Merge pull request #5952 from owncloud/update_invitations_readme

Fix invitations README.md
owncloud · Mar 29, 2023 · 9469e33 · 9469e33
1 parent db5e004
commit 9469e33
Show file tree

Hide file tree

Showing 27 changed files with 108 additions and 80 deletions.
diff --git a/services/_includes/adoc/global_configvars.adoc b/services/_includes/adoc/global_configvars.adoc
@@ -26,7 +26,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Flag to enable or disable the creation of the demo users.
+The default role assignments the demo users should be setup.
 
 a| `LDAP_BIND_DN`
 
@@ -41,7 +41,7 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++uid=libregraph,ou=sysusers,o=libregraph-idm ++
+++uid=idp,ou=sysusers,o=libregraph-idm ++
 
 a| [subs=-attributes]
 LDAP DN to use for simple bind authentication with the target LDAP server.
@@ -80,7 +80,7 @@ a| [subs=-attributes]
 ++~/.ocis/idm/ldap.crt ++
 
 a| [subs=-attributes]
-Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/idm.
+Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/idp.
 
 a| `LDAP_DISABLED_USERS_GROUP_DN`
 
@@ -109,10 +109,10 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++attribute ++
+++none ++
 
 a| [subs=-attributes]
-An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. Default is 'attribute'.
+An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed.
 
 a| `LDAP_GROUP_BASE_DN`
 
@@ -210,10 +210,10 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++owncloudUUID ++
+++ownclouduuid ++
 
 a| [subs=-attributes]
-LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.
+LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID).
 
 a| `LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`
 
@@ -229,7 +229,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID's.
+Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group IDs.
 
 a| `LDAP_GROUP_SCHEMA_MAIL`
 
@@ -278,7 +278,7 @@ a| [subs=-attributes]
 ++sub ++
 
 a| [subs=-attributes]
-LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.
+LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'.
 
 a| `LDAP_INSECURE`
 
@@ -314,7 +314,7 @@ a| [subs=-attributes]
 ++ldaps://localhost:9235 ++
 
 a| [subs=-attributes]
-URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'
+Url of the LDAP service to use as IDP.
 
 a| `LDAP_USER_BASE_DN`
 
@@ -385,7 +385,7 @@ a| [subs=-attributes]
 ++inetOrgPerson ++
 
 a| [subs=-attributes]
-The object class to use for users in the default user search filter ('inetOrgPerson').
+LDAP User ObjectClass like 'inetOrgPerson'.
 
 a| `LDAP_USER_SCHEMA_DISPLAYNAME`
 
@@ -416,10 +416,10 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++owncloudUUID ++
+++uid ++
 
 a| [subs=-attributes]
-LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.
+LDAP User uuid attribute like 'uid'.
 
 a| `LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`
 
@@ -435,7 +435,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Set this to true if the defined 'id' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user id's.
+Set this to true if the defined 'id' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs.
 
 a| `LDAP_USER_SCHEMA_MAIL`
 
@@ -453,7 +453,7 @@ a| [subs=-attributes]
 ++mail ++
 
 a| [subs=-attributes]
-LDAP Attribute to use for the email address of users.
+LDAP User email attribute like 'mail'.
 
 a| `LDAP_USER_SCHEMA_USERNAME`
 
@@ -468,10 +468,10 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++uid ++
+++displayName ++
 
 a| [subs=-attributes]
-LDAP Attribute to use for username of users.
+LDAP User name attribute like 'displayName'.
 
 a| `LDAP_USER_SCHEMA_USER_TYPE`
 
@@ -483,7 +483,7 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++ownCloudUserType ++
+++ ++
 
 a| [subs=-attributes]
 LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'ownCloudUserType'.
@@ -539,7 +539,7 @@ a| [subs=-attributes]
 ++memory ++
 
 a| [subs=-attributes]
-The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
+Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd".
 
 a| `OCIS_CACHE_STORE_ADDRESS`
 
@@ -571,7 +571,7 @@ a| [subs=-attributes]
 ++[] ++
 
 a| [subs=-attributes]
-A comma-separated list of nodes to connect to. This has no effect when 'in-memory' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
+A comma separated list of nodes to access the configured store. This has no effect when 'in-memory' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
 
 a| `OCIS_CACHE_STORE_NODES`
 
@@ -590,7 +590,7 @@ a| [subs=-attributes]
 ++[] ++
 
 a| [subs=-attributes]
-A comma-separated list of nodes to connect to. This has no effect when 'in-memory' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store.
+Nodes to use for the cache store.
 
 a| `OCIS_CACHE_STORE_SIZE`
 
@@ -606,7 +606,7 @@ a| [subs=-attributes]
 ++0 ++
 
 a| [subs=-attributes]
-The maximum quantity of items in the store. Only applies when store type 'ocmem' is configured. Defaults to 512.
+The maximum quantity of items in the user info cache. Only applies when store type 'ocmem' is configured. Defaults to 512.
 
 a| `OCIS_CACHE_STORE_TTL`
 
@@ -619,13 +619,13 @@ a| [subs=attributes+]
 * xref:{s-path}/proxy.adoc[proxy] +
 
 a| [subs=-attributes]
-++Duration ++
+++int ++
 
 a| [subs=-attributes]
-++336h0m0s ++
+++300 ++
 
 a| [subs=-attributes]
-Time to live for cache records in the graph. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '336h' (2 weeks).
+Max TTL in seconds for the gateway's stat cache.
 
 a| `OCIS_CACHE_STORE_TYPE`
 
@@ -643,7 +643,7 @@ a| [subs=-attributes]
 ++memory ++
 
 a| [subs=-attributes]
-The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details.
+Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd".
 
 a| `OCIS_CORS_ALLOW_CREDENTIALS`
 
@@ -700,7 +700,7 @@ a| [subs=-attributes]
 ++[]string ++
 
 a| [subs=-attributes]
-++[GET] ++
+++[GET POST PUT PATCH DELETE OPTIONS] ++
 
 a| [subs=-attributes]
 A comma-separated list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method
@@ -928,7 +928,7 @@ a| [subs=-attributes]
 ++false ++
 
 a| [subs=-attributes]
-Whether to verify the server TLS certificates.
+Allow insecure connections to the GATEWAY service.
 
 a| `OCIS_JWT_SECRET`
 
@@ -1203,7 +1203,7 @@ a| [subs=-attributes]
 ++https://localhost:9200 ++
 
 a| [subs=-attributes]
-The identity provider value to set in the group IDs of the CS3 group objects for groups returned by this group provider.
+The OIDC issuer URL to use.
 
 a| `OCIS_PERSISTENT_STORE`
 
@@ -1263,7 +1263,7 @@ a| [subs=-attributes]
 ++0 ++
 
 a| [subs=-attributes]
-Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.
+Set the global max quota value in bytes. A value of 0 equals unlimited. The value is provided via capabilities.
 
 a| `OCIS_SYSTEM_USER_API_KEY`
 
@@ -1301,7 +1301,7 @@ a| [subs=-attributes]
 ++ ++
 
 a| [subs=-attributes]
-ID of the oCIS storage-system system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
+ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
 
 a| `OCIS_SYSTEM_USER_IDP`
 
@@ -1511,10 +1511,10 @@ a| [subs=-attributes]
 ++string ++
 
 a| [subs=-attributes]
-++https://localhost:9200 ++
+++https://127.0.0.1:9200 ++
 
 a| [subs=-attributes]
-The public facing URL of WebDAV.
+URL, where oCIS is reachable for users.
 
 a| `REVA_GATEWAY`
 
@@ -1551,7 +1551,7 @@ a| [subs=-attributes]
 ++127.0.0.1:9142 ++
 
 a| [subs=-attributes]
-The CS3 gateway endpoint.
+CS3 gateway used to look up user metadata
 
 a| `STORAGE_TRANSFER_SECRET`
 

diff --git a/services/_includes/adoc/invitations_configvars.adoc b/services/_includes/adoc/invitations_configvars.adoc
@@ -232,7 +232,7 @@ a|`INVITATIONS_KEYCLOAK_BASE_PATH` +
 a| [subs=-attributes]
 ++string ++
 a| [subs=-attributes]
-++https://keycloak.example.org/ ++
+++ ++
 a| [subs=-attributes]
 The URL to access keycloak.
 
@@ -241,7 +241,7 @@ a|`INVITATIONS_KEYCLOAK_CLIENT_ID` +
 a| [subs=-attributes]
 ++string ++
 a| [subs=-attributes]
-++invitations-service ++
+++ ++
 a| [subs=-attributes]
 The client id to authenticate with keycloak.
 
@@ -250,7 +250,7 @@ a|`INVITATIONS_KEYCLOAK_CLIENT_SECRET` +
 a| [subs=-attributes]
 ++string ++
 a| [subs=-attributes]
-++fake-secret ++
+++ ++
 a| [subs=-attributes]
 The client secret to use in authentication.
 
@@ -259,7 +259,7 @@ a|`INVITATIONS_KEYCLOAK_CLIENT_REALM` +
 a| [subs=-attributes]
 ++string ++
 a| [subs=-attributes]
-++someRealm ++
+++ ++
 a| [subs=-attributes]
 The realm the client is defined in.
 
@@ -268,7 +268,7 @@ a|`INVITATIONS_KEYCLOAK_USER_REALM` +
 a| [subs=-attributes]
 ++string ++
 a| [subs=-attributes]
-++someRealm ++
+++ ++
 a| [subs=-attributes]
 The realm users are defined.
 

diff --git a/services/_includes/invitations-config-example.yaml b/services/_includes/invitations-config-example.yaml
@@ -30,11 +30,11 @@ http:
     cert: ""
     key: ""
 keycloak:
-  base_path: https://keycloak.example.org/
-  client_id: invitations-service
-  client_secret: fake-secret
-  client_realm: someRealm
-  user_realm: someRealm
+  base_path: ""
+  client_id: ""
+  client_secret: ""
+  client_realm: ""
+  user_realm: ""
   insecure_skip_verify: false
 token_manager:
   jwt_secret: ""
diff --git a/services/_includes/invitations_configvars.md b/services/_includes/invitations_configvars.md
@@ -23,10 +23,10 @@
 | OCIS_HTTP_TLS_ENABLED | bool | false | Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.|
 | OCIS_HTTP_TLS_CERTIFICATE | string |  | Path/File name of the TLS server certificate (in PEM format) for the http services.|
 | OCIS_HTTP_TLS_KEY | string |  | Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.|
-| INVITATIONS_KEYCLOAK_BASE_PATH | string | https://keycloak.example.org/ | The URL to access keycloak.|
-| INVITATIONS_KEYCLOAK_CLIENT_ID | string | invitations-service | The client id to authenticate with keycloak.|
-| INVITATIONS_KEYCLOAK_CLIENT_SECRET | string | fake-secret | The client secret to use in authentication.|
-| INVITATIONS_KEYCLOAK_CLIENT_REALM | string | someRealm | The realm the client is defined in.|
-| INVITATIONS_KEYCLOAK_USER_REALM | string | someRealm | The realm users are defined.|
+| INVITATIONS_KEYCLOAK_BASE_PATH | string |  | The URL to access keycloak.|
+| INVITATIONS_KEYCLOAK_CLIENT_ID | string |  | The client id to authenticate with keycloak.|
+| INVITATIONS_KEYCLOAK_CLIENT_SECRET | string |  | The client secret to use in authentication.|
+| INVITATIONS_KEYCLOAK_CLIENT_REALM | string |  | The realm the client is defined in.|
+| INVITATIONS_KEYCLOAK_USER_REALM | string |  | The realm users are defined.|
 | INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY | bool | false | Disable TLS certificate validation for Keycloak connections. Do not set this in production environments.|
 | OCIS_JWT_SECRET<br/>INVITATIONS_JWT_SECRET | string |  | The secret to mint and validate jwt tokens.|
diff --git a/services/antivirus/_index.md b/services/antivirus/_index.md
@@ -1,6 +1,6 @@
 ---
 title: Antivirus Service
-date: 2023-03-29T10:49:09.421219945Z
+date: 2023-03-29T11:45:37.680824843Z
 weight: 20
 geekdocRepo: https://github.com/owncloud/ocis
 geekdocEditPath: edit/master/docs/services/antivirus

diff --git a/services/audit/_index.md b/services/audit/_index.md
@@ -1,6 +1,6 @@
 ---
 title: Audit service
-date: 2023-03-29T10:49:09.4214612Z
+date: 2023-03-29T11:45:37.681022916Z
 weight: 20
 geekdocRepo: https://github.com/owncloud/ocis
 geekdocEditPath: edit/master/docs/services/audit

diff --git a/services/auth-basic/_index.md b/services/auth-basic/_index.md
@@ -1,6 +1,6 @@
 ---
 title: Auth-Basic Service
-date: 2023-03-29T10:49:09.421589482Z
+date: 2023-03-29T11:45:37.6811367Z
 weight: 20
 geekdocRepo: https://github.com/owncloud/ocis
 geekdocEditPath: edit/master/docs/services/auth-basic

diff --git a/services/auth-bearer/_index.md b/services/auth-bearer/_index.md
@@ -1,6 +1,6 @@
 ---
 title: Auth-Bearer Service
-date: 2023-03-29T10:49:09.421745705Z
+date: 2023-03-29T11:45:37.68124821Z
 weight: 20
 geekdocRepo: https://github.com/owncloud/ocis
 geekdocEditPath: edit/master/docs/services/auth-bearer

diff --git a/services/eventhistory/_index.md b/services/eventhistory/_index.md
@@ -1,6 +1,6 @@
 ---
 title: Eventhistory Service
-date: 2023-03-29T10:49:09.421887684Z
+date: 2023-03-29T11:45:37.681365672Z
 weight: 20
 geekdocRepo: https://github.com/owncloud/ocis
 geekdocEditPath: edit/master/docs/services/eventhistory

diff --git a/services/frontend/_index.md b/services/frontend/_index.md
@@ -1,6 +1,6 @@
 ---
 title: Frontend Service
-date: 2023-03-29T10:49:09.422033509Z
+date: 2023-03-29T11:45:37.681483573Z
 weight: 20
 geekdocRepo: https://github.com/owncloud/ocis
 geekdocEditPath: edit/master/docs/services/frontend