20663: Clarify comment about what "safe" config means

[arvados.git] / lib / config / export.go

diff --git a/lib/config/export.go b/lib/config/export.go
index 4e903a8b3d39398b80faf08199b77d9f146165b6..31ccc994b910764c6e98c416b81fe23dca4bfc07 100644 (file)
--- a/lib/config/export.go
+++ b/lib/config/export.go
@@ -37,8 +37,8 @@ func ExportJSON(w io.Writer, cluster *arvados.Cluster) error {
        return json.NewEncoder(w).Encode(m)
 }
 
-// whitelist classifies configs as safe/unsafe to reveal to
-// unauthenticated clients.
+// whitelist classifies configs as safe/unsafe to reveal through the API
+// endpoint. Note that endpoint does not require authentication.
 //
 // Every config entry must either be listed explicitly here along with
 // all of its parent keys (e.g., "API" + "API.RequestTimeout"), or
@@ -62,16 +62,24 @@ var whitelist = map[string]bool{
        "API":                                      true,
        "API.AsyncPermissionsUpdateInterval":       false,
        "API.DisabledAPIs":                         false,
+       "API.FreezeProjectRequiresDescription":     true,
+       "API.FreezeProjectRequiresProperties":      true,
+       "API.FreezeProjectRequiresProperties.*":    true,
        "API.KeepServiceRequestTimeout":            false,
+       "API.LockBeforeUpdate":                     false,
+       "API.LogCreateRequestFraction":             false,
        "API.MaxConcurrentRequests":                false,
        "API.MaxIndexDatabaseRead":                 false,
        "API.MaxItemsPerResponse":                  true,
        "API.MaxKeepBlobBuffers":                   false,
+       "API.MaxQueuedRequests":                    false,
+       "API.MaxQueueTimeForLockRequests":          false,
        "API.MaxRequestAmplification":              false,
        "API.MaxRequestSize":                       true,
        "API.MaxTokenLifetime":                     false,
        "API.RequestTimeout":                       true,
        "API.SendTimeout":                          true,
+       "API.UnfreezeProjectRequiresAdmin":         true,
        "API.VocabularyPath":                       false,
        "API.WebsocketClientEventQueue":            false,
        "API.WebsocketServerEventQueue":            false,
@@ -126,10 +134,10 @@ var whitelist = map[string]bool{
        "Containers.Logging":                       false,
        "Containers.LogReuseDecisions":             false,
        "Containers.LSF":                           false,
-       "Containers.MaxComputeVMs":                 false,
        "Containers.MaxDispatchAttempts":           false,
        "Containers.MaxRetryAttempts":              true,
        "Containers.MinRetryPeriod":                true,
+       "Containers.PreemptiblePriceFactor":        false,
        "Containers.ReserveExtraRAM":               true,
        "Containers.RuntimeEngine":                 true,
        "Containers.ShellAccess":                   true,
@@ -157,6 +165,7 @@ var whitelist = map[string]bool{
        "Login.LDAP.EmailAttribute":                           false,
        "Login.LDAP.Enable":                                   true,
        "Login.LDAP.InsecureTLS":                              false,
+       "Login.LDAP.MinTLSVersion":                            false,
        "Login.LDAP.SearchAttribute":                          false,
        "Login.LDAP.SearchBase":                               false,
        "Login.LDAP.SearchBindPassword":                       false,
@@ -188,6 +197,7 @@ var whitelist = map[string]bool{
        "Login.Test.Users":                                    false,
        "Login.TokenLifetime":                                 false,
        "Login.TrustedClients":                                false,
+       "Login.TrustPrivateNetworks":                          false,
        "Mail":                                                true,
        "Mail.EmailFrom":                                      false,
        "Mail.IssueReporterEmailFrom":                         false,
@@ -216,8 +226,12 @@ var whitelist = map[string]bool{
        "SystemLogs":                                          false,
        "SystemRootToken":                                     false,
        "TLS":                                                 false,
+       "TLS.Certificate":                                     false,
+       "TLS.Insecure":                                        true,
+       "TLS.Key":                                             false,
        "Users":                                               true,
        "Users.ActivatedUsersAreVisibleToOthers":              false,
+       "Users.ActivityLoggingPeriod":                         false,
        "Users.AdminNotifierEmailFrom":                        false,
        "Users.AnonymousUserToken":                            true,
        "Users.AutoAdminFirstUser":                            false,
@@ -226,6 +240,7 @@ var whitelist = map[string]bool{
        "Users.AutoSetupNewUsersWithRepository":               false,
        "Users.AutoSetupNewUsersWithVmUUID":                   false,
        "Users.AutoSetupUsernameBlacklist":                    false,
+       "Users.CanCreateRoleGroups":                           true,
        "Users.EmailSubjectPrefix":                            false,
        "Users.NewInactiveUserNotificationRecipients":         false,
        "Users.NewUserNotificationRecipients":                 false,
@@ -255,7 +270,9 @@ var whitelist = map[string]bool{
        "Workbench.ApplicationMimetypesWithViewIcon.*":        true,
        "Workbench.ArvadosDocsite":                            true,
        "Workbench.ArvadosPublicDataDocURL":                   true,
+       "Workbench.BannerUUID":                                true,
        "Workbench.DefaultOpenIdPrefix":                       false,
+       "Workbench.DisableSharingURLsUI":                      true,
        "Workbench.EnableGettingStartedPopup":                 true,
        "Workbench.EnablePublicProjectsPage":                  true,
        "Workbench.FileViewersConfigURL":                      true,