17170: Merge branch 'master'

[arvados.git] / lib / config / generated_config.go

diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index 934131bd8fd90e0085de2532e7f86e43f0709563..df4b02862210ce8a574cb3e5bbb05314e5cce386 100644 (file)
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -220,11 +220,6 @@ Clusters:
       # serving a single incoming multi-cluster (federated) request.
       MaxRequestAmplification: 4
 
-      # RailsSessionSecretToken is a string of alphanumeric characters
-      # used by Rails to sign session tokens. IMPORTANT: This is a
-      # site secret. It should be at least 50 characters.
-      RailsSessionSecretToken: ""
-
       # Maximum wall clock time to spend handling an incoming request.
       RequestTimeout: 5m
 
@@ -266,9 +261,6 @@ Clusters:
 
       # The e-mail address of the user you would like to become marked as an admin
       # user on their first login.
-      # In the default configuration, authentication happens through the Arvados SSO
-      # server, which uses OAuth2 against Google's servers, so in that case this
-      # should be an address associated with a Google account.
       AutoAdminUserWithEmail: ""
 
       # If AutoAdminFirstUser is set to true, the first user to log in when no
@@ -284,9 +276,10 @@ Clusters:
       NewUserNotificationRecipients: {}
       NewInactiveUserNotificationRecipients: {}
 
-      # Set AnonymousUserToken to enable anonymous user access. You can get
-      # the token by running "bundle exec ./script/get_anonymous_user_token.rb"
-      # in the directory where your API server is running.
+      # Set AnonymousUserToken to enable anonymous user access. Populate this
+      # field with a long random string. Then run "bundle exec
+      # ./script/get_anonymous_user_token.rb" in the directory where your API
+      # server is running to record the token in the database.
       AnonymousUserToken: ""
 
       # If a new user has an alternate email address (local@domain)
@@ -881,6 +874,26 @@ Clusters:
         # period.
         LogUpdateSize: 32MiB
 
+      ShellAccess:
+        # An admin user can use "arvados-client shell" to start an
+        # interactive shell (with any user ID) in any running
+        # container.
+        Admin: false
+
+        # Any user can use "arvados-client shell" to start an
+        # interactive shell (with any user ID) in any running
+        # container that they started, provided it isn't also
+        # associated with a different user's container request.
+        #
+        # Interactive sessions make it easy to alter the container's
+        # runtime environment in ways that aren't recorded or
+        # reproducible. Consider the implications for automatic
+        # container reuse before enabling and using this feature. In
+        # particular, note that starting an interactive session does
+        # not disqualify a container from being reused by a different
+        # user/workflow in the future.
+        User: false
+
       SLURM:
         PrioritySpread: 0
         SbatchArgumentsList: []
@@ -1053,7 +1066,7 @@ Clusters:
         # Cloud-specific driver parameters.
         DriverParameters:
 
-          # (ec2) Credentials.
+          # (ec2) Credentials. Omit or leave blank if using IAM role.
           AccessKeyID: ""
           SecretAccessKey: ""