From 3bda9ca04f38ad201b92eace1452247f154dd80c Mon Sep 17 00:00:00 2001 From: kobergj Date: Tue, 21 Feb 2023 13:12:14 +0000 Subject: [PATCH] commit e631b74032a9bd6910601ac1c32744fa2891408c Merge: 1dab0f7a5 c9dfb778a Author: kobergj Date: Tue Feb 21 14:08:01 2023 +0100 Merge pull request #5600 from kobergj/EventHistory Eventhistory Service --- .../adoc/eventhistory_configvars.adoc | 260 ++++++++++++++++++ .../adoc/eventhistory_deprecation.adoc | 2 + .../_includes/adoc/global_configvars.adoc | 51 ++-- .../eventhistory-config-example.yaml | 35 +++ services/_includes/eventhistory_configvars.md | 29 ++ 5 files changed, 357 insertions(+), 20 deletions(-) create mode 100644 services/_includes/adoc/eventhistory_configvars.adoc create mode 100644 services/_includes/adoc/eventhistory_deprecation.adoc create mode 100644 services/_includes/eventhistory-config-example.yaml create mode 100644 services/_includes/eventhistory_configvars.md diff --git a/services/_includes/adoc/eventhistory_configvars.adoc b/services/_includes/adoc/eventhistory_configvars.adoc new file mode 100644 index 00000000000..1eedbfc2593 --- /dev/null +++ b/services/_includes/adoc/eventhistory_configvars.adoc @@ -0,0 +1,260 @@ +// set the attribute to true or leave empty, true without any quotes. + +:show-deprecation: false + +ifeval::[{show-deprecation} == true] + +[[deprecation-note]] +[caption=] +.Deprecation notes for the eventhistory service +[width="100%",cols="~,~,~,~",options="header"] +|=== +| Deprecation Info +| Deprecation Version +| Removal Version +| Deprecation Replacment +|=== + +endif::[] + +[caption=] +.Environment variables for the eventhistory service +[width="100%",cols="~,~,~,~",options="header"] +|=== +| Name +| Type +| Default Value +| Description + +a|`OCIS_LOG_LEVEL` + +`EVENTHISTORY_LOG_LEVEL` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace". + +a|`OCIS_LOG_PRETTY` + +`EVENTHISTORY_LOG_PRETTY` + + +a| [subs=-attributes] +++bool ++ +a| [subs=-attributes] +++false ++ +a| [subs=-attributes] +Activates pretty log output. + +a|`OCIS_LOG_COLOR` + +`EVENTHISTORY_LOG_COLOR` + + +a| [subs=-attributes] +++bool ++ +a| [subs=-attributes] +++false ++ +a| [subs=-attributes] +Activates colorized log output. + +a|`OCIS_LOG_FILE` + +`EVENTHISTORY_LOG_FILE` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +The path to the log file. Activates logging to this file if set. + +a|`EVENTHISTORY_DEBUG_ADDR` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. + +a|`EVENTHISTORY_DEBUG_TOKEN` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +Token to secure the metrics endpoint. + +a|`EVENTHISTORY_DEBUG_PPROF` + + +a| [subs=-attributes] +++bool ++ +a| [subs=-attributes] +++false ++ +a| [subs=-attributes] +Enables pprof, which can be used for profiling. + +a|`EVENTHISTORY_DEBUG_ZPAGES` + + +a| [subs=-attributes] +++bool ++ +a| [subs=-attributes] +++false ++ +a| [subs=-attributes] +Enables zpages, which can be used for collecting and viewing in-memory traces. + +a|`EVENTHISTORY_GRPC_ADDR` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++127.0.0.1:0 ++ +a| [subs=-attributes] +The bind address of the GRPC service. + +a|`OCIS_GRPC_TLS_ENABLED` + + +a| [subs=-attributes] +++bool ++ +a| [subs=-attributes] +++false ++ +a| [subs=-attributes] +Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure. + +a|`OCIS_GRPC_TLS_CERTIFICATE` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +Path/File name of the TLS server certificate (in PEM format) for the grpc services. + +a|`OCIS_GRPC_TLS_KEY` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services. + +a|`OCIS_GRPC_CLIENT_TLS_MODE` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification. + +a|`OCIS_GRPC_CLIENT_TLS_CACERT` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. + +a|`EVENTHISTORY_EVENTS_ENDPOINT` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++127.0.0.1:9233 ++ +a| [subs=-attributes] +The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. + +a|`EVENTHISTORY_EVENTS_CLUSTER` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ocis-cluster ++ +a| [subs=-attributes] +The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system. + +a|`OCIS_INSECURE` + +`EVENTHISTORY_EVENTS_TLS_INSECURE` + + +a| [subs=-attributes] +++bool ++ +a| [subs=-attributes] +++false ++ +a| [subs=-attributes] +Whether to verify the server TLS certificates. + +a|`EVENTHISTORY_EVENTS_TLS_ROOT_CA_CERTIFICATE` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false. + +a|`OCIS_EVENTS_ENABLE_TLS` + +`EVENTHISTORY_EVENTS_ENABLE_TLS` + + +a| [subs=-attributes] +++bool ++ +a| [subs=-attributes] +++false ++ +a| [subs=-attributes] +Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services.. + +a|`EVENTHISTORY_STORE_TYPE` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++mem ++ +a| [subs=-attributes] +The type of the eventhistory store. Supported values are: 'mem', 'ocmem', 'etcd', 'redis', 'nats-js', 'noop'. See the text description for details. + +a|`EVENTHISTORY_STORE_ADDRESSES` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +A comma separated list of addresses to access the configured store. This has no effect when 'in-memory' stores are configured. Note that the behaviour how addresses are used is dependent on the library of the configured store. + +a|`EVENTHISTORY_STORE_DATABASE` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +(optional) The database name the configured store should use. This has no effect when 'in-memory' stores are configured. + +a|`EVENTHISTORY_STORE_TABLE` + + +a| [subs=-attributes] +++string ++ +a| [subs=-attributes] +++ ++ +a| [subs=-attributes] +(optional) The database table the store should use. This has no effect when 'in-memory' stores are configured. + +a|`EVENTHISTORY_RECORD_EXPIRY` + + +a| [subs=-attributes] +++Duration ++ +a| [subs=-attributes] +++336h0m0s ++ +a| [subs=-attributes] +Time to life for events in the store. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '336h' (2 weeks). + +a|`EVENTHISTORY_STORE_SIZE` + + +a| [subs=-attributes] +++int ++ +a| [subs=-attributes] +++0 ++ +a| [subs=-attributes] +The maximum quantity of items in the store. Only applies when store type 'ocmem' is configured. Defaults to 512. +|=== + diff --git a/services/_includes/adoc/eventhistory_deprecation.adoc b/services/_includes/adoc/eventhistory_deprecation.adoc new file mode 100644 index 00000000000..4b3cef689ac --- /dev/null +++ b/services/_includes/adoc/eventhistory_deprecation.adoc @@ -0,0 +1,2 @@ +:show-deprecation: false + diff --git a/services/_includes/adoc/global_configvars.adoc b/services/_includes/adoc/global_configvars.adoc index c17dffb0597..f177e35c093 100644 --- a/services/_includes/adoc/global_configvars.adoc +++ b/services/_includes/adoc/global_configvars.adoc @@ -41,7 +41,7 @@ a| [subs=-attributes] ++string ++ a| [subs=-attributes] -++uid=idp,ou=sysusers,o=libregraph-idm ++ +++uid=libregraph,ou=sysusers,o=libregraph-idm ++ a| [subs=-attributes] LDAP DN to use for simple bind authentication with the target LDAP server. @@ -80,7 +80,7 @@ a| [subs=-attributes] ++~/.ocis/idm/ldap.crt ++ a| [subs=-attributes] -Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/idp. +Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/idm. a| `LDAP_GROUP_BASE_DN` @@ -282,7 +282,7 @@ a| [subs=-attributes] ++ldaps://localhost:9235 ++ a| [subs=-attributes] -Url of the LDAP service to use as IDP. +URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://' a| `LDAP_USER_BASE_DN` @@ -336,7 +336,7 @@ a| [subs=-attributes] ++inetOrgPerson ++ a| [subs=-attributes] -LDAP User ObjectClass like 'inetOrgPerson'. +The object class to use for users in the default user search filter ('inetOrgPerson'). a| `LDAP_USER_SCHEMA_DISPLAYNAME` @@ -367,10 +367,10 @@ a| [subs=-attributes] ++string ++ a| [subs=-attributes] -++uid ++ +++owncloudUUID ++ a| [subs=-attributes] -LDAP User uuid attribute like 'uid'. +LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID. a| `LDAP_USER_SCHEMA_ID_IS_OCTETSTRING` @@ -404,7 +404,7 @@ a| [subs=-attributes] ++mail ++ a| [subs=-attributes] -LDAP User email attribute like 'mail'. +LDAP Attribute to use for the email address of users. a| `LDAP_USER_SCHEMA_USERNAME` @@ -419,10 +419,10 @@ a| [subs=-attributes] ++string ++ a| [subs=-attributes] -++displayName ++ +++uid ++ a| [subs=-attributes] -LDAP User name attribute like 'displayName'. +LDAP Attribute to use for username of users. a| `LDAP_USER_SCOPE` @@ -456,7 +456,7 @@ a| [subs=-attributes] ++ ++ a| [subs=-attributes] -ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. +ID of the user who collects all necessary information for deletion. a| `OCIS_CACHE_STORE_ADDRESS` @@ -467,13 +467,13 @@ a| [subs=attributes+] * xref:{s-path}/storage-users.adoc[storage-users] + a| [subs=-attributes] -++[]string ++ +++string ++ a| [subs=-attributes] -++[] ++ +++ ++ a| [subs=-attributes] -Node addresses to use for the cache store. +A comma-separated list of addresses to connect to. Only valid if the above setting is set to "etcd" a| `OCIS_CACHE_STORE_SIZE` @@ -502,10 +502,10 @@ a| [subs=-attributes] ++string ++ a| [subs=-attributes] -++memory ++ +++ ++ a| [subs=-attributes] -Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd". +The type of the cache store. Valid options are "noop", "ocmem", "etcd" and "memory" a| `OCIS_CORS_ALLOW_CREDENTIALS` @@ -538,7 +538,7 @@ a| [subs=-attributes] ++[]string ++ a| [subs=-attributes] -++[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override] ++ +++[Authorization Origin Content-Type Accept X-Requested-With] ++ a| [subs=-attributes] A comma-separated list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. @@ -556,7 +556,7 @@ a| [subs=-attributes] ++[]string ++ a| [subs=-attributes] -++[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH] ++ +++[GET POST PUT PATCH DELETE OPTIONS] ++ a| [subs=-attributes] A comma-separated list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method @@ -583,6 +583,7 @@ a| `OCIS_EVENTS_ENABLE_TLS` a| [subs=attributes+] * xref:{s-path}/audit.adoc[audit] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/graph.adoc[graph] + * xref:{s-path}/nats.adoc[nats] + * xref:{s-path}/notifications.adoc[notifications] + @@ -608,6 +609,7 @@ a| [subs=attributes+] * xref:{s-path}/auth-basic.adoc[auth-basic] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + * xref:{s-path}/auth-machine.adoc[auth-machine] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/frontend.adoc[frontend] + * xref:{s-path}/gateway.adoc[gateway] + * xref:{s-path}/graph.adoc[graph] + @@ -648,6 +650,7 @@ a| [subs=attributes+] * xref:{s-path}/auth-basic.adoc[auth-basic] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + * xref:{s-path}/auth-machine.adoc[auth-machine] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/frontend.adoc[frontend] + * xref:{s-path}/gateway.adoc[gateway] + * xref:{s-path}/graph.adoc[graph] + @@ -688,6 +691,7 @@ a| [subs=attributes+] * xref:{s-path}/auth-basic.adoc[auth-basic] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + * xref:{s-path}/auth-machine.adoc[auth-machine] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/gateway.adoc[gateway] + * xref:{s-path}/groups.adoc[groups] + * xref:{s-path}/search.adoc[search] + @@ -718,6 +722,7 @@ a| [subs=attributes+] * xref:{s-path}/auth-basic.adoc[auth-basic] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + * xref:{s-path}/auth-machine.adoc[auth-machine] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/gateway.adoc[gateway] + * xref:{s-path}/groups.adoc[groups] + * xref:{s-path}/search.adoc[search] + @@ -748,6 +753,7 @@ a| [subs=attributes+] * xref:{s-path}/auth-basic.adoc[auth-basic] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + * xref:{s-path}/auth-machine.adoc[auth-machine] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/gateway.adoc[gateway] + * xref:{s-path}/groups.adoc[groups] + * xref:{s-path}/search.adoc[search] + @@ -835,6 +841,7 @@ a| `OCIS_INSECURE` a| [subs=attributes+] * xref:{s-path}/audit.adoc[audit] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/frontend.adoc[frontend] + * xref:{s-path}/frontend.adoc[frontend] + * xref:{s-path}/graph.adoc[graph] + @@ -901,6 +908,7 @@ a| [subs=attributes+] * xref:{s-path}/auth-basic.adoc[auth-basic] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + * xref:{s-path}/auth-machine.adoc[auth-machine] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/frontend.adoc[frontend] + * xref:{s-path}/gateway.adoc[gateway] + * xref:{s-path}/graph.adoc[graph] + @@ -945,6 +953,7 @@ a| [subs=attributes+] * xref:{s-path}/auth-basic.adoc[auth-basic] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + * xref:{s-path}/auth-machine.adoc[auth-machine] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/frontend.adoc[frontend] + * xref:{s-path}/gateway.adoc[gateway] + * xref:{s-path}/graph.adoc[graph] + @@ -989,6 +998,7 @@ a| [subs=attributes+] * xref:{s-path}/auth-basic.adoc[auth-basic] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + * xref:{s-path}/auth-machine.adoc[auth-machine] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/frontend.adoc[frontend] + * xref:{s-path}/gateway.adoc[gateway] + * xref:{s-path}/graph.adoc[graph] + @@ -1033,6 +1043,7 @@ a| [subs=attributes+] * xref:{s-path}/auth-basic.adoc[auth-basic] + * xref:{s-path}/auth-bearer.adoc[auth-bearer] + * xref:{s-path}/auth-machine.adoc[auth-machine] + +* xref:{s-path}/eventhistory.adoc[eventhistory] + * xref:{s-path}/frontend.adoc[frontend] + * xref:{s-path}/gateway.adoc[gateway] + * xref:{s-path}/graph.adoc[graph] + @@ -1086,7 +1097,7 @@ a| [subs=-attributes] ++ ++ a| [subs=-attributes] -The machine auth API key used to validate internal requests necessary to access resources from other services. +Machine auth API key used to validate internal requests necessary for the access to resources from other services. a| `OCIS_OIDC_ISSUER` @@ -1107,7 +1118,7 @@ a| [subs=-attributes] ++https://localhost:9200 ++ a| [subs=-attributes] -The OIDC issuer URL to use. +URL of the OIDC issuer. It defaults to URL of the builtin IDP. a| `OCIS_SYSTEM_USER_API_KEY` @@ -1404,7 +1415,7 @@ a| [subs=-attributes] ++ ++ a| [subs=-attributes] -Transfer secret for signing file up- and download requests. +The storage transfer secret. a| `STORAGE_USERS_OCIS_ASYNC_UPLOADS` diff --git a/services/_includes/eventhistory-config-example.yaml b/services/_includes/eventhistory-config-example.yaml new file mode 100644 index 00000000000..c7319fb096b --- /dev/null +++ b/services/_includes/eventhistory-config-example.yaml @@ -0,0 +1,35 @@ +# Autogenerated +# Filename: eventhistory-config-example.yaml + +log: + level: "" + pretty: false + color: false + file: "" +debug: + addr: "" + token: "" + pprof: false + zpages: false +grpc: + addr: 127.0.0.1:0 + tls: + enabled: false + cert: "" + key: "" +grpc_client_tls: + mode: "" + cacert: "" +events: + endpoint: 127.0.0.1:9233 + cluster: ocis-cluster + tls_insecure: false + tls_root_ca_certificate: "" + enable_tls: false +store: + type: mem + addresses: "" + database: "" + table: "" + record_expiry: 336h0m0s + size: 0 diff --git a/services/_includes/eventhistory_configvars.md b/services/_includes/eventhistory_configvars.md new file mode 100644 index 00000000000..98425b2b8bc --- /dev/null +++ b/services/_includes/eventhistory_configvars.md @@ -0,0 +1,29 @@ +## Environment Variables + +| Name | Type | Default Value | Description | +|------|------|---------------|-------------| +| OCIS_LOG_LEVEL
EVENTHISTORY_LOG_LEVEL | string | | The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".| +| OCIS_LOG_PRETTY
EVENTHISTORY_LOG_PRETTY | bool | false | Activates pretty log output.| +| OCIS_LOG_COLOR
EVENTHISTORY_LOG_COLOR | bool | false | Activates colorized log output.| +| OCIS_LOG_FILE
EVENTHISTORY_LOG_FILE | string | | The path to the log file. Activates logging to this file if set.| +| EVENTHISTORY_DEBUG_ADDR | string | | Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.| +| EVENTHISTORY_DEBUG_TOKEN | string | | Token to secure the metrics endpoint.| +| EVENTHISTORY_DEBUG_PPROF | bool | false | Enables pprof, which can be used for profiling.| +| EVENTHISTORY_DEBUG_ZPAGES | bool | false | Enables zpages, which can be used for collecting and viewing in-memory traces.| +| EVENTHISTORY_GRPC_ADDR | string | 127.0.0.1:0 | The bind address of the GRPC service.| +| OCIS_GRPC_TLS_ENABLED | bool | false | Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure.| +| OCIS_GRPC_TLS_CERTIFICATE | string | | Path/File name of the TLS server certificate (in PEM format) for the grpc services.| +| OCIS_GRPC_TLS_KEY | string | | Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services.| +| OCIS_GRPC_CLIENT_TLS_MODE | string | | TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.| +| OCIS_GRPC_CLIENT_TLS_CACERT | string | | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.| +| EVENTHISTORY_EVENTS_ENDPOINT | string | 127.0.0.1:9233 | The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.| +| EVENTHISTORY_EVENTS_CLUSTER | string | ocis-cluster | The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.| +| OCIS_INSECURE
EVENTHISTORY_EVENTS_TLS_INSECURE | bool | false | Whether to verify the server TLS certificates.| +| EVENTHISTORY_EVENTS_TLS_ROOT_CA_CERTIFICATE | string | | The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.| +| OCIS_EVENTS_ENABLE_TLS
EVENTHISTORY_EVENTS_ENABLE_TLS | bool | false | Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..| +| EVENTHISTORY_STORE_TYPE | string | mem | The type of the eventhistory store. Supported values are: 'mem', 'ocmem', 'etcd', 'redis', 'nats-js', 'noop'. See the text description for details.| +| EVENTHISTORY_STORE_ADDRESSES | string | | A comma separated list of addresses to access the configured store. This has no effect when 'in-memory' stores are configured. Note that the behaviour how addresses are used is dependent on the library of the configured store.| +| EVENTHISTORY_STORE_DATABASE | string | | (optional) The database name the configured store should use. This has no effect when 'in-memory' stores are configured.| +| EVENTHISTORY_STORE_TABLE | string | | (optional) The database table the store should use. This has no effect when 'in-memory' stores are configured.| +| EVENTHISTORY_RECORD_EXPIRY | Duration | 336h0m0s | Time to life for events in the store. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '336h' (2 weeks).| +| EVENTHISTORY_STORE_SIZE | int | 0 | The maximum quantity of items in the store. Only applies when store type 'ocmem' is configured. Defaults to 512.| \ No newline at end of file