 +- static/env-vars/web-config-example.yaml | 11 +-- static/env-vars/web_configvars.md | 11 +-- static/env-vars/web_readme.md | 6 +- static/env-vars/webdav-config-example.yaml | 13 +-- static/env-vars/webdav_configvars.md | 11 +-- static/env-vars/webdav_readme.md | 4 +- static/env-vars/webfinger-config-example.yaml | 11 +-- static/env-vars/webfinger_configvars.md | 9 +-- static/env-vars/webfinger_readme.md | 2 +- 125 files changed, 356 insertions(+), 944 deletions(-) diff --git a/static/env-vars/activitylog-config-example.yaml b/static/env-vars/activitylog-config-example.yaml index 3ada4ff7..8641ec98 100644 --- a/static/env-vars/activitylog-config-example.yaml +++ b/static/env-vars/activitylog-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: activitylog-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9197 token: "" diff --git a/static/env-vars/activitylog_configvars.md b/static/env-vars/activitylog_configvars.md index 9cc673ba..41781b93 100644 --- a/static/env-vars/activitylog_configvars.md +++ b/static/env-vars/activitylog_configvars.md @@ -2,21 +2,14 @@ Environment variables for the **activitylog** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`ACTIVITYLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`ACTIVITYLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`ACTIVITYLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`ACTIVITYLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`ACTIVITYLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`ACTIVITYLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`ACTIVITYLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`ACTIVITYLOG_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`ACTIVITYLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`ACTIVITYLOG_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9197| |`ACTIVITYLOG_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`ACTIVITYLOG_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| |`ACTIVITYLOG_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| |`OC_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| @@ -43,5 +36,5 @@ Environment variables for the **activitylog** service |`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|en| |`OC_SERVICE_ACCOUNT_ID`
`ACTIVITYLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| |`OC_SERVICE_ACCOUNT_SECRET`
`ACTIVITYLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| -|`ACTIVITYLOG_WRITE_BUFFER_DURATION`| next |Duration|`The duration to wait before flushing the write buffer. This is used to reduce the number of writes to the store.`|10s| -|`ACTIVITYLOG_MAX_ACTIVITIES`| next |int|`The maximum number of activities to keep in the store per resource. If the number of activities exceeds this value, the oldest activities will be removed.`|6000| +|`ACTIVITYLOG_WRITE_BUFFER_DURATION`| 4.0.0 |Duration|`The duration to wait before flushing the write buffer. This is used to reduce the number of writes to the store.`|10s| +|`ACTIVITYLOG_MAX_ACTIVITIES`| 4.0.0 |int|`The maximum number of activities to keep in the store per resource. If the number of activities exceeds this value, the oldest activities will be removed.`|6000| diff --git a/static/env-vars/activitylog_readme.md b/static/env-vars/activitylog_readme.md index ba38c0f5..9e9aad1e 100644 --- a/static/env-vars/activitylog_readme.md +++ b/static/env-vars/activitylog_readme.md @@ -1,6 +1,6 @@ --- title: Activitylog -date: 2025-11-11T09:16:41.110602908+01:00 +date: 2026-01-13T10:10:18.221111046+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/activitylog diff --git a/static/env-vars/antivirus-config-example.yaml b/static/env-vars/antivirus-config-example.yaml index 4e2b6e47..95ab8770 100644 --- a/static/env-vars/antivirus-config-example.yaml +++ b/static/env-vars/antivirus-config-example.yaml @@ -2,21 +2,12 @@ # Filename: antivirus-config-example.yaml file: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9277 token: "" pprof: false zpages: false -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" infected-file-handling: delete events: endpoint: 127.0.0.1:9233 diff --git a/static/env-vars/antivirus_configvars.md b/static/env-vars/antivirus_configvars.md index 9098a917..02532888 100644 --- a/static/env-vars/antivirus_configvars.md +++ b/static/env-vars/antivirus_configvars.md @@ -2,22 +2,15 @@ Environment variables for the **antivirus** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_LOG_LEVEL`
`ANTIVIRUS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`ANTIVIRUS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`ANTIVIRUS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`ANTIVIRUS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`ANTIVIRUS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`ANTIVIRUS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9277| |`ANTIVIRUS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`ANTIVIRUS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| |`ANTIVIRUS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| -|`OC_TRACING_ENABLED`
`ANTIVIRUS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`ANTIVIRUS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`ANTIVIRUS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`ANTIVIRUS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| |`ANTIVIRUS_INFECTED_FILE_HANDLING`| 1.0.0 |string|`Defines the behaviour when a virus has been found. Supported options are: 'delete', 'continue' and 'abort '. Delete will delete the file. Continue will mark the file as infected but continues further processing. Abort will keep the file in the uploads folder for further admin inspection and will not move it to its final destination.`|delete| |`OC_EVENTS_ENDPOINT`
`ANTIVIRUS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`ANTIVIRUS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`ANTIVIRUS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`ANTIVIRUS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`ANTIVIRUS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided ANTIVIRUS_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`ANTIVIRUS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`ANTIVIRUS_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/antivirus_readme.md b/static/env-vars/antivirus_readme.md index 17504b29..ecdf003f 100644 --- a/static/env-vars/antivirus_readme.md +++ b/static/env-vars/antivirus_readme.md @@ -1,6 +1,6 @@ --- title: Antivirus -date: 2025-11-11T09:16:41.11069431+01:00 +date: 2026-01-13T10:10:18.221217477+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/antivirus @@ -63,13 +63,13 @@ Several factors can make it necessary to limit the maximum filesize the antiviru Use the `ANTIVIRUS_MAX_SCAN_SIZE` environment variable to scan only a given number of bytes, or to skip the whole resource. -Even if it's recommended to scan the whole file, several factors like scanner type and version, +Even if it is recommended to scan the whole file, several factors like scanner type and version, bandwidth, performance issues, etc. might make a limit necessary. -In such cases, the antivirus the max scan size mode can be handy, the following modes are available: +In such cases, the antivirus max scan size mode can be handy, the following modes are available: - - `partial`: The file is scanned up to the given size. The rest of the file is not scanned. This is the default mode `ANTIVIRUS_MAX_SCAN_SIZE=partial` - - `skip`: The file is skipped and not scanned. `ANTIVIRUS_MAX_SCAN_SIZE=skip` + - `partial`: The file is scanned up to the given size. The rest of the file is not scanned. This is the default mode `ANTIVIRUS_MAX_SCAN_SIZE_MODE=partial` + - `skip`: The file is skipped and not scanned. `ANTIVIRUS_MAX_SCAN_SIZE_MODE=skip` **IMPORTANT** > Streaming of files to the virus scan service still [needs to be implemented](https://github.com/owncloud/ocis/issues/6803). diff --git a/static/env-vars/app-provider-config-example.yaml b/static/env-vars/app-provider-config-example.yaml index b100cfa3..ca94cbba 100644 --- a/static/env-vars/app-provider-config-example.yaml +++ b/static/env-vars/app-provider-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: app-provider-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9165 token: "" diff --git a/static/env-vars/app-provider_configvars.md b/static/env-vars/app-provider_configvars.md index fca51c53..8065673b 100644 --- a/static/env-vars/app-provider_configvars.md +++ b/static/env-vars/app-provider_configvars.md @@ -3,14 +3,7 @@ Environment variables for the **app-provider** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| |`APP_PROVIDER_SERVICE_NAME`| 1.0.0 |string|`The name of the service. This needs to be changed when using more than one app provider. Each app provider configured needs to be identified by a unique service name. Possible examples are: 'app-provider-collabora', 'app-provider-onlyoffice', 'app-provider-office365'.`|app-provider| -|`OC_TRACING_ENABLED`
`APP_PROVIDER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`APP_PROVIDER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`APP_PROVIDER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`APP_PROVIDER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`APP_PROVIDER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`APP_PROVIDER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`APP_PROVIDER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`APP_PROVIDER_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`APP_PROVIDER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`APP_PROVIDER_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9165| |`APP_PROVIDER_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint`|| |`APP_PROVIDER_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling`|false| diff --git a/static/env-vars/app-provider_readme.md b/static/env-vars/app-provider_readme.md index c3424bc2..73b79fc1 100644 --- a/static/env-vars/app-provider_readme.md +++ b/static/env-vars/app-provider_readme.md @@ -1,6 +1,6 @@ --- title: App Provider -date: 2025-11-27T22:56:02.331696+01:00 +date: 2026-01-13T10:10:18.221300262+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/app-provider diff --git a/static/env-vars/app-registry-config-example.yaml b/static/env-vars/app-registry-config-example.yaml index 76757ee9..8d6d72d8 100644 --- a/static/env-vars/app-registry-config-example.yaml +++ b/static/env-vars/app-registry-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: app-registry-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9243 token: "" diff --git a/static/env-vars/app-registry_configvars.md b/static/env-vars/app-registry_configvars.md index b840c801..2705fa47 100644 --- a/static/env-vars/app-registry_configvars.md +++ b/static/env-vars/app-registry_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **app-registry** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`APP_REGISTRY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`APP_REGISTRY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`APP_REGISTRY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`APP_REGISTRY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`APP_REGISTRY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`APP_REGISTRY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`APP_REGISTRY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`APP_REGISTRY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`APP_REGISTRY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`APP_REGISTRY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9243| |`APP_REGISTRY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`APP_REGISTRY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/app-registry_readme.md b/static/env-vars/app-registry_readme.md index 89be392d..7b5b3603 100644 --- a/static/env-vars/app-registry_readme.md +++ b/static/env-vars/app-registry_readme.md @@ -1,6 +1,6 @@ --- title: App Registry -date: 2025-11-11T09:16:41.110779681+01:00 +date: 2026-01-13T10:10:18.221373841+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/app-registry diff --git a/static/env-vars/audit-config-example.yaml b/static/env-vars/audit-config-example.yaml index d400f3ee..bf4ac3c4 100644 --- a/static/env-vars/audit-config-example.yaml +++ b/static/env-vars/audit-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: audit-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9229 token: "" diff --git a/static/env-vars/audit_configvars.md b/static/env-vars/audit_configvars.md index 4596a80b..6e90b094 100644 --- a/static/env-vars/audit_configvars.md +++ b/static/env-vars/audit_configvars.md @@ -2,21 +2,14 @@ Environment variables for the **audit** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`AUDIT_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`AUDIT_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`AUDIT_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`AUDIT_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`AUDIT_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`AUDIT_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`AUDIT_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`AUDIT_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`AUDIT_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`AUDIT_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9229| |`AUDIT_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`AUDIT_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| |`AUDIT_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| |`OC_EVENTS_ENDPOINT`
`AUDIT_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`AUDIT_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`AUDIT_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`AUDIT_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`AUDIT_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`AUDIT_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/audit_readme.md b/static/env-vars/audit_readme.md index 26b67e52..77611693 100644 --- a/static/env-vars/audit_readme.md +++ b/static/env-vars/audit_readme.md @@ -1,6 +1,6 @@ --- title: Audit -date: 2025-11-11T09:16:41.110877595+01:00 +date: 2026-01-13T10:10:18.22149578+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/audit diff --git a/static/env-vars/auth-app-config-example.yaml b/static/env-vars/auth-app-config-example.yaml index c165282d..07995bab 100644 --- a/static/env-vars/auth-app-config-example.yaml +++ b/static/env-vars/auth-app-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: auth-app-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9245 token: "" diff --git a/static/env-vars/auth-app_configvars.md b/static/env-vars/auth-app_configvars.md index d0216631..431d9c79 100644 --- a/static/env-vars/auth-app_configvars.md +++ b/static/env-vars/auth-app_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **auth-app** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`AUTH_APP_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`AUTH_APP_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`AUTH_APP_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`AUTH_APP_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`AUTH_APP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`AUTH_APP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`AUTH_APP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`AUTH_APP_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`AUTH_APP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`AUTH_APP_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9245| |`AUTH_APP_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`AUTH_APP_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -32,11 +25,11 @@ Environment variables for the **auth-app** service |`AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the access token. This reduces the token size, especially when users are members of a large number of groups.`|false| |`OC_MACHINE_AUTH_API_KEY`
`AUTH_APP_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`The machine auth API key used to validate internal requests necessary to access resources from other services.`|| |`AUTH_APP_ENABLE_IMPERSONATION`| 1.0.0 |bool|`Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments.`|false| -|`AUTH_APP_STORAGE_DRIVER`| next |string|`Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'.`|jsoncs3| -|`AUTH_APP_JSONCS3_PROVIDER_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| -|`OC_SYSTEM_USER_ID`
`AUTH_APP_JSONCS3_SYSTEM_USER_ID`| next |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| -|`OC_SYSTEM_USER_IDP`
`AUTH_APP_JSONCS3_SYSTEM_USER_IDP`| next |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| -|`OC_SYSTEM_USER_API_KEY`
`AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY`| next |string|`API key for the STORAGE-SYSTEM system user.`|| -|`AUTH_APP_JSONCS3_PASSWORD_GENERATOR`| next |string|`The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'.`|diceware| -|`AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS`| next |int|`The number of words the generated passphrase will have.`|6| -|`AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH`| next |int|`The number of charactors the generated passwords will have.`|0| +|`AUTH_APP_STORAGE_DRIVER`| 4.0.0 |string|`Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'.`|jsoncs3| +|`AUTH_APP_JSONCS3_PROVIDER_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`OC_SYSTEM_USER_ID`
`AUTH_APP_JSONCS3_SYSTEM_USER_ID`| 4.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_IDP`
`AUTH_APP_JSONCS3_SYSTEM_USER_IDP`| 4.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| +|`OC_SYSTEM_USER_API_KEY`
`AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY`| 4.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|| +|`AUTH_APP_JSONCS3_PASSWORD_GENERATOR`| 4.0.0 |string|`The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'.`|diceware| +|`AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS`| 4.0.0 |int|`The number of words the generated passphrase will have.`|6| +|`AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH`| 4.0.0 |int|`The number of charactors the generated passwords will have.`|0| diff --git a/static/env-vars/auth-app_readme.md b/static/env-vars/auth-app_readme.md index fc2eee14..89154570 100644 --- a/static/env-vars/auth-app_readme.md +++ b/static/env-vars/auth-app_readme.md @@ -1,6 +1,6 @@ --- title: Auth-App -date: 2025-11-11T09:16:41.110935855+01:00 +date: 2026-01-13T10:10:18.22159136+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-app @@ -84,20 +84,20 @@ The `auth-app` service provides an API to create (POST), list (GET) and delete ( ``` Note that the `token` value in the response to the "List Tokens` request is not the actual - app token, but a hashed value of the token. So this value cannot be used for authenticating + app token, but the UUID of the token. So this value cannot be used for authenticating with the token. Example output: ``` [ { - "token": "$2a$11$EyudDGAJ18bBf5NG6PL9Ru9gygZAu0oPyLawdieNjGozcbXyyuUhG", + "token": "155f402e-1c5c-411c-92d4-92f3b612cd99" "expiration_date": "2024-08-08T13:44:31.025199075+02:00", "created_date": "2024-08-07T13:44:31+02:00", "label": "Generated via Impersonation API" }, { - "token": "$2a$11$dfRBQrxRMPg8fvyvkFwaX.IPoIUiokvhzK.YNI/pCafk0us3MyPzy", + "token": "8c606bdb-e22e-4094-9304-732fd4702bc9" "expiration_date": "2024-08-08T13:46:41.936052281+02:00", "created_date": "2024-08-07T13:46:42+02:00", "label": "Generated via Impersonation API" @@ -108,7 +108,7 @@ The `auth-app` service provides an API to create (POST), list (GET) and delete ( * **Delete a token**\ The DELETE request requires: * A `token` key/value pair in the form of `token=`. The value needs to be the hashed value as returned by the `List Tokens` respone.\ - Example: `token=$2$Z3s2K7816M4vuSpd5` + Example: `token=8c606bdb-e22e-4094-9304-732fd4702bc9` ```bash curl --request DELETE 'https:///auth-app/tokens?token={value}' \ --header 'accept: application/json' diff --git a/static/env-vars/auth-basic-config-example.yaml b/static/env-vars/auth-basic-config-example.yaml index 018284b0..73195eb2 100644 --- a/static/env-vars/auth-basic-config-example.yaml +++ b/static/env-vars/auth-basic-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: auth-basic-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9147 token: "" diff --git a/static/env-vars/auth-basic_configvars.md b/static/env-vars/auth-basic_configvars.md index 7fa0e4f1..60f67888 100644 --- a/static/env-vars/auth-basic_configvars.md +++ b/static/env-vars/auth-basic_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **auth-basic** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`AUTH_BASIC_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`AUTH_BASIC_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`AUTH_BASIC_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`AUTH_BASIC_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`AUTH_BASIC_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`AUTH_BASIC_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`AUTH_BASIC_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`AUTH_BASIC_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`AUTH_BASIC_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`AUTH_BASIC_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9147| |`AUTH_BASIC_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`AUTH_BASIC_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -40,7 +33,7 @@ Environment variables for the **auth-basic** service |`OC_LDAP_DISABLE_USER_MECHANISM`
`AUTH_BASIC_DISABLE_USER_MECHANISM`| 1.0.0 |string|`An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed.`|attribute| |`OC_LDAP_DISABLED_USERS_GROUP_DN`
`AUTH_BASIC_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|cn=DisabledUsersGroup,ou=groups,o=libregraph-idm| |`OC_LDAP_USER_SCHEMA_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|openCloudUUID| -|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_TENANT_ID`| next |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|| +|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`AUTH_BASIC_LDAP_USER_SCHEMA_TENANT_ID`| 4.0.0 |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|| |`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs.`|false| |`OC_LDAP_USER_SCHEMA_MAIL`
`AUTH_BASIC_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|mail| |`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|displayname| diff --git a/static/env-vars/auth-basic_readme.md b/static/env-vars/auth-basic_readme.md index d620c350..64892915 100644 --- a/static/env-vars/auth-basic_readme.md +++ b/static/env-vars/auth-basic_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Basic -date: 2025-11-11T09:16:41.110998352+01:00 +date: 2026-01-13T10:10:18.221714732+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-basic diff --git a/static/env-vars/auth-bearer-config-example.yaml b/static/env-vars/auth-bearer-config-example.yaml index 751d9cee..172a07a6 100644 --- a/static/env-vars/auth-bearer-config-example.yaml +++ b/static/env-vars/auth-bearer-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: auth-bearer-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9149 token: "" diff --git a/static/env-vars/auth-bearer_configvars.md b/static/env-vars/auth-bearer_configvars.md index ad344f83..23e07cea 100644 --- a/static/env-vars/auth-bearer_configvars.md +++ b/static/env-vars/auth-bearer_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **auth-bearer** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`AUTH_BEARER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`AUTH_BEARER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`AUTH_BEARER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`AUTH_BEARER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`AUTH_BEARER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`AUTH_BEARER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`AUTH_BEARER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`AUTH_BEARER_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`AUTH_BEARER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`AUTH_BEARER_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9149| |`AUTH_BEARER_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`AUTH_BEARER_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/auth-bearer_readme.md b/static/env-vars/auth-bearer_readme.md index 7dd2332b..473b2276 100644 --- a/static/env-vars/auth-bearer_readme.md +++ b/static/env-vars/auth-bearer_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Bearer -date: 2025-11-11T09:16:41.111057634+01:00 +date: 2026-01-13T10:10:18.221795033+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-bearer diff --git a/static/env-vars/auth-machine-config-example.yaml b/static/env-vars/auth-machine-config-example.yaml index 5d98107a..6589a0f4 100644 --- a/static/env-vars/auth-machine-config-example.yaml +++ b/static/env-vars/auth-machine-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: auth-machine-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9167 token: "" diff --git a/static/env-vars/auth-machine_configvars.md b/static/env-vars/auth-machine_configvars.md index bca77ae9..7b7a008a 100644 --- a/static/env-vars/auth-machine_configvars.md +++ b/static/env-vars/auth-machine_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **auth-machine** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`AUTH_MACHINE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`AUTH_MACHINE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`AUTH_MACHINE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`AUTH_MACHINE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`AUTH_MACHINE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`AUTH_MACHINE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`AUTH_MACHINE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`AUTH_MACHINE_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`AUTH_MACHINE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`AUTH_MACHINE_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9167| |`AUTH_MACHINE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`AUTH_MACHINE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/auth-machine_readme.md b/static/env-vars/auth-machine_readme.md index 4f97963c..cdc37d02 100644 --- a/static/env-vars/auth-machine_readme.md +++ b/static/env-vars/auth-machine_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Machine -date: 2025-11-11T09:16:41.111114591+01:00 +date: 2026-01-13T10:10:18.221854796+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-machine diff --git a/static/env-vars/auth-service-config-example.yaml b/static/env-vars/auth-service-config-example.yaml index 2e365b98..e2f0797e 100644 --- a/static/env-vars/auth-service-config-example.yaml +++ b/static/env-vars/auth-service-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: auth-service-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9198 token: "" diff --git a/static/env-vars/auth-service_configvars.md b/static/env-vars/auth-service_configvars.md index 2119b01c..72d94a31 100644 --- a/static/env-vars/auth-service_configvars.md +++ b/static/env-vars/auth-service_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **auth-service** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`AUTH_SERVICE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`AUTH_SERVICE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`AUTH_SERVICE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`AUTH_SERVICE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`AUTH_SERVICE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`AUTH_SERVICE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`AUTH_SERVICE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`AUTH_SERVICE_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`AUTH_SERVICE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`AUTH_SERVICE_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9198| |`AUTH_SERVICE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`AUTH_SERVICE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/auth-service_readme.md b/static/env-vars/auth-service_readme.md index ac4ee70f..ac092b2b 100644 --- a/static/env-vars/auth-service_readme.md +++ b/static/env-vars/auth-service_readme.md @@ -1,6 +1,6 @@ --- title: Auth-Service -date: 2025-11-11T09:16:41.111177429+01:00 +date: 2026-01-13T10:10:18.22192099+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/auth-service diff --git a/static/env-vars/clientlog-config-example.yaml b/static/env-vars/clientlog-config-example.yaml index 51f97462..6b5e7843 100644 --- a/static/env-vars/clientlog-config-example.yaml +++ b/static/env-vars/clientlog-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: clientlog-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9260 token: "" diff --git a/static/env-vars/clientlog_configvars.md b/static/env-vars/clientlog_configvars.md index e1fac8be..3d33982a 100644 --- a/static/env-vars/clientlog_configvars.md +++ b/static/env-vars/clientlog_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **clientlog** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`CLIENTLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`CLIENTLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`CLIENTLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`CLIENTLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`CLIENTLOG_USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`CLIENTLOG_USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`CLIENTLOG_USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`CLIENTLOG_USERLOG_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`CLIENTLOG_USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`CLIENTLOG_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9260| |`CLIENTLOG_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`CLIENTLOG_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -18,7 +11,7 @@ Environment variables for the **clientlog** service |`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|eu.opencloud.api.gateway| |`OC_EVENTS_ENDPOINT`
`CLIENTLOG_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`CLIENTLOG_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`CLIENTLOG_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`CLIENTLOG_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`CLIENTLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`CLIENTLOG_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`CLIENTLOG_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/clientlog_readme.md b/static/env-vars/clientlog_readme.md index 6bfb22e5..e5163fb6 100644 --- a/static/env-vars/clientlog_readme.md +++ b/static/env-vars/clientlog_readme.md @@ -1,6 +1,6 @@ --- title: Clientlog Service -date: 2025-11-11T09:16:41.111232693+01:00 +date: 2026-01-13T10:10:18.221982315+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/clientlog diff --git a/static/env-vars/collaboration-config-example.yaml b/static/env-vars/collaboration-config-example.yaml index 3d1764ec..072e1d7f 100644 --- a/static/env-vars/collaboration-config-example.yaml +++ b/static/env-vars/collaboration-config-example.yaml @@ -46,16 +46,7 @@ cs3api: insecure: false grpc_client_tls: null app_registration_interval: 30s -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9304 token: "" diff --git a/static/env-vars/collaboration_configvars.md b/static/env-vars/collaboration_configvars.md index 7bd84bbe..1a0f2b52 100644 --- a/static/env-vars/collaboration_configvars.md +++ b/static/env-vars/collaboration_configvars.md @@ -34,15 +34,8 @@ Environment variables for the **collaboration** service |`COLLABORATION_WOPI_SHORTTOKENS`| 1.0.0 |bool|`Use short access tokens for WOPI access. This is useful for office packages, like Microsoft Office Online, which have URL length restrictions. If enabled, a persistent store must be configured.`|false| |`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata.`|eu.opencloud.api.gateway| |`COLLABORATION_CS3API_DATAGATEWAY_INSECURE`| 1.0.0 |bool|`Connect to the CS3API data gateway insecurely.`|false| -|`COLLABORATION_CS3API_APP_REGISTRATION_INTERVAL`| next |Duration|`The interval at which the app provider registers itself.`|30s| -|`OC_TRACING_ENABLED`
`COLLABORATION_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`COLLABORATION_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`COLLABORATION_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`COLLABORATION_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`COLLABORATION_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`COLLABORATION_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`COLLABORATION_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`COLLABORATION_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`COLLABORATION_CS3API_APP_REGISTRATION_INTERVAL`| 4.0.0 |Duration|`The interval at which the app provider registers itself.`|30s| +|`OC_LOG_LEVEL`
`COLLABORATION_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`COLLABORATION_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9304| |`COLLABORATION_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`COLLABORATION_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/collaboration_readme.md b/static/env-vars/collaboration_readme.md index 321c11a7..cf0abafb 100644 --- a/static/env-vars/collaboration_readme.md +++ b/static/env-vars/collaboration_readme.md @@ -1,6 +1,6 @@ --- title: Collaboration -date: 2025-11-11T09:16:41.1112898+01:00 +date: 2026-01-13T10:10:18.222049742+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/collaboration diff --git a/static/env-vars/eventhistory-config-example.yaml b/static/env-vars/eventhistory-config-example.yaml index 5230859f..1473cd23 100644 --- a/static/env-vars/eventhistory-config-example.yaml +++ b/static/env-vars/eventhistory-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: eventhistory-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9270 token: "" diff --git a/static/env-vars/eventhistory_configvars.md b/static/env-vars/eventhistory_configvars.md index 060b64cf..b6623610 100644 --- a/static/env-vars/eventhistory_configvars.md +++ b/static/env-vars/eventhistory_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **eventhistory** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`EVENTHISTORY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`EVENTHISTORY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`EVENTHISTORY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`EVENTHISTORY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`EVENTHISTORY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`EVENTHISTORY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`EVENTHISTORY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`EVENTHISTORY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`EVENTHISTORY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`EVENTHISTORY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9270| |`EVENTHISTORY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`EVENTHISTORY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -17,7 +10,7 @@ Environment variables for the **eventhistory** service |`EVENTHISTORY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9274| |`OC_EVENTS_ENDPOINT`
`EVENTHISTORY_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`EVENTHISTORY_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`EVENTHISTORY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`EVENTHISTORY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`EVENTHISTORY_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. Will be seen as empty if NOTIFICATIONS_EVENTS_TLS_INSECURE is provided.`|| |`OC_EVENTS_ENABLE_TLS`
`EVENTHISTORY_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`EVENTHISTORY_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/eventhistory_readme.md b/static/env-vars/eventhistory_readme.md index 55dae54b..439e20ca 100644 --- a/static/env-vars/eventhistory_readme.md +++ b/static/env-vars/eventhistory_readme.md @@ -1,6 +1,6 @@ --- title: Eventhistory -date: 2025-11-11T09:16:41.111351687+01:00 +date: 2026-01-13T10:10:18.222111478+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/eventhistory diff --git a/static/env-vars/extended_configvars.md b/static/env-vars/extended_configvars.md index 2b2fac85..1ceb8619 100644 --- a/static/env-vars/extended_configvars.md +++ b/static/env-vars/extended_configvars.md @@ -2,6 +2,8 @@ | Name | Type | Description | Default Value | |---|---|---|---| +`APPDATA` | | | | +`CI` | | | | `CI` | | | | `CI` | | | | `CI_SYSTEM_NAME` | | | | @@ -12,9 +14,15 @@ `CS3_MACHINE_AUTH_API_KEY` | | | | `DAYS` | | | | `DAYS` | | | | +`DaemonMarkVar` | | | | `GITHUB_API_TOKEN` | | | | +`GITHUB_TOKEN` | | | | +`GITHUB_USER` | | | | +`GOPATH` | | | | +`GOPATH` | | | | `GRACEFUL` | | | | `GRACEFUL` | | | | +`HOME` | | | | `HOSTNAME` | | | | `HOSTNAME` | | | | `HOSTNAME` | | | | @@ -22,7 +30,12 @@ `HOSTNAME` | | | | `HOSTNAME` | | | | `HOSTNAME` | | | | +`IS_RACE_QUICK_TEST` | | | | `KOPANO_DEBUG_SERVER_REQUEST_LOG` | | | | +`KRB5CCNAME` | | | | +`KRB5CCNAME` | | | | +`KRB5_CONFIG` | | | | +`KRB5_CONFIG` | | | | `LDAP_BASEDN` | | | | `LDAP_BINDDN` | | | | `LDAP_BINDPW` | | | | @@ -44,6 +57,7 @@ `LICOD_ENCRYPTION_SECRET` | | | | `LICOD_SIGNING_KID` | | | | `LICOD_VALIDATION_KEYS_PATH` | | | | +`LOGNAME` | | | | `MICRO_LOG_LEVEL` | | | | `MICRO_LOG_LEVEL` | | | | `MICRO_LOG_LEVEL` | | | | @@ -59,6 +73,14 @@ `OC_CONFIG_DIR` | | | | `OC_CONFIG_DIR` | | | | `OC_GRPC_MAX_RECEIVED_MESSAGE_SIZE` | | | | +`PATH` | | | | +`PATH` | | | | +`PATH` | | | | +`RCLONE_CONFIG` | | | | +`RCLONE_CONFIG` | | | | +`RCLONE_CONFIG_PASS` | | | | +`RCLONE_PASSWORD_CHANGE` | | | | +`RCLONE_PLUGIN_PATH` | | | | `REDIS_ADDRESS` | | | | `REVA_APPPROVIDER_IOPSECRET` | | | | `REVA_SMTP_SENDER_PASSWORD` | | | | @@ -71,10 +93,14 @@ `SQL_DBNAME` | | | | `SQL_PASSWORD` | | | | `SQL_USERNAME` | | | | +`TERM` | | | | +`USER` | | | | `USE_TESTCONTAINERS` | | | | `USE_TESTCONTAINERS` | | | | +`XDG_CONFIG_HOME` | | | | `YEAR` | | | | `YEAR` | | | | +`_RCLONE_CONFIG_KEY_FILE` | | | | `_registryAddressEnv` | | | | `_registryAddressEnv` | | | | `_registryAddressEnv` | | | | @@ -102,6 +128,7 @@ `_serverMaxConnectionAgeEnv` | | | | `_serverMaxConnectionAgeEnv` | | | | `_serverMaxConnectionAgeEnv` | | | | +`name` | | | | diff --git a/static/env-vars/frontend-config-example.yaml b/static/env-vars/frontend-config-example.yaml index 572ec050..7c582356 100644 --- a/static/env-vars/frontend-config-example.yaml +++ b/static/env-vars/frontend-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: frontend-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9141 token: "" @@ -81,8 +72,8 @@ default_upload_protocol: tus enable_federated_sharing_incoming: false enable_federated_sharing_outgoing: false search_min_length: 3 -edition: "" disable_sse: false +disable_radicale: false default_link_permissions: 1 public_url: https://localhost:9200 max_concurrency: 1 @@ -115,6 +106,27 @@ ocs: public_sharing_share_must_have_password: true public_sharing_writeableshare_must_have_password: false show_email_in_results: false +ocdav: + prefix: "" + skip_user_groups_in_token: false + webdav_namespace: /users/{{.Id.OpaqueId}} + files_namespace: /users/{{.Id.OpaqueId}} + shares_namespace: /Shares + ocm_namespace: /public + public_url: https://localhost:9200 + insecure: false + enable_http_tpc: false + gateway_request_timeout: 84300 + machine_auth_api_key: "" + allow_propfind_depth_infinity: false + name_validation: + invalid_chars: + - "\f" + - "\r" + - |2+ + + - \ + max_length: 255 checksums: supported_types: - sha1 diff --git a/static/env-vars/frontend_configvars.md b/static/env-vars/frontend_configvars.md index c4d603c6..56f0c608 100644 --- a/static/env-vars/frontend_configvars.md +++ b/static/env-vars/frontend_configvars.md @@ -1,5 +1,5 @@ -2025-11-11-09-16-18 +2026-01-13-10-09-59 # Deprecation Notice @@ -25,14 +25,7 @@ Environment variables for the **frontend** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`FRONTEND_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`FRONTEND_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`FRONTEND_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`FRONTEND_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`FRONTEND_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`FRONTEND_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`FRONTEND_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`FRONTEND_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`FRONTEND_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`FRONTEND_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9141| |`FRONTEND_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`FRONTEND_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -59,8 +52,8 @@ Environment variables for the **frontend** service |`OC_ENABLE_OCM`
`FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING`| 1.0.0 |bool|`Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed.`|false| |`OC_ENABLE_OCM`
`FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING`| 1.0.0 |bool|`Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed.`|false| |`FRONTEND_SEARCH_MIN_LENGTH`| 1.0.0 |int|`Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.`|3| -|`OC_EDITION`
`FRONTEND_EDITION`| 1.0.0 |string|`Edition of OpenCloud. Used for branding purposes.`|| |`OC_DISABLE_SSE`
`FRONTEND_DISABLE_SSE`| 1.0.0 |bool|`When set to true, clients are informed that the Server-Sent Events endpoint is not accessible.`|false| +|`FRONTEND_DISABLE_RADICALE`| 4.0.0 |bool|`When set to true, clients are informed that the Radicale (CalDAV/CardDAV) is not accessible.`|false| |`FRONTEND_DEFAULT_LINK_PERMISSIONS`| 1.0.0 |int|`Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1.`|1| |`OC_URL`
`FRONTEND_PUBLIC_URL`| 1.0.0 |string|`The public facing URL of the OpenCloud frontend.`|https://localhost:9200| |`OC_MAX_CONCURRENCY`
`FRONTEND_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|1| @@ -88,6 +81,21 @@ Environment variables for the **frontend** service |`OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD`
`FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords on all public shares.`|true| |`OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`
`FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`| 1.0.0 |bool|`Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false.`|false| |`OC_SHOW_USER_EMAIL_IN_RESULTS`| 1.0.0 |bool|`Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses.`|false| +|`OCDAV_HTTP_PREFIX`
`FRONTENT_OCDAV_HTTP_PREFIX`| 1.0.0 |string|`A URL path prefix for the handler.`|| +|`OCDAV_SKIP_USER_GROUPS_IN_TOKEN`
`FRONTENT_OCDAV_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the loading of user's group memberships from the reva access token.`|false| +|`OCDAV_WEBDAV_NAMESPACE`
`FRONTENT_OCDAV_WEBDAV_NAMESPACE`| 1.0.0 |string|`Jail requests to /dav/webdav into this CS3 namespace. Supports template layouting with CS3 User properties.`|/users/{{.Id.OpaqueId}}| +|`OCDAV_FILES_NAMESPACE`
`FRONTENT_OCDAV_FILES_NAMESPACE`| 1.0.0 |string|`Jail requests to /dav/files/{username} into this CS3 namespace. Supports template layouting with CS3 User properties.`|/users/{{.Id.OpaqueId}}| +|`OCDAV_SHARES_NAMESPACE`
`FRONTENT_OCDAV_SHARES_NAMESPACE`| 1.0.0 |string|`The human readable path for the share jail. Relative to a users personal space root. Upcased intentionally.`|/Shares| +|`OCDAV_OCM_NAMESPACE`
`FRONTENT_OCDAV_OCM_NAMESPACE`| 1.0.0 |string|`The human readable path prefix for the ocm shares.`|/public| +|`OC_URL`
`OCDAV_PUBLIC_URL`
`FRONTENT_OCDAV_PUBLIC_URL`| 1.0.0 |string|`URL where OpenCloud is reachable for users.`|https://localhost:9200| +|`OC_INSECURE`
`OCDAV_INSECURE`
`FRONTENT_OCDAV_INSECURE`| 1.0.0 |bool|`Allow insecure connections to the GATEWAY service.`|false| +|`OCDAV_ENABLE_HTTP_TPC`
`FRONTENT_OCDAV_ENABLE_HTTP_TPC`| next |bool|`Enable HTTP / WebDAV Third-Party-Copy support.`|false| +|`OCDAV_GATEWAY_REQUEST_TIME`
`FRONTENT_OUTOCDAV_GATEWAY_REQUEST_TIMEOUT`| 1.0.0 |int64|`Request timeout in seconds for requests from the oCDAV service to the GATEWAY service.`|84300| +|`OC_MACHINE_AUTH_API_KEY`
`OCDAV_MACHINE_AUTH_API_KEY`
`FRONTENT_OCDAV_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`Machine auth API key used to validate internal requests necessary for the access to resources from other services.`|| +|`OCDAV_ALLOW_PROPFIND_DEPTH_INFINITY`
`FRONTENT_OCDAV_ALLOW_PROPFIND_DEPTH_INFINITY`| 1.0.0 |bool|`Allow the use of depth infinity in PROPFINDS. When enabled, a propfind will traverse through all subfolders. If many subfolders are expected, depth infinity can cause heavy server load and/or delayed response times.`|false| +|`OCDAV_NAME_VALIDATION_INVALID_CHARS`
`FRONTENT_OCDAV_NAME_VALIDATION_INVALID_CHARS`| next |[]string|`List of characters that are not allowed in file or folder names.`|[ + \]| +|`OCDAV_NAME_VALIDATION_MAX_LENGTH`
`FRONTENT_OCDAV_NAME_VALIDATION_MAX_LENGTH`| next |int|`Max lenght og file or folder names.`|255| |`FRONTEND_CHECKSUMS_SUPPORTED_TYPES`| 1.0.0 |[]string|`A list of checksum types that indicate to clients which hashes the server can use to verify upload integrity. Supported types are 'sha1', 'md5' and 'adler32'. See the Environment Variable Types description for more details.`|[sha1 md5 adler32]| |`FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPE`| 1.0.0 |string|`The supported checksum type for uploads that indicates to clients supporting multiple hash algorithms which one is preferred by the server. Must be one out of the defined list of SUPPORTED_TYPES.`|sha1| |`FRONTEND_READONLY_USER_ATTRIBUTES`| 1.0.0 |[]string|`A list of user attributes to indicate as read-only. Supported values: 'user.onPremisesSamAccountName' (username), 'user.displayName', 'user.mail', 'user.passwordProfile' (password), 'user.appRoleAssignments' (role), 'user.memberOf' (groups), 'user.accountEnabled' (login allowed), 'drive.quota' (quota). See the Environment Variable Types description for more details.`|[]| @@ -97,8 +105,8 @@ Environment variables for the **frontend** service |`FRONTEND_CHECK_FOR_UPDATES`| 3.6.0 |bool|`Enable automatic checking for updates. Defaults to true.`|true| |`OC_EVENTS_ENDPOINT`
`FRONTEND_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`FRONTEND_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`FRONTEND_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| -|`FRONTEND_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`OCS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`FRONTEND_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`FRONTEND_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`OCS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`FRONTEND_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`FRONTEND_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| |`OC_EVENTS_AUTH_PASSWORD`
`FRONTEND_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/frontend_readme.md b/static/env-vars/frontend_readme.md index 4513f0f6..d69b5b90 100644 --- a/static/env-vars/frontend_readme.md +++ b/static/env-vars/frontend_readme.md @@ -1,6 +1,6 @@ --- title: Frontend -date: 2025-11-11T09:16:41.111410748+01:00 +date: 2026-01-13T10:10:18.222180849+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/frontend @@ -75,7 +75,7 @@ While the frontend service does not persist any data, it does cache information A lot of user management is made via the standardized libregraph API. Depending on how the system is configured, there might be some user attributes that an OpenCloud instance admin can't change because of properties coming from an external LDAP server, or similar. This can be the case when the OpenCloud admin is not the LDAP admin. To ease life for admins, there are hints as capabilites telling the frontend which attributes are read-only to enable a different optical representation like being grayed out. To configure these hints, use the environment variable `FRONTEND_READONLY_USER_ATTRIBUTES`, which takes a comma separated list of attributes, see the envvar for supported values. -You can find more details regarding available attributes at the [libre-graph-api openapi-spec](https://github.com/owncloud/libre-graph-api/blob/main/api/openapi-spec/v1.0.yaml) and on [docs.opencloud.eu](https://docs.opencloud.eu/libre-graph-api/). +You can find more details regarding available attributes at the [libre-graph-api openapi-spec](https://github.com/opencloud-eu/libre-graph-api/blob/main/api/openapi-spec/v1.0.yaml) and on [docs.opencloud.eu](https://docs.opencloud.eu/swagger/libre-graph-api/). ## Caching @@ -110,7 +110,7 @@ In OpenCloud, the password policy is always enabled because the max-length restr With the password policy, mandatory criteria for the password can be defined via the environment variables listed below. -Generally, a password can contain any UTF-8 characters, however some characters are regarded as special since they are not used in ordinary texts. Which characters should be treated as special is defined by "The OWASP® Foundation" [password-special-characters](https://owasp.org/www-community/password-special-characters) (between double quotes): " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~" +Generally, a password can contain any UTF-8 characters, however some characters are regarded as special since they are not used in ordinary texts. Which characters should be treated as special is defined by "The OWASP® Foundation" [password-special-characters](https://owasp.org/www-community/password-special-characters) (between double quotes): ```" !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~"``` The validation against the banned passwords list can be configured via a text file with words separated by new lines. If a user tries to set a password listed in the banned passwords list, the password can not be used (is invalid) even if the other mandatory criteria are passed. The admin can define the path of the banned passwords list file. If the file doesn't exist in a location, OpenCloud tries to load a file from the `OC_CONFIG_DIR/OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`. An option will be enabled when the file has been loaded successfully. diff --git a/static/env-vars/gateway-config-example.yaml b/static/env-vars/gateway-config-example.yaml index 8080728a..90e19fc5 100644 --- a/static/env-vars/gateway-config-example.yaml +++ b/static/env-vars/gateway-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: gateway-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9143 token: "" diff --git a/static/env-vars/gateway_configvars.md b/static/env-vars/gateway_configvars.md index 6cf08e29..d1f8d9f6 100644 --- a/static/env-vars/gateway_configvars.md +++ b/static/env-vars/gateway_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **gateway** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`GATEWAY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`GATEWAY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`GATEWAY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`GATEWAY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`GATEWAY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`GATEWAY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`GATEWAY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`GATEWAY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`GATEWAY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`GATEWAY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9143| |`GATEWAY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`GATEWAY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/gateway_readme.md b/static/env-vars/gateway_readme.md index f7eb48d4..6132b40f 100644 --- a/static/env-vars/gateway_readme.md +++ b/static/env-vars/gateway_readme.md @@ -1,6 +1,6 @@ --- title: Gateway -date: 2025-11-11T09:16:41.111487823+01:00 +date: 2026-01-13T10:10:18.222269646+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/gateway @@ -28,7 +28,7 @@ The gateway service is using caching as it is highly frequented with the same re - the `provider cache` is caching requests to list or get storage providers. - the `create home cache` is caching requests to create personal spaces (as they only need to be executed once). -Both caches can be configured via the `OC_CACHE_*` envvars (or `GATEWAY_PROVIDER_CACHE_*` and `GATEWAY_CREATE_HOME_CACHE_*` respectively). See the [envvar section](/services/gateway/configuration/#environment-variables) for details. +Both caches can be configured via the `OC_CACHE_*` envvars (or `GATEWAY_PROVIDER_CACHE_*` and `GATEWAY_CREATE_HOME_CACHE_*` respectively). Use `OC_CACHE_STORE` (`GATEWAY_PROVIDER_CACHE_STORE`, `GATEWAY_CREATE_HOME_CACHE_STORE`) to define the type of cache to use: - `memory`: Basic in-memory store and the default. @@ -60,9 +60,9 @@ The scheme for this setup is the following. Note that there is, except storage, | **envvar** | **default** | **alternative** | |------|------|------| -| OC_GRPC_PROTOCOL or
``_GRPC_PROTOCOL | tcp | unix | +| OC_GRPC_PROTOCOL or
``_GRPC_PROTOCOL | tcp | unix | | ``_GRPC_ADDR | 127.0.0.1:`` | /var/run/opencloud/``.sock | -| GATEWAY_``_ENDPOINT | eu.opencloud.api.`` | unix:/var/run/opencloud/``.sock
dns: ...
kubernetes: ... | +| GATEWAY_``_ENDPOINT | eu.opencloud.api.`` | unix:/var/run/opencloud/``.sock
dns: ...
kubernetes: ... | ```console USERS_GRPC_PROTOCOL=unix" diff --git a/static/env-vars/global_configvars.md b/static/env-vars/global_configvars.md index 4aa978fd..680dddd5 100644 --- a/static/env-vars/global_configvars.md +++ b/static/env-vars/global_configvars.md @@ -2,31 +2,31 @@ | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -`IDM_CREATE_DEMO_USERS` | 1.0.0 | bool | The default role assignments the demo users should be setup. | false | -`OC_ADMIN_USER_ID` | 1.0.0 | string | ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. | | +`IDM_CREATE_DEMO_USERS` | 1.0.0 | bool | Flag to enable or disable the creation of the demo users. | false | +`OC_ADMIN_USER_ID` | 1.0.0 | string | ID of the user who collects all necessary information for deletion. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. | | `OC_ASYNC_UPLOADS` | 1.0.0 | bool | Enable asynchronous file uploads. | true | -`OC_CACHE_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. | | -`OC_CACHE_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. | | -`OC_CACHE_DATABASE` | 1.0.0 | string | The database name the configured store should use. | cache-userinfo | +`OC_CACHE_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured. | | +`OC_CACHE_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the cache store. Only applies when store type 'nats-js-kv' is configured. | | +`OC_CACHE_DATABASE` | 1.0.0 | string | The database name the configured store should use. | storage-users | `OC_CACHE_DISABLE_PERSISTENCE` | 1.0.0 | bool | Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false. | false | `OC_CACHE_STORE` | 1.0.0 | string | The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details. | memory | `OC_CACHE_STORE_NODES` | 1.0.0 | []string | A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details. | [127.0.0.1:9233] | -`OC_CACHE_TTL` | 1.0.0 | Duration | Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details. | 10s | -`OC_CORS_ALLOW_CREDENTIALS` | 1.0.0 | bool | Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. | true | -`OC_CORS_ALLOW_HEADERS` | 1.0.0 | []string | A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details. | [Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Cache-Control] | -`OC_CORS_ALLOW_METHODS` | 1.0.0 | []string | A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details. | [GET POST PUT PATCH DELETE OPTIONS] | -`OC_CORS_ALLOW_ORIGINS` | 1.0.0 | []string | A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details. | [*] | +`OC_CACHE_TTL` | 1.0.0 | Duration | Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details. | 24m0s | +`OC_CORS_ALLOW_CREDENTIALS` | 1.0.0 | bool | Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. | false | +`OC_CORS_ALLOW_HEADERS` | 1.0.0 | []string | A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details. | [Authorization Origin X-Requested-With X-Request-Id X-HTTP-Method-Override Content-Type Upload-Length Upload-Offset Tus-Resumable Upload-Metadata Upload-Defer-Length Upload-Concat Upload-Incomplete Upload-Draft-Interop-Version] | +`OC_CORS_ALLOW_METHODS` | 1.0.0 | []string | A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details. | [POST HEAD PATCH OPTIONS GET DELETE] | +`OC_CORS_ALLOW_ORIGINS` | 1.0.0 | []string | A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details. | [https://localhost:9200] | `OC_DECOMPOSEDFS_PROPAGATOR` | 1.0.0 | string | The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option. | sync | -`OC_DEFAULT_LANGUAGE` | 1.0.0 | string | The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details. | en | +`OC_DEFAULT_LANGUAGE` | 1.0.0 | string | The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details. | | `OC_DISABLE_VERSIONING` | 1.0.0 | bool | Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version. | false | -`OC_EDITION` | 1.0.0 | string | Edition of OpenCloud. Used for branding purposes. | | `OC_ENABLE_OCM` | 1.0.0 | bool | Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed. | false | `OC_EVENTS_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. | | `OC_EVENTS_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. | | `OC_EVENTS_CLUSTER` | 1.0.0 | string | The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system. | opencloud-cluster | `OC_EVENTS_ENABLE_TLS` | 1.0.0 | bool | Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. | false | `OC_EVENTS_ENDPOINT` | 1.0.0 | string | The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. | 127.0.0.1:9233 | -`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE` | 1.0.0 | string | The root CA certificate used to validate the server's TLS certificate. If provided ANTIVIRUS_EVENTS_TLS_INSECURE will be seen as false. | | +`OC_EVENTS_TLS_INSECURE` | 1.0.0 | bool | Whether to verify the server TLS certificates. | false | +`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE` | 1.0.0 | string | The root CA certificate used to validate the server's TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false. | | `OC_GATEWAY_GRPC_ADDR` | 1.0.0 | string | The bind address of the gateway GRPC address. | 127.0.0.1:9142 | `OC_GRPC_CLIENT_TLS_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. | | `OC_GRPC_CLIENT_TLS_MODE` | 1.0.0 | string | TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. | | @@ -42,9 +42,9 @@ `OC_KEYCLOAK_CLIENT_SECRET` | 1.0.0 | string | The client secret to use in authentication. | | `OC_KEYCLOAK_INSECURE_SKIP_VERIFY` | 1.0.0 | bool | Disable TLS certificate validation for Keycloak connections. Do not set this in production environments. | false | `OC_KEYCLOAK_USER_REALM` | 1.0.0 | string | The realm users are defined. | | -`OC_LDAP_BIND_DN` | 1.0.0 | string | LDAP DN to use for simple bind authentication with the target LDAP server. | uid=idp,ou=sysusers,o=libregraph-idm | +`OC_LDAP_BIND_DN` | 1.0.0 | string | LDAP DN to use for simple bind authentication with the target LDAP server. | uid=reva,ou=sysusers,o=libregraph-idm | `OC_LDAP_BIND_PASSWORD` | 1.0.0 | string | Password to use for authenticating the 'bind_dn'. | | -`OC_LDAP_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. | /home/chaser/.opencloud/idm/ldap.crt | +`OC_LDAP_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm. | /home/chaser/.opencloud/idm/ldap.crt | `OC_LDAP_DISABLED_USERS_GROUP_DN` | 1.0.0 | string | The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'. | cn=DisabledUsersGroup,ou=groups,o=libregraph-idm | `OC_LDAP_DISABLE_USER_MECHANISM` | 1.0.0 | string | An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. | attribute | `OC_LDAP_GROUP_BASE_DN` | 1.0.0 | string | Search base DN for looking up LDAP groups. | ou=groups,o=libregraph-idm | @@ -59,26 +59,23 @@ `OC_LDAP_GROUP_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'. | sub | `OC_LDAP_INSECURE` | 1.0.0 | bool | Disable TLS certificate validation for the LDAP connections. Do not set this in production environments. | false | `OC_LDAP_SERVER_WRITE_ENABLED` | 1.0.0 | bool | Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OC_LDAP_USER_SCHEMA_* and 'OC_LDAP_GROUP_SCHEMA_* variables). | true | -`OC_LDAP_URI` | 1.0.0 | string | Url of the LDAP service to use as IDP. | ldaps://localhost:9235 | +`OC_LDAP_URI` | 1.0.0 | string | URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://' | ldaps://localhost:9235 | `OC_LDAP_USER_BASE_DN` | 1.0.0 | string | Search base DN for looking up LDAP users. | ou=users,o=libregraph-idm | -`OC_LDAP_USER_ENABLED_ATTRIBUTE` | 1.0.0 | string | LDAP Attribute to use as a flag telling if the user is enabled or disabled. | openCloudUserEnabled | +`OC_LDAP_USER_ENABLED_ATTRIBUTE` | 1.0.0 | string | LDAP attribute to use as a flag telling if the user is enabled or disabled. | openclouduserenabled | `OC_LDAP_USER_FILTER` | 1.0.0 | string | LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'. | | -`OC_LDAP_USER_OBJECTCLASS` | 1.0.0 | string | LDAP User ObjectClass like 'inetOrgPerson'. | inetOrgPerson | +`OC_LDAP_USER_OBJECTCLASS` | 1.0.0 | string | The object class to use for users in the default user search filter like 'inetOrgPerson'. | inetOrgPerson | `OC_LDAP_USER_SCHEMA_DISPLAYNAME` | 1.0.0 | string | LDAP Attribute to use for the displayname of users. | displayname | -`OC_LDAP_USER_SCHEMA_ID` | 1.0.0 | string | LDAP User UUID attribute like 'uid'. | openCloudUUID | +`OC_LDAP_USER_SCHEMA_ID` | 1.0.0 | string | LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID. | openclouduuid | `OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's. | false | -`OC_LDAP_USER_SCHEMA_MAIL` | 1.0.0 | string | LDAP User email attribute like 'mail'. | mail | -`OC_LDAP_USER_SCHEMA_TENANT_ID` | next | string | LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment. | | -`OC_LDAP_USER_SCHEMA_USERNAME` | 1.0.0 | string | LDAP User name attribute like 'displayName'. | displayName | +`OC_LDAP_USER_SCHEMA_MAIL` | 1.0.0 | string | LDAP Attribute to use for the email address of users. | mail | +`OC_LDAP_USER_SCHEMA_TENANT_ID` | 4.0.0 | string | LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment. | | +`OC_LDAP_USER_SCHEMA_USERNAME` | 1.0.0 | string | LDAP Attribute to use for username of users. | uid | `OC_LDAP_USER_SCHEMA_USER_TYPE` | 1.0.0 | string | LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'. | openCloudUserType | -`OC_LDAP_USER_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'. | sub | -`OC_LOG_COLOR` | 1.0.0 | bool | Activates colorized log output. | false | -`OC_LOG_FILE` | 1.0.0 | string | The path to the log file. Activates logging to this file if set. | | -`OC_LOG_LEVEL` | 1.0.0 | string | The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. | | -`OC_LOG_PRETTY` | 1.0.0 | bool | Activates pretty log output. | false | -`OC_MACHINE_AUTH_API_KEY` | 1.0.0 | string | Machine auth API key used to validate internal requests necessary to access resources from other services. | | -`OC_MAX_CONCURRENCY` | 1.0.0 | int | Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used. | 1 | -`OC_OIDC_ISSUER` | 1.0.0 | string | URL of the OIDC issuer. It defaults to URL of the builtin IDP. | https://localhost:9200 | +`OC_LDAP_USER_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'. | sub | +`OC_LOG_LEVEL` | 1.0.0 | string | The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. | error | +`OC_MACHINE_AUTH_API_KEY` | 1.0.0 | string | Machine auth API key used to validate internal requests necessary for the access to resources from other services. | | +`OC_MAX_CONCURRENCY` | 1.0.0 | int | Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used. | 5 | +`OC_OIDC_ISSUER` | 1.0.0 | string | The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. | https://localhost:9200 | `OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST` | 1.0.0 | string | Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details. | | `OC_PASSWORD_POLICY_DISABLED` | 1.0.0 | bool | Disable the password policy. Defaults to false if not set. | false | `OC_PASSWORD_POLICY_MIN_CHARACTERS` | 1.0.0 | int | Define the minimum password length. Defaults to 8 if not set. | 8 | @@ -90,28 +87,24 @@ `OC_PERSISTENT_STORE_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. | | `OC_PERSISTENT_STORE_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. | | `OC_PERSISTENT_STORE_NODES` | 1.0.0 | []string | A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details. | [127.0.0.1:9233] | -`OC_PERSISTENT_STORE_TTL` | 1.0.0 | Duration | Time to live for events in the store. See the Environment Variable Types description for more details. | 0s | +`OC_PERSISTENT_STORE_TTL` | 1.0.0 | Duration | Time to live for notifications in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details. | 336h0m0s | `OC_REVA_GATEWAY` | 1.0.0 | string | The CS3 gateway endpoint. | eu.opencloud.api.gateway | `OC_SERVICE_ACCOUNT_ID` | 1.0.0 | string | The ID of the service account the service should use. See the 'auth-service' service description for more details. | | `OC_SERVICE_ACCOUNT_SECRET` | 1.0.0 | string | The service account secret. | | `OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords on all public shares. | true | `OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false. | false | `OC_SHOW_USER_EMAIL_IN_RESULTS` | 1.0.0 | bool | Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses. | false | -`OC_SPACES_MAX_QUOTA` | 1.0.0 | uint64 | Set the global max quota value in bytes. A value of 0 equals unlimited. The value is provided via capabilities. | 0 | -`OC_SYSTEM_USER_API_KEY` | next | string | API key for the STORAGE-SYSTEM system user. | | -`OC_SYSTEM_USER_ID` | next | string | ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. | | -`OC_SYSTEM_USER_IDP` | next | string | IDP of the OpenCloud STORAGE-SYSTEM system user. | internal | -`OC_TRACING_COLLECTOR` | 1.0.0 | string | The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. | | -`OC_TRACING_ENABLED` | 1.0.0 | bool | Activates tracing. | false | -`OC_TRACING_ENDPOINT` | 1.0.0 | string | The endpoint of the tracing agent. | | -`OC_TRACING_TYPE` | 1.0.0 | string | The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. | | +`OC_SPACES_MAX_QUOTA` | 1.0.0 | uint64 | Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OC_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service. | 0 | +`OC_SYSTEM_USER_API_KEY` | 1.0.0 | string | API key for the STORAGE-SYSTEM system user. | | +`OC_SYSTEM_USER_ID` | 1.0.0 | string | ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. | | +`OC_SYSTEM_USER_IDP` | 1.0.0 | string | IDP of the OpenCloud STORAGE-SYSTEM system user. | internal | `OC_TRANSFER_SECRET` | 1.0.0 | string | Transfer secret for signing file up- and download requests. | | `OC_TRANSLATION_PATH` | 1.0.0 | string | (optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details. | | -`OC_URL` | 1.0.0 | string | Base url to navigate back from the app to the containing folder in the file list. | https://localhost:9200/ | +`OC_URL` | 1.0.0 | string | The public facing URL of the OpenCloud Web UI, used e.g. when sending notification eMails | https://localhost:9200 | `OC_WOPI_DISABLE_CHAT` | 1.0.0 | bool | Disable the chat functionality of the office app. | false | -`SEARCH_EVENTS_ACK_WAIT` | next | Duration | The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes. | 1m0s | -`SEARCH_EVENTS_MAX_ACK_PENDING` | next | int | The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time. | 1000 | -`STORAGE_GATEWAY_GRPC_ADDR` | 1.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system | -`STORAGE_GRPC_ADDR` | 1.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system | +`SEARCH_EVENTS_ACK_WAIT` | 4.0.0 | Duration | The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes. | 1m0s | +`SEARCH_EVENTS_MAX_ACK_PENDING` | 4.0.0 | int | The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time. | 1000 | +`STORAGE_GATEWAY_GRPC_ADDR` | 4.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system | +`STORAGE_GRPC_ADDR` | 4.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system | `STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY` | 1.0.0 | Duration | The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details. | 0s | `STORAGE_USERS_PERMISSION_ENDPOINT` | 1.0.0 | string | Endpoint of the permissions service. The endpoints can differ for 'decomposed' and 'decomposeds3'. | eu.opencloud.api.settings | \ No newline at end of file diff --git a/static/env-vars/graph-config-example.yaml b/static/env-vars/graph-config-example.yaml index 2be6dc6b..38a2991a 100644 --- a/static/env-vars/graph-config-example.yaml +++ b/static/env-vars/graph-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: graph-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error cache: store: memory nodes: diff --git a/static/env-vars/graph_configvars.md b/static/env-vars/graph_configvars.md index bb4d6025..a1d4ab58 100644 --- a/static/env-vars/graph_configvars.md +++ b/static/env-vars/graph_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **graph** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`GRAPH_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`GRAPH_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`GRAPH_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`GRAPH_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`GRAPH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`GRAPH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`GRAPH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`GRAPH_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`GRAPH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`OC_CACHE_STORE`
`GRAPH_CACHE_STORE`| 1.0.0 |string|`The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.`|memory| |`OC_CACHE_STORE_NODES`
`GRAPH_CACHE_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| |`GRAPH_CACHE_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|cache-roles| @@ -96,7 +89,7 @@ Environment variables for the **graph** service |`OC_ENABLE_OCM`
`GRAPH_INCLUDE_OCM_SHAREES`| 1.0.0 |bool|`Include OCM sharees when listing users.`|false| |`OC_EVENTS_ENDPOINT`
`GRAPH_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`GRAPH_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|opencloud-cluster| -|`OC_INSECURE`
`GRAPH_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`GRAPH_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`GRAPH_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`GRAPH_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`GRAPH_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| @@ -111,12 +104,12 @@ Environment variables for the **graph** service |`OC_KEYCLOAK_INSECURE_SKIP_VERIFY`
`GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY`| 1.0.0 |bool|`Disable TLS certificate validation for Keycloak connections. Do not set this in production environments.`|false| |`OC_SERVICE_ACCOUNT_ID`
`GRAPH_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|| |`OC_SERVICE_ACCOUNT_SECRET`
`GRAPH_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| -|`GRAPH_STORAGE_GATEWAY_GRPC_ADDR`
`STORAGE_GATEWAY_GRPC_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| -|`GRAPH_STORAGE_GRPC_ADDR`
`STORAGE_GRPC_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| -|`OC_SYSTEM_USER_ID`
`GRAPH_SYSTEM_USER_ID`| next |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| -|`OC_SYSTEM_USER_IDP`
`GRAPH_SYSTEM_USER_IDP`| next |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| -|`OC_SYSTEM_USER_API_KEY`| next |string|`API key for the STORAGE-SYSTEM system user.`|| -|`GRAPH_USER_SOFT_DELETE_RETENTION_TIME`| next |Duration|`The time after which a soft-deleted user is permanently deleted. If set to 0 (default), there is no soft delete retention time and users are deleted immediately after being soft-deleted. If set to a positive value, the user will be kept in the system for that duration before being permanently deleted.`|0s| +|`GRAPH_STORAGE_GATEWAY_GRPC_ADDR`
`STORAGE_GATEWAY_GRPC_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`GRAPH_STORAGE_GRPC_ADDR`
`STORAGE_GRPC_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|eu.opencloud.api.storage-system| +|`OC_SYSTEM_USER_ID`
`GRAPH_SYSTEM_USER_ID`| 4.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|| +|`OC_SYSTEM_USER_IDP`
`GRAPH_SYSTEM_USER_IDP`| 4.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|internal| +|`OC_SYSTEM_USER_API_KEY`| 4.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|| +|`GRAPH_USER_SOFT_DELETE_RETENTION_TIME`| 4.0.0 |Duration|`The time after which a soft-deleted user is permanently deleted. If set to 0 (default), there is no soft delete retention time and users are deleted immediately after being soft-deleted. If set to a positive value, the user will be kept in the system for that duration before being permanently deleted.`|0s| |`OC_PERSISTENT_STORE_NODES`
`GRAPH_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|[127.0.0.1:9233]| |`GRAPH_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|graph| |`OC_PERSISTENT_STORE_AUTH_USERNAME`
`GRAPH_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| diff --git a/static/env-vars/graph_readme.md b/static/env-vars/graph_readme.md index 270cdcbf..6c24fbc3 100644 --- a/static/env-vars/graph_readme.md +++ b/static/env-vars/graph_readme.md @@ -1,6 +1,6 @@ --- title: Graph -date: 2025-11-11T09:16:41.111563105+01:00 +date: 2026-01-13T10:10:18.222342223+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/graph @@ -15,7 +15,7 @@ geekdocCollapseSection: true The graph service provides the Graph API which is a RESTful web API used to access OpenCloud resources. It is inspired by the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/use-the-api) -and can be used by clients or other services or extensions. Visit the [Libre Graph API](https://docs.opencloud.eu/libre-graph-api/) +and can be used by clients or other services or extensions. Visit the [Libre Graph API](https://docs.opencloud.eu/swagger/libre-graph-api/) for a detailed specification of the API implemented by the graph service. @@ -54,7 +54,7 @@ The graph service provides endpoints for querying users and groups. It features ### LDAP Configuration The LDAP backend is configured using a set of environment variables. A detailed list of all the -available configuration options can be found in the [documentation](https://docs.opencloud.eu/services/graph/configuration/#environment-variables). +available configuration options can be found in the [documentation](https://docs.opencloud.eu/docs/dev/server/services/graph/environment-variables). The LDAP related options are prefixed with `OC_LDAP_` (or `GRAPH_LDAP_` for settings specific to graph service). #### Read-Only Access to Existing LDAP Servers @@ -62,8 +62,7 @@ The LDAP related options are prefixed with `OC_LDAP_` (or `GRAPH_LDAP_` for sett To connect the graph service to an existing LDAP server, set `OC_LDAP_SERVER_WRITE_ENABLED` to `false` to prevent the graph service from sending write operations to the LDAP server. Also set the various `OC_LDAP_*` environment variables to match the configuration of the LDAP server you are connecting -to. An example configuration for connecting OpenCloud to an instance of Microsoft Active Directory is -available [here](https://docs.opencloud.eu/opencloud/identity-provider/ldap-active-directory/). +to. A more detailed explanation can be found [here](https://docs.opencloud.eu/docs/admin/configuration/authentication-and-user-management/. #### Using a Write Enabled LDAP Server @@ -77,13 +76,13 @@ respect to the available schema: object class for groups. * The graph service maintains a few additional attributes for users and groups that are not available in the standard LDAP schema. An schema file, ready to use with OpenLDAP, defining those - additional attributes is available [here](https://github.com/opencloud-eu/opencloud/blob/main/deployments/examples/shared/config/ldap/schemas/10_opencloud_schema.ldif) + additional attributes is available [here](https://github.com/opencloud-eu/opencloud-compose/blob/main/config/ldap/schemas/10_opencloud_schema.ldif) ## Query Filters Provided by the Graph API Some API endpoints provided by the graph service allow to specify query filters. The filter syntax is based on the [OData Specification](https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part1-protocol.html#sec_SystemQueryOptionfilter). -See the [Libre Graph API](https://docs.opencloud.eu/libre-graph-api/#/users/ListUsers) for examples +See the [Libre Graph API](https://docs.opencloud.eu/swagger/libre-graph-api/#/users/ListUsers) for examples on the filters supported when querying users. ## Caching @@ -96,10 +95,6 @@ The `graph` service can use a configured store via `GRAPH_CACHE_STORE`. Possible Other store types may work but are not supported currently. -Note: The service can only be scaled if not using `memory` store and the stores are configured identically over all instances! - -Note that if you have used one of the deprecated stores, you should reconfigure to one of the supported ones as the deprecated stores will be removed in a later version. - Store specific notes: - When using `redis-sentinel`, the Redis master to use is configured via e.g. `OC_CACHE_STORE_NODES` in the form of `:/` like `10.10.0.200:26379/mymaster`. - When using `nats-js-kv` it is recommended to set `OC_CACHE_STORE_NODES` to the same value as `OC_EVENTS_ENDPOINT`. That way the cache uses the same nats instance as the event bus. @@ -127,7 +122,9 @@ The client that is used to authenticate with keycloak has to be able to list use * `view-events` * `view-authorization` -Note that these roles are only available to assign if the client is in the `master` realm. +:::note +These roles are only available to assign if the client is in the `master` realm. +::: ## Translations @@ -143,7 +140,9 @@ For example, for the language `de`, one needs to place the corresponding transla -Important: For the time being, the embedded OpenCloud Web frontend only supports the main language code but does not handle any territory. When strings are available in the language code `language_territory`, the web frontend does not see it as it only requests `language`. In consequence, any translations made must exist in the requested `language` to avoid a fallback to the default. +:::warning +For the time being, the embedded OpenCloud Web frontend only supports the main language code but does not handle any territory. When strings are available in the language code `language_territory`, the web frontend does not see it as it only requests `language`. In consequence, any translations made must exist in the requested `language` to avoid a fallback to the default. +::: ### Translation Rules @@ -159,8 +158,9 @@ The default language can be defined via the `OC_DEFAULT_LANGUAGE` environment va Unified Roles are roles granted a user for sharing and can be enabled or disabled. A CLI command is provided to list existing roles and their state among other data. -::: info +:::info Note that a disabled role does not lose previously assigned permissions. It only means that the role is not available for new assignments. +::: The following roles are **enabled** by default: diff --git a/static/env-vars/groups-config-example.yaml b/static/env-vars/groups-config-example.yaml index f400c81b..ddcb8791 100644 --- a/static/env-vars/groups-config-example.yaml +++ b/static/env-vars/groups-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: groups-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9161 token: "" diff --git a/static/env-vars/groups_configvars.md b/static/env-vars/groups_configvars.md index 13695054..a626090f 100644 --- a/static/env-vars/groups_configvars.md +++ b/static/env-vars/groups_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **groups** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`GROUPS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`GROUPS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`GROUPS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`GROUPS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`GROUPS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`GROUPS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`GROUPS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`GROUPS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`GROUPS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`GROUPS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9161| |`GROUPS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`GROUPS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/groups_readme.md b/static/env-vars/groups_readme.md index 4c092d6b..acad314d 100644 --- a/static/env-vars/groups_readme.md +++ b/static/env-vars/groups_readme.md @@ -1,6 +1,6 @@ --- title: Groups -date: 2025-11-27T22:56:02.332899+01:00 +date: 2026-01-13T10:10:18.222424958+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/groups diff --git a/static/env-vars/idm-config-example.yaml b/static/env-vars/idm-config-example.yaml index b527a2ae..b0df3da7 100644 --- a/static/env-vars/idm-config-example.yaml +++ b/static/env-vars/idm-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: idm-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9239 token: "" diff --git a/static/env-vars/idm_configvars.md b/static/env-vars/idm_configvars.md index e01db097..68274f01 100644 --- a/static/env-vars/idm_configvars.md +++ b/static/env-vars/idm_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **idm** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`IDM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`IDM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`IDM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`IDM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`IDM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`IDM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`IDM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`IDM_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`IDM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`IDM_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9239| |`IDM_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`IDM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/idm_readme.md b/static/env-vars/idm_readme.md index 96955c52..aaa559f1 100644 --- a/static/env-vars/idm_readme.md +++ b/static/env-vars/idm_readme.md @@ -1,6 +1,6 @@ --- title: IDM -date: 2025-11-11T09:16:41.111633407+01:00 +date: 2026-01-13T10:10:18.222487396+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/idm diff --git a/static/env-vars/idp-config-example.yaml b/static/env-vars/idp-config-example.yaml index 859f26b8..02687369 100644 --- a/static/env-vars/idp-config-example.yaml +++ b/static/env-vars/idp-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: idp-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9134 token: "" diff --git a/static/env-vars/idp_configvars.md b/static/env-vars/idp_configvars.md index 2f4d87f6..85ec8580 100644 --- a/static/env-vars/idp_configvars.md +++ b/static/env-vars/idp_configvars.md @@ -3,14 +3,7 @@ Environment variables for the **idp** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| |`IDP_PASSWORD_RESET_URI`| 1.0.0 |string|`The URI where a user can reset their password.`|| -|`OC_TRACING_ENABLED`
`IDP_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`IDP_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`IDP_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`IDP_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`IDP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`IDP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`IDP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`IDP_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`IDP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`IDP_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9134| |`IDP_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`IDP_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -37,7 +30,7 @@ Environment variables for the **idp** service |`IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION`| 1.0.0 |bool|`Allow dynamic client registration.`|false| |`IDP_ENCRYPTION_SECRET_FILE`| 1.0.0 |string|`Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thus invalidating all existing sessions. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|/home/chaser/.opencloud/idp/encryption.key| |`IDP_DEFAULT_SIGNIN_PAGE_TEXT`| 2.0.0 |string|``|| -|`IDP_DEFAULT_LOGO_TARGET_URI`| next |string|`Default logo target URI.`|https://opencloud.eu| +|`IDP_DEFAULT_LOGO_TARGET_URI`| 4.0.0 |string|`Default logo target URI.`|https://opencloud.eu| |`IDP_SIGNING_KID`| 1.0.0 |string|`Value of the KID (Key ID) field which is used in created tokens to uniquely identify the signing-private-key.`|private-key| |`IDP_SIGNING_METHOD`| 1.0.0 |string|`Signing method of IDP requests like 'PS256'`|PS256| |`IDP_SIGNING_PRIVATE_KEY_FILES`| 1.0.0 |[]string|`A list of private key files for signing IDP requests. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. See the Environment Variable Types description for more details.`|[/home/chaser/.opencloud/idp/private-key.pem]| diff --git a/static/env-vars/idp_readme.md b/static/env-vars/idp_readme.md index 03a4232a..5101bd21 100644 --- a/static/env-vars/idp_readme.md +++ b/static/env-vars/idp_readme.md @@ -1,6 +1,6 @@ --- title: IDP -date: 2025-11-11T09:16:41.111690554+01:00 +date: 2026-01-13T10:10:18.222546877+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/idp @@ -17,7 +17,7 @@ This service provides a builtin minimal OpenID Connect provider based on [LibreG It is mainly targeted at smaller installations. For larger setups it is recommended to replace IDP with an external OpenID Connect Provider. -By default, it is configured to use the OpenCloud IDM service as its LDAP backend for looking up and authenticating users. Other backends like an external LDAP server can be configured via a set of [enviroment variables](https://docs.opencloud.eu/services/idp/configuration/#environment-variables). +By default, it is configured to use the OpenCloud IDM service as its LDAP backend for looking up and authenticating users. Other backends like an external LDAP server can be configured via a set of [enviroment variables](https://docs.opencloud.eu/docs/dev/server/services/idp/environment-variables). Note that translations provided by the IDP service are not maintained via OpenCloud but part of the embedded [LibreGraph Connect Identifier](https://github.com/libregraph/lico/tree/master/identifier) package. diff --git a/static/env-vars/invitations-config-example.yaml b/static/env-vars/invitations-config-example.yaml index 8aa46fe0..85264d87 100644 --- a/static/env-vars/invitations-config-example.yaml +++ b/static/env-vars/invitations-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: invitations-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9269 token: "" diff --git a/static/env-vars/invitations_configvars.md b/static/env-vars/invitations_configvars.md index 63c9fa99..34906594 100644 --- a/static/env-vars/invitations_configvars.md +++ b/static/env-vars/invitations_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **invitations** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`INVITATIONS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`INVITATIONS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`INVITATIONS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`INVITATIONS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`INVITATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`INVITATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`INVITATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`INVITATIONS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`INVITATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`INVITATIONS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9269| |`INVITATIONS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`INVITATIONS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/invitations_readme.md b/static/env-vars/invitations_readme.md index b0f96185..f2be21c3 100644 --- a/static/env-vars/invitations_readme.md +++ b/static/env-vars/invitations_readme.md @@ -1,6 +1,6 @@ --- title: Invitations -date: 2025-11-11T09:16:41.111743805+01:00 +date: 2026-01-13T10:10:18.222599847+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/invitations diff --git a/static/env-vars/nats-config-example.yaml b/static/env-vars/nats-config-example.yaml index 8623983a..8038ba69 100644 --- a/static/env-vars/nats-config-example.yaml +++ b/static/env-vars/nats-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: nats-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9234 token: "" diff --git a/static/env-vars/nats_configvars.md b/static/env-vars/nats_configvars.md index 0586c4bc..6296e262 100644 --- a/static/env-vars/nats_configvars.md +++ b/static/env-vars/nats_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **nats** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`NATS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`NATS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`NATS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`NATS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`NATS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`NATS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`NATS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`NATS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`NATS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`NATS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9234| |`NATS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`NATS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/nats_readme.md b/static/env-vars/nats_readme.md index 53708bc5..b5487d64 100644 --- a/static/env-vars/nats_readme.md +++ b/static/env-vars/nats_readme.md @@ -1,6 +1,6 @@ --- title: Nats -date: 2025-11-11T09:16:41.111801643+01:00 +date: 2026-01-13T10:10:18.222650873+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/nats diff --git a/static/env-vars/notifications-config-example.yaml b/static/env-vars/notifications-config-example.yaml index 352c98a3..e2a86b0f 100644 --- a/static/env-vars/notifications-config-example.yaml +++ b/static/env-vars/notifications-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: notifications-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9174 token: "" diff --git a/static/env-vars/notifications_configvars.md b/static/env-vars/notifications_configvars.md index d0658b78..f6140b61 100644 --- a/static/env-vars/notifications_configvars.md +++ b/static/env-vars/notifications_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **notifications** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`NOTIFICATIONS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`NOTIFICATIONS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`NOTIFICATIONS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`NOTIFICATIONS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`NOTIFICATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`NOTIFICATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`NOTIFICATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`NOTIFICATIONS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`NOTIFICATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`NOTIFICATIONS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9174| |`NOTIFICATIONS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`NOTIFICATIONS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -25,7 +18,7 @@ Environment variables for the **notifications** service |`NOTIFICATIONS_SMTP_ENCRYPTION`| 1.0.0 |string|`Encryption method for the SMTP communication. Possible values are 'starttls', 'ssltls' and 'none'.`|none| |`OC_EVENTS_ENDPOINT`
`NOTIFICATIONS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`NOTIFICATIONS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`NOTIFICATIONS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`NOTIFICATIONS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`NOTIFICATIONS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`NOTIFICATIONS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`NOTIFICATIONS_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/notifications_readme.md b/static/env-vars/notifications_readme.md index 1f08133d..8fb9dad6 100644 --- a/static/env-vars/notifications_readme.md +++ b/static/env-vars/notifications_readme.md @@ -1,6 +1,6 @@ --- title: Notification -date: 2025-11-11T09:16:41.111855915+01:00 +date: 2026-01-13T10:10:18.222705867+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/notifications diff --git a/static/env-vars/ocm-config-example.yaml b/static/env-vars/ocm-config-example.yaml index a633511a..8b553337 100644 --- a/static/env-vars/ocm-config-example.yaml +++ b/static/env-vars/ocm-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: ocm-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9281 token: "" @@ -86,6 +77,8 @@ ocmd: sciencemesh: prefix: sciencemesh science_mesh_directory_url: "" + directory_service_urls: "" + invite_accept_dialog: /open-cloud-mesh/accept-invite ocm_invite_manager: driver: json drivers: diff --git a/static/env-vars/ocm_configvars.md b/static/env-vars/ocm_configvars.md index 51c6998d..93ada47c 100644 --- a/static/env-vars/ocm_configvars.md +++ b/static/env-vars/ocm_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **ocm** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`OCM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`OCM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`OCM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`OCM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`OCM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`OCM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`OCM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`OCM_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`OCM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`OCM_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9281| |`OCM_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`OCM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -27,7 +20,7 @@ Environment variables for the **ocm** service |`OC_SERVICE_ACCOUNT_SECRET`
`OCM_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|| |`OC_EVENTS_ENDPOINT`
`OCM_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`OCM_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`OCM_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`OCM_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`OCM_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided OCM_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`OCM_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`OCM_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| @@ -40,6 +33,8 @@ Environment variables for the **ocm** service |`OCM_OCMD_EXPOSE_RECIPIENT_DISPLAY_NAME`| 1.0.0 |bool|`Expose the display name of OCM share recipients.`|false| |`OCM_SCIENCEMESH_PREFIX`| 1.0.0 |string|`URL path prefix for the ScienceMesh service. Note that the string must not start with '/'.`|sciencemesh| |`OCM_MESH_DIRECTORY_URL`| 1.0.0 |string|`URL of the mesh directory service.`|| +|`OCM_DIRECTORY_SERVICE_URLS`| 3.5.0 |string|`Space delimited URLs of the directory services.`|| +|`OCM_INVITE_ACCEPT_DIALOG`| 3.5.0 |string|`/open-cloud-mesh/accept-invite;The frontend URL where to land when receiving an invitation`|/open-cloud-mesh/accept-invite| |`OCM_OCM_INVITE_MANAGER_DRIVER`| 1.0.0 |string|`Driver to be used to persist OCM invites. Supported value is only 'json'.`|json| |`OCM_OCM_INVITE_MANAGER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM invite data will be stored. This file is maintained by the instance and must not be changed manually. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/ocm.`|/home/chaser/.opencloud/storage/ocm/ocminvites.json| |`OCM_OCM_INVITE_MANAGER_TOKEN_EXPIRATION`| 1.0.0 |Duration|`Expiry duration for invite tokens.`|24h0m0s| diff --git a/static/env-vars/ocm_readme.md b/static/env-vars/ocm_readme.md index e082ef26..d0f27331 100644 --- a/static/env-vars/ocm_readme.md +++ b/static/env-vars/ocm_readme.md @@ -1,6 +1,6 @@ --- title: OCM -date: 2025-11-11T09:16:41.111971653+01:00 +date: 2026-01-13T10:10:18.222775277+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/ocm @@ -126,8 +126,9 @@ When all instances of a federation should trust each other, an `ocmproviders.jso ] ``` -::: info +:::info Note: the `domain` must not contain the protocol as it has to match the [GOCDB site object domain](https://developer.sciencemesh.io/docs/technical-documentation/central-database/#site-object). +::: The above federation consists of two instances: `cloud1.opencloud.test` and `cloud2.opencloud.test` that can use the Invitation workflow described below to generate, send and accept invitations. @@ -135,18 +136,19 @@ The above federation consists of two instances: `cloud1.opencloud.test` and `clo Before sharing a resource with a remote user this user has to be invited by the sharer. -In order to do so a POST request is sent to the `generate-invite` endpoint of the sciencemesh API. The generated token is passed on to the receiver, who will then use the `accept-invite` endpoint to accept the invitation. As a result remote users will be added to the `ocminvitemanager` on both sides. See [invitation flow](invitation_flow) for the according sequence diagram. +In order to do so a POST request is sent to the `generate-invite` endpoint of the sciencemesh API. The generated token is passed on to the receiver, who will then use the `accept-invite` endpoint to accept the invitation. As a result remote users will be added to the `ocminvitemanager` on both sides. See [invitation flow](invitation-flow) for the according sequence diagram. The data backend of the `ocminvitemanager` is configurable. The only supported backend currently is `json` which stores the data in a json file on disk. ## Creating Shares -::: info +:::info The below info is outdated as we allow creating federated shares using the graph API. Clients can now discover the available sharing roles and invite federated users using the graph API. +::: OCM Shares are currently created using the ocs API, just like regular shares. The difference is the share type, which is 6 (ShareTypeFederatedCloudShare) in this case, and a few additional parameters required for identifying the remote user. -See [Create share flow](create_share_flow) for the according sequence diagram. +See [Create share flow](create-share-flow) for the according sequence diagram. The data backends of the `ocmshareprovider` and `ocmcore` services are configurable. The only supported backend currently is `json` which stores the data in a json file on disk. diff --git a/static/env-vars/ocs-config-example.yaml b/static/env-vars/ocs-config-example.yaml index ff512367..2e63bd33 100644 --- a/static/env-vars/ocs-config-example.yaml +++ b/static/env-vars/ocs-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: ocs-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9114 token: "" diff --git a/static/env-vars/ocs_configvars.md b/static/env-vars/ocs_configvars.md index 7e87ce0e..51d5c3cb 100644 --- a/static/env-vars/ocs_configvars.md +++ b/static/env-vars/ocs_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **ocs** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`OCS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`OCS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`OCS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`OCS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`OCS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`OCS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`OCS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`OCS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`OCS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`OCS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9114| |`OCS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`OCS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/ocs_readme.md b/static/env-vars/ocs_readme.md index 88b93754..ce74f69e 100644 --- a/static/env-vars/ocs_readme.md +++ b/static/env-vars/ocs_readme.md @@ -1,6 +1,6 @@ --- title: OCS Service -date: 2025-11-11T09:16:41.112030514+01:00 +date: 2026-01-13T10:10:18.222836282+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/ocs diff --git a/static/env-vars/policies-config-example.yaml b/static/env-vars/policies-config-example.yaml index ac0e05f1..e01fa0b5 100644 --- a/static/env-vars/policies-config-example.yaml +++ b/static/env-vars/policies-config-example.yaml @@ -18,19 +18,10 @@ events: username: "" password: "" grpc_client_tls: null -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error engine: timeout: 10s policies: [] mimes: "" postprocessing: query: "" -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" diff --git a/static/env-vars/policies_configvars.md b/static/env-vars/policies_configvars.md index 51e90883..86583d38 100644 --- a/static/env-vars/policies_configvars.md +++ b/static/env-vars/policies_configvars.md @@ -9,19 +9,12 @@ Environment variables for the **policies** service |`POLICIES_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| |`OC_EVENTS_ENDPOINT`
`POLICIES_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`POLICIES_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`POLICIES_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether the server should skip the client certificate verification during the TLS handshake.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`POLICIES_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether the server should skip the client certificate verification during the TLS handshake.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`POLICIES_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided POLICIES_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`POLICIES_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`POLICIES_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| |`OC_EVENTS_AUTH_PASSWORD`
`POLICIES_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| -|`OC_LOG_LEVEL`
`POLICIES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`POLICIES_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`POLICIES_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`POLICIES_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`POLICIES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`POLICIES_ENGINE_TIMEOUT`| 1.0.0 |Duration|`Sets the timeout the rego expression evaluation can take. Rules default to deny if the timeout was reached. See the Environment Variable Types description for more details.`|10s| |`POLICIES_ENGINE_MIMES`| 1.0.0 |string|`Sets the mimes file path which maps mimetypes to associated file extensions. See the text description for details.`|| |`POLICIES_POSTPROCESSING_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Defaults to deny if the variable was not found.`|| -|`OC_TRACING_ENABLED`
`POLICIES_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`POLICIES_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`POLICIES_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`POLICIES_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| diff --git a/static/env-vars/policies_readme.md b/static/env-vars/policies_readme.md index 3e2cee25..f58de56a 100644 --- a/static/env-vars/policies_readme.md +++ b/static/env-vars/policies_readme.md @@ -1,6 +1,6 @@ --- title: Policies -date: 2025-11-11T09:16:41.112107899+01:00 +date: 2026-01-13T10:10:18.223157206+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/policies @@ -165,7 +165,7 @@ Note that additional steps can be configured and their position in the list defi ## Rego Key Match -To identify available keys for OPA, you need to look at [engine.go](https://github.com/opencloud-eu/opencloud/blob/main/services/policies/pkg/engine/engine.go) and the [policies.swagger.json](https://github.com/opencloud/blob/blob/master/protogen/gen/opencloud/services/policies/v0/policies.swagger.json) file. Note that which keys are available depends on from which module it is used. +To identify available keys for OPA, you need to look at [engine.go](https://github.com/opencloud-eu/opencloud/blob/main/services/policies/pkg/engine/engine.go) and the [policies.swagger.json](https://github.com/opencloud-eu/opencloud/blob/master/protogen/gen/opencloud/services/policies/v0/policies.swagger.json) file. Note that which keys are available depends on from which module it is used. ## Extend Mimetype File Extension Mapping @@ -193,5 +193,5 @@ A good example of how such a file should be formatted can be found in the [Apach ## Example Policies -The policies service contains a set of preconfigured example policies. See the [deployment examples](https://github.com/opencloud-eu/opencloud/tree/main/deployments/examples) directory for details. The contained policies disallow OpenCloud to create certain file types, both via the proxy middleware and the events service via postprocessing. +The policies service contains a set of preconfigured example policies. See the [devtools policie](https://github.com/opencloud-eu/opencloud/tree/main/devtools/deployments/service_policies/policies/) directory for details. The contained policies disallow OpenCloud to create certain file types, both via the proxy middleware and the events service via postprocessing. diff --git a/static/env-vars/postprocessing-config-example.yaml b/static/env-vars/postprocessing-config-example.yaml index cf59105f..44db5a74 100644 --- a/static/env-vars/postprocessing-config-example.yaml +++ b/static/env-vars/postprocessing-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: postprocessing-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9255 token: "" diff --git a/static/env-vars/postprocessing_configvars.md b/static/env-vars/postprocessing_configvars.md index 4142c4dd..d5d03f7a 100644 --- a/static/env-vars/postprocessing_configvars.md +++ b/static/env-vars/postprocessing_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **postprocessing** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`POSTPROCESSING_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`POSTPROCESSING_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`POSTPROCESSING_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`POSTPROCESSING_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`POSTPROCESSING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`POSTPROCESSING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`POSTPROCESSING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`POSTPROCESSING_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`POSTPROCESSING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`POSTPROCESSING_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9255| |`POSTPROCESSING_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`POSTPROCESSING_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -23,13 +16,13 @@ Environment variables for the **postprocessing** service |`OC_PERSISTENT_STORE_AUTH_PASSWORD`
`POSTPROCESSING_STORE_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|| |`OC_EVENTS_ENDPOINT`
`POSTPROCESSING_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`POSTPROCESSING_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`POSTPROCESSING_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether the OpenCloud server should skip the client certificate verification during the TLS handshake.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`POSTPROCESSING_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether the OpenCloud server should skip the client certificate verification during the TLS handshake.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`POSTPROCESSING_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided POSTPROCESSING_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`POSTPROCESSING_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`POSTPROCESSING_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| |`OC_EVENTS_AUTH_PASSWORD`
`POSTPROCESSING_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| -|`SEARCH_EVENTS_MAX_ACK_PENDING`| next |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|10000| -|`SEARCH_EVENTS_ACK_WAIT`| next |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|1m0s| +|`SEARCH_EVENTS_MAX_ACK_PENDING`| 4.0.0 |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|10000| +|`SEARCH_EVENTS_ACK_WAIT`| 4.0.0 |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|1m0s| |`POSTPROCESSING_WORKERS`| 1.0.0 |int|`The number of concurrent go routines that fetch events from the event queue.`|3| |`POSTPROCESSING_STEPS`| 1.0.0 |[]string|`A list of postprocessing steps processed in order of their appearance. Currently supported values by the system are: 'virusscan', 'policies' and 'delay'. Custom steps are allowed. See the documentation for instructions. See the Environment Variable Types description for more details.`|[]| |`POSTPROCESSING_DELAY`| 1.0.0 |Duration|`After uploading a file but before making it available for download, a delay step can be added. Intended for developing purposes only. If a duration is set but the keyword 'delay' is not explicitely added to 'POSTPROCESSING_STEPS', the delay step will be processed as last step. In such a case, a log entry will be written on service startup to remind the admin about that situation. See the Environment Variable Types description for more details.`|0s| diff --git a/static/env-vars/postprocessing_readme.md b/static/env-vars/postprocessing_readme.md index a9ae7b5a..f62009fc 100644 --- a/static/env-vars/postprocessing_readme.md +++ b/static/env-vars/postprocessing_readme.md @@ -1,6 +1,6 @@ --- title: Postprocessing -date: 2025-11-11T09:16:41.112195945+01:00 +date: 2026-01-13T10:10:18.223339839+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/postprocessing diff --git a/static/env-vars/proxy-config-example.yaml b/static/env-vars/proxy-config-example.yaml index 37199dc1..d377efdb 100644 --- a/static/env-vars/proxy-config-example.yaml +++ b/static/env-vars/proxy-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: proxy-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9205 token: "" @@ -77,6 +68,14 @@ policies: service: eu.opencloud.web.frontend unprotected: true skip_x_access_token: false + - endpoint: /sciencemesh/federations + service: eu.opencloud.web.ocm + unprotected: true + skip_x_access_token: false + - endpoint: /sciencemesh/discover + service: eu.opencloud.web.ocm + unprotected: true + skip_x_access_token: false - endpoint: /sciencemesh/ service: eu.opencloud.web.ocm skip_x_access_token: false @@ -104,27 +103,27 @@ policies: service: eu.opencloud.web.webdav skip_x_access_token: false - endpoint: /remote.php/ - service: eu.opencloud.web.ocdav + service: eu.opencloud.web.frontend skip_x_access_token: false - endpoint: /dav/ - service: eu.opencloud.web.ocdav + service: eu.opencloud.web.frontend skip_x_access_token: false - endpoint: /webdav/ - service: eu.opencloud.web.ocdav + service: eu.opencloud.web.frontend skip_x_access_token: false - endpoint: /status - service: eu.opencloud.web.ocdav + service: eu.opencloud.web.frontend unprotected: true skip_x_access_token: false - endpoint: /status.php - service: eu.opencloud.web.ocdav + service: eu.opencloud.web.frontend unprotected: true skip_x_access_token: false - endpoint: /index.php/ - service: eu.opencloud.web.ocdav + service: eu.opencloud.web.frontend skip_x_access_token: false - endpoint: /apps/ - service: eu.opencloud.web.ocdav + service: eu.opencloud.web.frontend skip_x_access_token: false - endpoint: /data service: eu.opencloud.web.frontend @@ -230,6 +229,7 @@ auth_middleware: policies_middleware: query: "" csp_config_file_location: "" +csp_config_file_override_location: "" events: endpoint: 127.0.0.1:9233 cluster: opencloud-cluster diff --git a/static/env-vars/proxy_configvars.md b/static/env-vars/proxy_configvars.md index 849c1284..93077e6d 100644 --- a/static/env-vars/proxy_configvars.md +++ b/static/env-vars/proxy_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **proxy** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`PROXY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`PROXY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`PROXY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`PROXY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`PROXY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`PROXY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`PROXY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`PROXY_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`PROXY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`PROXY_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9205| |`PROXY_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`PROXY_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -18,7 +11,7 @@ Environment variables for the **proxy** service |`PROXY_HTTP_ROOT`| 1.0.0 |string|`Subdirectory that serves as the root for this HTTP service.`|/| |`PROXY_TRANSPORT_TLS_CERT`| 1.0.0 |string|`Path/File name of the TLS server certificate (in PEM format) for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|/home/chaser/.opencloud/proxy/server.crt| |`PROXY_TRANSPORT_TLS_KEY`| 1.0.0 |string|`Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the external http services. If not defined, the root directory derives from $OC_BASE_DATA_PATH/proxy.`|/home/chaser/.opencloud/proxy/server.key| -|`PROXY_TLS`| 1.0.0 |bool|`Enable/Disable HTTPS for external HTTP services. Must be set to 'true' if the built-in IDP service an no reverse proxy is used. See the text description for details.`|true| +|`PROXY_TLS`| 1.0.0 |bool|`Enable/Disable HTTPS for external HTTP services. Must be set to 'true' if the built-in IDP service and no reverse proxy is used. See the text description for details.`|true| |`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| |`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| |`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| @@ -65,9 +58,10 @@ Environment variables for the **proxy** service |`PROXY_ENABLE_APP_AUTH`| 1.0.0 |bool|`Allow app authentication. This can be used to authenticate 3rd party applications. Note that auth-app service must be running for this feature to work.`|true| |`PROXY_POLICIES_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Rules default to deny if the variable was not found.`|| |`PROXY_CSP_CONFIG_FILE_LOCATION`| 1.0.0 |string|`The location of the CSP configuration file.`|| +|`PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION`| 4.0.0 |string|`The location of the CSP configuration file override.`|| |`OC_EVENTS_ENDPOINT`
`PROXY_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`PROXY_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|opencloud-cluster| -|`OC_INSECURE`
`PROXY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`PROXY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`PROXY_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`PROXY_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/proxy_readme.md b/static/env-vars/proxy_readme.md index 135b70b2..d7718906 100644 --- a/static/env-vars/proxy_readme.md +++ b/static/env-vars/proxy_readme.md @@ -1,6 +1,6 @@ --- title: Proxy -date: 2025-11-11T09:16:41.112305511+01:00 +date: 2026-01-13T10:10:18.223518235+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/proxy @@ -65,7 +65,7 @@ policies: - endpoint: / service: eu.opencloud.web.web - endpoint: /dav/ - service: eu.opencloud.web.ocdav + service: eu.opencloud.web.frontend ``` For adding _additional_ routes to the default routes use: diff --git a/static/env-vars/search-config-example.yaml b/static/env-vars/search-config-example.yaml index e7ead717..d18c52da 100644 --- a/static/env-vars/search-config-example.yaml +++ b/static/env-vars/search-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: search-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9224 token: "" @@ -52,7 +43,7 @@ engine: username: "" password: "" header: {} - ca_cert: [] + ca_cert: "" retry_on_status: [] disable_retry: false enable_retry_on_timeout: false diff --git a/static/env-vars/search_configvars.md b/static/env-vars/search_configvars.md index ffabbac5..016038b3 100644 --- a/static/env-vars/search_configvars.md +++ b/static/env-vars/search_configvars.md @@ -2,55 +2,48 @@ Environment variables for the **search** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`SEARCH_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`SEARCH_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`SEARCH_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`SEARCH_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`SEARCH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`SEARCH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`SEARCH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`SEARCH_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`SEARCH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`SEARCH_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9224| |`SEARCH_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`SEARCH_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| |`SEARCH_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| -|`SEARCH_GRPC_DISABLED`| next |bool|`Disables the GRPC service. Set this to true if the service should only handle events.`|false| +|`SEARCH_GRPC_DISABLED`| 4.0.0 |bool|`Disables the GRPC service. Set this to true if the service should only handle events.`|false| |`SEARCH_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|127.0.0.1:9220| |`OC_JWT_SECRET`
`SEARCH_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| |`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|eu.opencloud.api.gateway| |`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| |`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| -|`SEARCH_EVENTS_DISABLED`| next |bool|`Disables listening for events. Set this to true if the service should only handle GRPC requests.`|false| +|`SEARCH_EVENTS_DISABLED`| 4.0.0 |bool|`Disables listening for events. Set this to true if the service should only handle GRPC requests.`|false| |`OC_EVENTS_ENDPOINT`
`SEARCH_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`SEARCH_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| |`OC_ASYNC_UPLOADS`
`SEARCH_EVENTS_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|true| |`SEARCH_EVENTS_NUM_CONSUMERS`| 1.0.0 |int|`The amount of concurrent event consumers to start. Event consumers are used for searching files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands.`|1| |`SEARCH_EVENTS_REINDEX_DEBOUNCE_DURATION`| 1.0.0 |int|`The duration in milliseconds the reindex debouncer waits before triggering a reindex of a space that was modified.`|1000| -|`OC_INSECURE`
`SEARCH_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`SEARCH_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`SEARCH_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided SEARCH_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`SEARCH_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`SEARCH_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| |`OC_EVENTS_AUTH_PASSWORD`
`SEARCH_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| -|`SEARCH_EVENTS_MAX_ACK_PENDING`| next |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|1000| -|`SEARCH_EVENTS_ACK_WAIT`| next |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|1m0s| +|`SEARCH_EVENTS_MAX_ACK_PENDING`| 4.0.0 |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|1000| +|`SEARCH_EVENTS_ACK_WAIT`| 4.0.0 |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|1m0s| |`SEARCH_ENGINE_TYPE`| 1.0.0 |string|`Defines which search engine to use. Defaults to 'bleve'. Supported values are: 'bleve'.`|bleve| |`SEARCH_ENGINE_BLEVE_DATA_PATH`| 1.0.0 |string|`The directory where the filesystem will store search data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/search.`|/home/chaser/.opencloud/search| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ADDRESSES`| next |[]string|`The addresses of the OpenSearch nodes..`|[]| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_USERNAME`| next |string|`Username for HTTP Basic Authentication.`|| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_PASSWORD`| next |string|`Password for HTTP Basic Authentication.`|| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_HEADER`| next |Header|`HTTP headers to include in requests.`|map[]| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_CA_CERT`| next |[]uint8|`CA certificate for TLS connections.`|[]| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_RETRY_ON_STATUS`| next |[]int|`HTTP status codes that trigger a retry.`|[]| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISABLE_RETRY`| next |bool|`Disable retries on errors.`|false| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_RETRY_ON_TIMEOUT`| next |bool|`Enable retries on timeout.`|false| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_MAX_RETRIES`| next |int|`Maximum number of retries for requests.`|0| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_COMPRESS_REQUEST_BODY`| next |bool|`Compress request bodies.`|false| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_ON_START`| next |bool|`Discover nodes on service start.`|false| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_INTERVAL`| next |Duration|`Interval for discovering nodes.`|0s| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_METRICS`| next |bool|`Enable metrics collection.`|false| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_DEBUG_LOGGER`| next |bool|`Enable debug logging.`|false| -|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_INSECURE`| next |bool|`Skip TLS certificate verification.`|false| -|`SEARCH_ENGINE_OPEN_SEARCH_RESOURCE_INDEX_NAME`| next |string|`The name of the OpenSearch index for resources.`|opencloud-resource| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ADDRESSES`| 4.0.0 |[]string|`The addresses of the OpenSearch nodes..`|[]| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_USERNAME`| 4.0.0 |string|`Username for HTTP Basic Authentication.`|| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_PASSWORD`| 4.0.0 |string|`Password for HTTP Basic Authentication.`|| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_HEADER`| 4.0.0 |Header|`HTTP headers to include in requests.`|map[]| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_CA_CERT`| 4.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the opensearch server.`|| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_RETRY_ON_STATUS`| 4.0.0 |[]int|`HTTP status codes that trigger a retry.`|[]| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISABLE_RETRY`| 4.0.0 |bool|`Disable retries on errors.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_RETRY_ON_TIMEOUT`| 4.0.0 |bool|`Enable retries on timeout.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_MAX_RETRIES`| 4.0.0 |int|`Maximum number of retries for requests.`|0| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_COMPRESS_REQUEST_BODY`| 4.0.0 |bool|`Compress request bodies.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_ON_START`| 4.0.0 |bool|`Discover nodes on service start.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_INTERVAL`| 4.0.0 |Duration|`Interval for discovering nodes.`|0s| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_METRICS`| 4.0.0 |bool|`Enable metrics collection.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_DEBUG_LOGGER`| 4.0.0 |bool|`Enable debug logging.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_INSECURE`| 4.0.0 |bool|`Skip TLS certificate verification.`|false| +|`SEARCH_ENGINE_OPEN_SEARCH_RESOURCE_INDEX_NAME`| 4.0.0 |string|`The name of the OpenSearch index for resources.`|opencloud-resource| |`SEARCH_EXTRACTOR_TYPE`| 1.0.0 |string|`Defines the content extraction engine. Defaults to 'basic'. Supported values are: 'basic' and 'tika'.`|basic| |`OC_INSECURE`
`SEARCH_EXTRACTOR_CS3SOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the CS3 source.`|false| |`SEARCH_EXTRACTOR_TIKA_TIKA_URL`| 1.0.0 |string|`URL of the tika server.`|http://127.0.0.1:9998| diff --git a/static/env-vars/search_readme.md b/static/env-vars/search_readme.md index 23d71ae5..7a3e7565 100644 --- a/static/env-vars/search_readme.md +++ b/static/env-vars/search_readme.md @@ -1,6 +1,6 @@ --- title: Search -date: 2025-11-11T09:16:41.112426278+01:00 +date: 2026-01-13T10:10:18.223662306+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/search diff --git a/static/env-vars/settings-config-example.yaml b/static/env-vars/settings-config-example.yaml index f4f73338..0c46f716 100644 --- a/static/env-vars/settings-config-example.yaml +++ b/static/env-vars/settings-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: settings-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9194 token: "" diff --git a/static/env-vars/settings_configvars.md b/static/env-vars/settings_configvars.md index a4758dd9..93e73f28 100644 --- a/static/env-vars/settings_configvars.md +++ b/static/env-vars/settings_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **settings** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`SETTINGS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`SETTINGS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`SETTINGS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`SETTINGS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`SETTINGS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`SETTINGS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`SETTINGS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`SETTINGS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`SETTINGS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`SETTINGS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9194| |`SETTINGS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`SETTINGS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/settings_readme.md b/static/env-vars/settings_readme.md index 9b37f908..582b7621 100644 --- a/static/env-vars/settings_readme.md +++ b/static/env-vars/settings_readme.md @@ -1,6 +1,6 @@ --- title: Settings -date: 2025-11-11T09:16:41.11261832+01:00 +date: 2026-01-13T10:10:18.223795867+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/settings diff --git a/static/env-vars/sharing-config-example.yaml b/static/env-vars/sharing-config-example.yaml index 41556a87..c674a6ff 100644 --- a/static/env-vars/sharing-config-example.yaml +++ b/static/env-vars/sharing-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: sharing-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9151 token: "" diff --git a/static/env-vars/sharing_configvars.md b/static/env-vars/sharing_configvars.md index 1eb7868a..0a7c13ef 100644 --- a/static/env-vars/sharing_configvars.md +++ b/static/env-vars/sharing_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **sharing** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`SHARING_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`SHARING_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`SHARING_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`SHARING_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`SHARING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`SHARING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`SHARING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`SHARING_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`SHARING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`SHARING_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9151| |`SHARING_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`SHARING_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -22,7 +15,7 @@ Environment variables for the **sharing** service |`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|| |`OC_EVENTS_ENDPOINT`
`SHARING_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`SHARING_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`SHARING_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`SHARING_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`SHARING_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided SHARING_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`SHARING_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`SHARING_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`Username for the events broker.`|| diff --git a/static/env-vars/sharing_readme.md b/static/env-vars/sharing_readme.md index c24134b7..710ef479 100755 --- a/static/env-vars/sharing_readme.md +++ b/static/env-vars/sharing_readme.md @@ -1,6 +1,6 @@ --- title: Sharing -date: 2025-11-27T22:56:02.334524+01:00 +date: 2026-01-13T10:10:18.223922645+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/sharing diff --git a/static/env-vars/sse-config-example.yaml b/static/env-vars/sse-config-example.yaml index 5b884d17..32e7fea6 100644 --- a/static/env-vars/sse-config-example.yaml +++ b/static/env-vars/sse-config-example.yaml @@ -1,21 +1,12 @@ # Autogenerated # Filename: sse-config-example.yaml -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9139 token: "" pprof: false zpages: false -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" keepalive_interval: 0s events: endpoint: 127.0.0.1:9233 diff --git a/static/env-vars/sse_configvars.md b/static/env-vars/sse_configvars.md index ae16b4f5..db29b4db 100644 --- a/static/env-vars/sse_configvars.md +++ b/static/env-vars/sse_configvars.md @@ -2,22 +2,15 @@ Environment variables for the **sse** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_LOG_LEVEL`
`SSE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`SSE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`SSE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`SSE_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`SSE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`SSE_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9139| |`SSE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`SSE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| |`SSE_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|false| -|`OC_TRACING_ENABLED`
`SSE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`SSE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`SSE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`SSE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| |`SSE_KEEPALIVE_INTERVAL`| 1.0.0 |Duration|`To prevent intermediate proxies from closing the SSE connection, send periodic SSE comments to keep it open.`|0s| |`OC_EVENTS_ENDPOINT`
`SSE_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`SSE_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`SSE_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`SSE_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`SSE_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided SSE_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`SSE_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`SSE_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/sse_readme.md b/static/env-vars/sse_readme.md index 40860d9e..bfe31d9a 100644 --- a/static/env-vars/sse_readme.md +++ b/static/env-vars/sse_readme.md @@ -1,6 +1,6 @@ --- title: SSE -date: 2025-11-11T09:16:41.112998164+01:00 +date: 2026-01-13T10:10:18.224035518+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/sse diff --git a/static/env-vars/storage-publiclink-config-example.yaml b/static/env-vars/storage-publiclink-config-example.yaml index fb3cf2d4..f985ac2c 100644 --- a/static/env-vars/storage-publiclink-config-example.yaml +++ b/static/env-vars/storage-publiclink-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: storage-publiclink-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9179 token: "" diff --git a/static/env-vars/storage-publiclink_configvars.md b/static/env-vars/storage-publiclink_configvars.md index ee7394e4..83c3955a 100644 --- a/static/env-vars/storage-publiclink_configvars.md +++ b/static/env-vars/storage-publiclink_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **storage-publiclink** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`STORAGE_PUBLICLINK_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`STORAGE_PUBLICLINK_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`STORAGE_PUBLICLINK_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`STORAGE_PUBLICLINK_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`STORAGE_PUBLICLINK_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`STORAGE_PUBLICLINK_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`STORAGE_PUBLICLINK_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`STORAGE_PUBLICLINK_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`STORAGE_PUBLICLINK_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`STORAGE_PUBLICLINK_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9179| |`STORAGE_PUBLICLINK_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`STORAGE_PUBLICLINK_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/storage-publiclink_readme.md b/static/env-vars/storage-publiclink_readme.md index e5a03492..2238051d 100644 --- a/static/env-vars/storage-publiclink_readme.md +++ b/static/env-vars/storage-publiclink_readme.md @@ -1,6 +1,6 @@ --- title: Storage PublicLink -date: 2025-11-27T22:56:02.334658+01:00 +date: 2026-01-13T10:10:18.224113004+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-publiclink @@ -34,7 +34,7 @@ This service is part of the storage services family and is responsible for: The storage-publiclink service integrates with: - `sharing` service - Manages and persists public link shares -- `frontend` and `ocdav` - Provide HTTP/WebDAV access to public links +- `frontend` service - Provides HTTP/WebDAV access to public links - Storage drivers - Accesses the actual file content ## Storage Registry diff --git a/static/env-vars/storage-shares-config-example.yaml b/static/env-vars/storage-shares-config-example.yaml index 2f19daa8..28b4a50b 100644 --- a/static/env-vars/storage-shares-config-example.yaml +++ b/static/env-vars/storage-shares-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: storage-shares-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9156 token: "" diff --git a/static/env-vars/storage-shares_configvars.md b/static/env-vars/storage-shares_configvars.md index 48de0880..8d79824b 100644 --- a/static/env-vars/storage-shares_configvars.md +++ b/static/env-vars/storage-shares_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **storage-shares** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`STORAGE_SHARES_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`STORAGE_SHARES_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`STORAGE_SHARES_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`STORAGE_SHARES_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`STORAGE_SHARES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`STORAGE_SHARES_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`STORAGE_SHARES_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`STORAGE_SHARES_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`STORAGE_SHARES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`STORAGE_SHARES_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9156| |`STORAGE_SHARES_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`STORAGE_SHARES_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/storage-shares_readme.md b/static/env-vars/storage-shares_readme.md index 37dfc066..33e1be63 100644 --- a/static/env-vars/storage-shares_readme.md +++ b/static/env-vars/storage-shares_readme.md @@ -1,6 +1,6 @@ --- title: Storage Shares -date: 2025-11-27T22:56:02.334725+01:00 +date: 2026-01-13T10:10:18.224194116+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-shares @@ -35,7 +35,7 @@ This service is part of the storage services family and is responsible for: The storage-shares service integrates with: - `sharing` service - Manages and persists shares - `storage-users` service - Accesses the underlying file content -- `frontend` and `ocdav` - Provide HTTP/WebDAV access to shares +- `frontend` service - Provides HTTP/WebDAV access to shares ## Virtual Shares Folder diff --git a/static/env-vars/storage-system-config-example.yaml b/static/env-vars/storage-system-config-example.yaml index fb284651..12c7d3cc 100644 --- a/static/env-vars/storage-system-config-example.yaml +++ b/static/env-vars/storage-system-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: storage-system-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9217 token: "" diff --git a/static/env-vars/storage-system_configvars.md b/static/env-vars/storage-system_configvars.md index 34d66712..a8cbfc2b 100644 --- a/static/env-vars/storage-system_configvars.md +++ b/static/env-vars/storage-system_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **storage-system** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`STORAGE_SYSTEM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`STORAGE_SYSTEM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`STORAGE_SYSTEM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`STORAGE_SYSTEM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`STORAGE_SYSTEM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`STORAGE_SYSTEM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`STORAGE_SYSTEM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`STORAGE_SYSTEM_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`STORAGE_SYSTEM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`STORAGE_SYSTEM_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9217| |`STORAGE_SYSTEM_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint`|| |`STORAGE_SYSTEM_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling`|false| diff --git a/static/env-vars/storage-system_readme.md b/static/env-vars/storage-system_readme.md index b2d947fb..22e8e922 100644 --- a/static/env-vars/storage-system_readme.md +++ b/static/env-vars/storage-system_readme.md @@ -1,6 +1,6 @@ --- title: Storage-System -date: 2025-11-11T09:16:41.113094426+01:00 +date: 2026-01-13T10:10:18.224263978+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-system diff --git a/static/env-vars/storage-users-config-example.yaml b/static/env-vars/storage-users-config-example.yaml index eb0224f6..c664d5f4 100644 --- a/static/env-vars/storage-users-config-example.yaml +++ b/static/env-vars/storage-users-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: storage-users-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9159 token: "" diff --git a/static/env-vars/storage-users_configvars.md b/static/env-vars/storage-users_configvars.md index 0e1490ca..c89e89ea 100644 --- a/static/env-vars/storage-users_configvars.md +++ b/static/env-vars/storage-users_configvars.md @@ -1,24 +1,17 @@ -2025-11-11-09-16-18 +2026-01-13-10-09-59 # Deprecation Notice | Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement | |---|---|---|---| -| | next | | | +| | 4.0.0 | | | Environment variables for the **storage-users** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| |`STORAGE_USERS_SERVICE_NAME`| 1.0.0 |string|`Service name to use. Change this when starting an additional storage provider with a custom configuration to prevent it from colliding with the default 'storage-users' service.`|storage-users| -|`OC_TRACING_ENABLED`
`STORAGE_USERS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`STORAGE_USERS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`STORAGE_USERS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`STORAGE_USERS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`STORAGE_USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`STORAGE_USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`STORAGE_USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`STORAGE_USERS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`STORAGE_USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`STORAGE_USERS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9159| |`STORAGE_USERS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`STORAGE_USERS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -113,14 +106,14 @@ Environment variables for the **storage-users** service |`STORAGE_USERS_POSIX_WATCH_TYPE`| 1.0.0 |string|`Type of the watcher to use for getting notified about changes to the filesystem. Currently available options are 'inotifywait' (default), 'cephfs', 'gpfswatchfolder' and 'gpfsfileauditlogging'.`|| |`STORAGE_USERS_POSIX_WATCH_PATH`| 1.0.0 |string|`Path to the watch directory/file. Only applies to the 'gpfsfileauditlogging' and 'inotifywait' watcher, in which case it is the path of the file audit log file/base directory to watch.`|| |`STORAGE_USERS_POSIX_WATCH_NOTIFICATION_BROKERS,STORAGE_USERS_POSIX_WATCH_FOLDER_KAFKA_BROKERS`| 1.0.0 |string|`Comma-separated list of kafka brokers to read the watchfolder events from.`|| -|`STORAGE_USERS_POSIX_WATCH_ROOT`| next |string|`Path to the watch root directory. Event paths will be considered relative to this path. Only applies to the 'gpswatchfolder' and 'cephfs' watchers.`|| -|`STORAGE_USERS_POSIX_INOTIFY_STATS_FREQUENCY`| next |Duration|`Frequency to log inotify stats.`|5m0s| +|`STORAGE_USERS_POSIX_WATCH_ROOT`| 4.0.0 |string|`Path to the watch root directory. Event paths will be considered relative to this path. Only applies to the 'gpswatchfolder' and 'cephfs' watchers.`|| +|`STORAGE_USERS_POSIX_INOTIFY_STATS_FREQUENCY`| 4.0.0 |Duration|`Frequency to log inotify stats.`|5m0s| |`STORAGE_USERS_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.`|http://localhost:9158/data| |`STORAGE_USERS_DATA_GATEWAY_URL`| 1.0.0 |string|`URL of the data gateway server`|http://localhost:9140/data| |`STORAGE_USERS_TRANSFER_EXPIRES`| 1.0.0 |int64|`The time after which the token for upload postprocessing expires`|86400| |`OC_EVENTS_ENDPOINT`
`STORAGE_USERS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`STORAGE_USERS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`STORAGE_USERS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`STORAGE_USERS_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`STORAGE_USERS_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`STORAGE_USERS_EVENTS_NUM_CONSUMERS`| 1.0.0 |int|`The amount of concurrent event consumers to start. Event consumers are used for post-processing files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands. The setting has no effect when the OC_ASYNC_UPLOADS is set to false. The default and minimum value is 1.`|0| diff --git a/static/env-vars/storage-users_readme.md b/static/env-vars/storage-users_readme.md index 25af3718..8a494239 100644 --- a/static/env-vars/storage-users_readme.md +++ b/static/env-vars/storage-users_readme.md @@ -1,6 +1,6 @@ --- title: Storage-Users -date: 2025-11-11T09:16:41.113215473+01:00 +date: 2026-01-13T10:10:18.224352113+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/storage-users diff --git a/static/env-vars/thumbnails-config-example.yaml b/static/env-vars/thumbnails-config-example.yaml index 2acda547..e75d306a 100644 --- a/static/env-vars/thumbnails-config-example.yaml +++ b/static/env-vars/thumbnails-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: thumbnails-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9189 token: "" diff --git a/static/env-vars/thumbnails_configvars.md b/static/env-vars/thumbnails_configvars.md index 58d0537e..d4793cd2 100644 --- a/static/env-vars/thumbnails_configvars.md +++ b/static/env-vars/thumbnails_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **thumbnails** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`THUMBNAILS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`THUMBNAILS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`THUMBNAILS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`THUMBNAILS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`THUMBNAILS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`THUMBNAILS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`THUMBNAILS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`THUMBNAILS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`THUMBNAILS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`THUMBNAILS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9189| |`THUMBNAILS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`THUMBNAILS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/thumbnails_readme.md b/static/env-vars/thumbnails_readme.md index e92e328a..22be933f 100644 --- a/static/env-vars/thumbnails_readme.md +++ b/static/env-vars/thumbnails_readme.md @@ -1,6 +1,6 @@ --- title: Thumbnails -date: 2025-11-11T09:16:41.113342853+01:00 +date: 2026-01-13T10:10:18.224534597+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/thumbnails diff --git a/static/env-vars/userlog-config-example.yaml b/static/env-vars/userlog-config-example.yaml index 03c248aa..f01761b5 100644 --- a/static/env-vars/userlog-config-example.yaml +++ b/static/env-vars/userlog-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: userlog-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9214 token: "" diff --git a/static/env-vars/userlog_configvars.md b/static/env-vars/userlog_configvars.md index fbd7f474..06e91815 100644 --- a/static/env-vars/userlog_configvars.md +++ b/static/env-vars/userlog_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **userlog** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`USERLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`USERLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`USERLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`USERLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`USERLOG_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`USERLOG_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9214| |`USERLOG_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`USERLOG_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -29,7 +22,7 @@ Environment variables for the **userlog** service |`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|| |`OC_EVENTS_ENDPOINT`
`USERLOG_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|127.0.0.1:9233| |`OC_EVENTS_CLUSTER`
`USERLOG_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|opencloud-cluster| -|`OC_INSECURE`
`USERLOG_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| +|`OC_INSECURE`
`OC_EVENTS_TLS_INSECURE`
`USERLOG_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|false| |`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE`
`USERLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE`| 1.0.0 |string|`The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.`|| |`OC_EVENTS_ENABLE_TLS`
`USERLOG_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|false| |`OC_EVENTS_AUTH_USERNAME`
`USERLOG_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|| diff --git a/static/env-vars/userlog_readme.md b/static/env-vars/userlog_readme.md index 24cef877..388eaf2c 100644 --- a/static/env-vars/userlog_readme.md +++ b/static/env-vars/userlog_readme.md @@ -1,6 +1,6 @@ --- title: Userlog -date: 2025-11-11T09:16:41.11344777+01:00 +date: 2026-01-13T10:10:18.224744271+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/userlog @@ -67,7 +67,7 @@ For the time being, the configuration which user related events are of interest ## Retrieving -The `userlog` service provides an API to retrieve configured events. For now, this API is mostly following the [oc10 notification GET API](https://docs.opencloud.eu/server/next/developer_manual/core/apis/ocs-notification-endpoint-v1.html#get-user-notifications). +The `userlog` service provides an API to retrieve configured events. For now, this API is mostly following the [oc10 notification GET API](https://doc.owncloud.com/server/next/developer_manual/core/apis/ocs-notification-endpoint-v1.html#get-user-notifications). ## Posting diff --git a/static/env-vars/users-config-example.yaml b/static/env-vars/users-config-example.yaml index a40f5cb4..0e2ee577 100644 --- a/static/env-vars/users-config-example.yaml +++ b/static/env-vars/users-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: users-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9145 token: "" diff --git a/static/env-vars/users_configvars.md b/static/env-vars/users_configvars.md index 1beb0411..bf658a0d 100644 --- a/static/env-vars/users_configvars.md +++ b/static/env-vars/users_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **users** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`USERS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`USERS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`USERS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`USERS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`USERS_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`USERS_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9145| |`USERS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`USERS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -41,7 +34,7 @@ Environment variables for the **users** service |`OC_LDAP_USER_SCHEMA_USER_TYPE`
`USERS_LDAP_USER_TYPE_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'.`|openCloudUserType| |`OC_LDAP_DISABLED_USERS_GROUP_DN`
`USERS_LDAP_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|cn=DisabledUsersGroup,ou=groups,o=libregraph-idm| |`OC_LDAP_USER_SCHEMA_ID`
`USERS_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|openclouduuid| -|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`USERS_LDAP_USER_SCHEMA_TENANT_ID`| next |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|| +|`OC_LDAP_USER_SCHEMA_TENANT_ID`
`USERS_LDAP_USER_SCHEMA_TENANT_ID`| 4.0.0 |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|| |`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
`USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's.`|false| |`OC_LDAP_USER_SCHEMA_MAIL`
`USERS_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|mail| |`OC_LDAP_USER_SCHEMA_DISPLAYNAME`
`USERS_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|displayname| diff --git a/static/env-vars/users_readme.md b/static/env-vars/users_readme.md index 6d2eb34f..642bb6e6 100644 --- a/static/env-vars/users_readme.md +++ b/static/env-vars/users_readme.md @@ -1,6 +1,6 @@ --- title: Users -date: 2025-11-27T22:56:02.335114+01:00 +date: 2026-01-13T10:10:18.225027223+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/users diff --git a/static/env-vars/web-config-example.yaml b/static/env-vars/web-config-example.yaml index 68dc9972..b2a76b3c 100644 --- a/static/env-vars/web-config-example.yaml +++ b/static/env-vars/web-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: web-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9104 token: "" diff --git a/static/env-vars/web_configvars.md b/static/env-vars/web_configvars.md index f599c2d8..9701f9b3 100644 --- a/static/env-vars/web_configvars.md +++ b/static/env-vars/web_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **web** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`WEB_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`WEB_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`WEB_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`WEB_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`WEB_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`WEB_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`WEB_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`WEB_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`WEB_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`WEB_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9104| |`WEB_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`WEB_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -54,6 +47,6 @@ Environment variables for the **web** service |`WEB_OPTION_CONCURRENT_REQUESTS_SSE`| 1.0.0 |int|`Defines the maximum number of concurrent requests in SSE event handlers. Defaults to 4.`|0| |`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_CREATE`| 1.0.0 |int|`Defines the maximum number of concurrent requests per sharing invite batch. Defaults to 4.`|0| |`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_LIST`| 1.0.0 |int|`Defines the maximum number of concurrent requests when loading individual share information inside listings. Defaults to 2.`|0| -|`WEB_OPTION_DEFAULT_APP_ID`| next |string|`Defines the entrypoint for the web ui.`|| +|`WEB_OPTION_DEFAULT_APP_ID`| 4.0.0 |string|`Defines the entrypoint for the web ui.`|| |`OC_JWT_SECRET`
`WEB_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|| |`WEB_GATEWAY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|eu.opencloud.api.gateway| diff --git a/static/env-vars/web_readme.md b/static/env-vars/web_readme.md index b331d6a2..59a2f1e5 100644 --- a/static/env-vars/web_readme.md +++ b/static/env-vars/web_readme.md @@ -1,6 +1,6 @@ --- title: Web -date: 2025-11-11T09:16:41.113549492+01:00 +date: 2026-01-13T10:10:18.225186453+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/web @@ -38,7 +38,7 @@ The web service also provides a minimal API for branding functionality like chan If you want to use your custom compiled web client assets instead of the embedded ones, then you can do that by setting the `WEB_ASSET_CORE_PATH` variable to point to your compiled files. -See [OpenCloud Web / Getting Started](https://docs.opencloud.eu/clients/web/getting-started/) and [OpenCloud Web / Setup with OpenCloud](https://docs.opencloud.eu/clients/web/backend-opencloud/) for more details. +See [OpenCloud Web / Getting Started](https://docs.opencloud.eu/clients/web/getting-started/) for more details. ## Web UI Configuration @@ -61,7 +61,7 @@ with a [json based](https://github.com/opencloud-eu/web/tree/master/config) file Web can be consumed by another application in a stripped down version called “Embed mode”. This mode is supposed to be used in the context of selecting or sharing resources. -For more details see the developer documentation [OpenCloud Web / Embed Mode](https://docs.opencloud.eu/clients/web/embed-mode/). +For more details see the developer documentation [OpenCloud Web / Embed Mode](https://docs.opencloud.eu/docs/dev/web/embed-mode). See the environment variables: `WEB_OPTION_MODE` and `WEB_OPTION_EMBED_TARGET` to configure the embedded mode. ## Web Apps diff --git a/static/env-vars/webdav-config-example.yaml b/static/env-vars/webdav-config-example.yaml index 14900fa7..617db385 100644 --- a/static/env-vars/webdav-config-example.yaml +++ b/static/env-vars/webdav-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: webdav-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9119 token: "" @@ -47,5 +38,3 @@ disablePreviews: false opencloud_public_url: https://localhost:9200 webdav_namespace: /users/{{.Id.OpaqueId}} reva_gateway: eu.opencloud.api.gateway -reva_gateway_tls_mode: "" -reva_gateway_tls_cacert: "" diff --git a/static/env-vars/webdav_configvars.md b/static/env-vars/webdav_configvars.md index 8229d0ec..07eeb721 100644 --- a/static/env-vars/webdav_configvars.md +++ b/static/env-vars/webdav_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **webdav** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`WEBDAV_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`WEBDAV_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`WEBDAV_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`WEBDAV_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`WEBDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`WEBDAV_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`WEBDAV_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`WEBDAV_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`WEBDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`WEBDAV_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9119| |`WEBDAV_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`WEBDAV_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| @@ -27,5 +20,3 @@ Environment variables for the **webdav** service |`OC_URL`
`OC_PUBLIC_URL`| 1.0.0 |string|`URL, where OpenCloud is reachable for users.`|https://localhost:9200| |`WEBDAV_WEBDAV_NAMESPACE`| 1.0.0 |string|`CS3 path layout to use when forwarding /webdav requests`|/users/{{.Id.OpaqueId}}| |`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|eu.opencloud.api.gateway| -|`OC_REVA_GATEWAY_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|| -|`OC_REVA_GATEWAY_TLS_CACERT`| 1.0.0 |string|`The root CA certificate used to validate the gateway's TLS certificate.`|| diff --git a/static/env-vars/webdav_readme.md b/static/env-vars/webdav_readme.md index fcb55075..ad790032 100644 --- a/static/env-vars/webdav_readme.md +++ b/static/env-vars/webdav_readme.md @@ -1,6 +1,6 @@ --- title: Webdav -date: 2025-11-11T09:16:41.113666081+01:00 +date: 2026-01-13T10:10:18.225422417+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/webdav @@ -13,7 +13,7 @@ geekdocCollapseSection: true ## Abstract -The webdav service, like the [ocdav](../ocdav) service, provides a HTTP API following the webdav protocol. It receives HTTP calls from requestors like clients and issues gRPC calls to other services executing these requests. After the called service has finished the request, the webdav service will render their responses in `xml` and sends them back to the requestor. +The webdav service, like the [frontend](../frontend) service, provides a HTTP API following the webdav protocol. It receives HTTP calls from requestors like clients and issues gRPC calls to other services executing these requests. After the called service has finished the request, the webdav service will render their responses in `xml` and sends them back to the requestor. ## Table of Contents diff --git a/static/env-vars/webfinger-config-example.yaml b/static/env-vars/webfinger-config-example.yaml index 4c59864a..d8ccde0a 100644 --- a/static/env-vars/webfinger-config-example.yaml +++ b/static/env-vars/webfinger-config-example.yaml @@ -1,16 +1,7 @@ # Autogenerated # Filename: webfinger-config-example.yaml -tracing: - enabled: false - type: "" - endpoint: "" - collector: "" -log: - level: "" - pretty: false - color: false - file: "" +loglevel: error debug: addr: 127.0.0.1:9279 token: "" diff --git a/static/env-vars/webfinger_configvars.md b/static/env-vars/webfinger_configvars.md index 80cb2a83..862a9399 100644 --- a/static/env-vars/webfinger_configvars.md +++ b/static/env-vars/webfinger_configvars.md @@ -2,14 +2,7 @@ Environment variables for the **webfinger** service | Name | Introduction Version | Type | Description | Default Value | |---|---|---|---|---| -|`OC_TRACING_ENABLED`
`WEBFINGER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|false| -|`OC_TRACING_TYPE`
`WEBFINGER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|| -|`OC_TRACING_ENDPOINT`
`WEBFINGER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|| -|`OC_TRACING_COLLECTOR`
`WEBFINGER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|| -|`OC_LOG_LEVEL`
`WEBFINGER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|| -|`OC_LOG_PRETTY`
`WEBFINGER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|false| -|`OC_LOG_COLOR`
`WEBFINGER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|false| -|`OC_LOG_FILE`
`WEBFINGER_LOG_FILE`| 1.0.0 |string|`The path to the log file. Activates logging to this file if set.`|| +|`OC_LOG_LEVEL`
`WEBFINGER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|error| |`WEBFINGER_DEBUG_ADDR`| 1.0.0 |string|`Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.`|127.0.0.1:9279| |`WEBFINGER_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|| |`WEBFINGER_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|false| diff --git a/static/env-vars/webfinger_readme.md b/static/env-vars/webfinger_readme.md index 23f283c3..64f4cf2f 100644 --- a/static/env-vars/webfinger_readme.md +++ b/static/env-vars/webfinger_readme.md @@ -1,6 +1,6 @@ --- title: Webfinger -date: 2025-11-11T09:16:41.113754818+01:00 +date: 2026-01-13T10:10:18.225639285+01:00 weight: 20 geekdocRepo: https://github.com/opencloud-eu/opencloud geekdocEditPath: edit/master/services/webfinger