X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/4dc8c5e74ba2386715a1f31a319077bc34f3b330..HEAD:/lib/config/export.go diff --git a/lib/config/export.go b/lib/config/export.go index 069e300c5b..3c1e6bc008 100644 --- a/lib/config/export.go +++ b/lib/config/export.go @@ -37,8 +37,8 @@ func ExportJSON(w io.Writer, cluster *arvados.Cluster) error { return json.NewEncoder(w).Encode(m) } -// whitelist classifies configs as safe/unsafe to reveal to -// unauthenticated clients. +// whitelist classifies configs as safe/unsafe to reveal through the API +// endpoint. Note that endpoint does not require authentication. // // Every config entry must either be listed explicitly here along with // all of its parent keys (e.g., "API" + "API.RequestTimeout"), or @@ -59,99 +59,106 @@ func ExportJSON(w io.Writer, cluster *arvados.Cluster) error { // exists. var whitelist = map[string]bool{ // | sort -t'"' -k2,2 - "API": true, - "API.AsyncPermissionsUpdateInterval": false, - "API.DisabledAPIs": false, - "API.FreezeProjectRequiresDescription": true, - "API.FreezeProjectRequiresProperties": true, - "API.FreezeProjectRequiresProperties.*": true, - "API.KeepServiceRequestTimeout": false, - "API.MaxConcurrentRequests": false, - "API.MaxIndexDatabaseRead": false, - "API.MaxItemsPerResponse": true, - "API.MaxKeepBlobBuffers": false, - "API.MaxRequestAmplification": false, - "API.MaxRequestSize": true, - "API.MaxTokenLifetime": false, - "API.RequestTimeout": true, - "API.SendTimeout": true, - "API.UnfreezeProjectRequiresAdmin": true, - "API.VocabularyPath": false, - "API.WebsocketClientEventQueue": false, - "API.WebsocketServerEventQueue": false, - "AuditLogs": false, - "AuditLogs.MaxAge": false, - "AuditLogs.MaxDeleteBatch": false, - "AuditLogs.UnloggedAttributes": false, - "ClusterID": true, - "Collections": true, - "Collections.BalanceCollectionBatch": false, - "Collections.BalanceCollectionBuffers": false, - "Collections.BalancePeriod": false, - "Collections.BalanceTimeout": false, - "Collections.BalanceUpdateLimit": false, - "Collections.BlobDeleteConcurrency": false, - "Collections.BlobMissingReport": false, - "Collections.BlobReplicateConcurrency": false, - "Collections.BlobSigning": true, - "Collections.BlobSigningKey": false, - "Collections.BlobSigningTTL": true, - "Collections.BlobTrash": false, - "Collections.BlobTrashCheckInterval": false, - "Collections.BlobTrashConcurrency": false, - "Collections.BlobTrashLifetime": false, - "Collections.CollectionVersioning": true, - "Collections.DefaultReplication": true, - "Collections.DefaultTrashLifetime": true, - "Collections.ForwardSlashNameSubstitution": true, - "Collections.KeepproxyPermission": false, - "Collections.ManagedProperties": true, - "Collections.ManagedProperties.*": true, - "Collections.ManagedProperties.*.*": true, - "Collections.PreserveVersionIfIdle": true, - "Collections.S3FolderObjects": true, - "Collections.TrashSweepInterval": false, - "Collections.TrustAllContent": true, - "Collections.WebDAVCache": false, - "Collections.WebDAVLogEvents": false, - "Collections.WebDAVPermission": false, - "Containers": true, - "Containers.AlwaysUsePreemptibleInstances": true, - "Containers.CloudVMs": false, - "Containers.CrunchRunArgumentsList": false, - "Containers.CrunchRunCommand": false, - "Containers.DefaultKeepCacheRAM": true, - "Containers.DispatchPrivateKey": false, - "Containers.JobsAPI": true, - "Containers.JobsAPI.Enable": true, - "Containers.JobsAPI.GitInternalDir": false, - "Containers.LocalKeepBlobBuffersPerVCPU": false, - "Containers.LocalKeepLogsToContainerLog": false, - "Containers.Logging": false, - "Containers.LogReuseDecisions": false, - "Containers.LSF": false, - "Containers.MaxComputeVMs": false, - "Containers.MaxDispatchAttempts": false, - "Containers.MaxRetryAttempts": true, - "Containers.MinRetryPeriod": true, - "Containers.PreemptiblePriceFactor": false, - "Containers.ReserveExtraRAM": true, - "Containers.RuntimeEngine": true, - "Containers.ShellAccess": true, - "Containers.ShellAccess.Admin": true, - "Containers.ShellAccess.User": true, - "Containers.SLURM": false, - "Containers.StaleLockTimeout": false, - "Containers.SupportedDockerImageFormats": true, - "Containers.SupportedDockerImageFormats.*": true, - "Git": false, - "InstanceTypes": true, - "InstanceTypes.*": true, - "InstanceTypes.*.*": true, - "InstanceTypes.*.*.*": true, - "Login": true, - "Login.Google": true, - "Login.Google.AlternateEmailAddresses": false, + "API": true, + "API.AsyncPermissionsUpdateInterval": false, + "API.DisabledAPIs": false, + "API.FreezeProjectRequiresDescription": true, + "API.FreezeProjectRequiresProperties": true, + "API.FreezeProjectRequiresProperties.*": true, + "API.KeepServiceRequestTimeout": false, + "API.LockBeforeUpdate": false, + "API.LogCreateRequestFraction": false, + "API.MaxConcurrentRailsRequests": false, + "API.MaxConcurrentRequests": false, + "API.MaxGatewayTunnels": false, + "API.MaxIndexDatabaseRead": false, + "API.MaxItemsPerResponse": true, + "API.MaxKeepBlobBuffers": false, + "API.MaxQueuedRequests": false, + "API.MaxQueueTimeForLockRequests": false, + "API.MaxRequestAmplification": false, + "API.MaxRequestSize": true, + "API.MaxTokenLifetime": false, + "API.RequestTimeout": true, + "API.SendTimeout": true, + "API.UnfreezeProjectRequiresAdmin": true, + "API.VocabularyPath": false, + "API.WebsocketClientEventQueue": false, + "API.WebsocketServerEventQueue": false, + "AuditLogs": false, + "AuditLogs.MaxAge": false, + "AuditLogs.MaxDeleteBatch": false, + "AuditLogs.UnloggedAttributes": false, + "ClusterID": true, + "Collections": true, + "Collections.BalanceCollectionBatch": false, + "Collections.BalanceCollectionBuffers": false, + "Collections.BalancePeriod": false, + "Collections.BalancePullLimit": false, + "Collections.BalanceTimeout": false, + "Collections.BalanceTrashLimit": false, + "Collections.BalanceUpdateLimit": false, + "Collections.BlobDeleteConcurrency": false, + "Collections.BlobMissingReport": false, + "Collections.BlobReplicateConcurrency": false, + "Collections.BlobSigning": true, + "Collections.BlobSigningKey": false, + "Collections.BlobSigningTTL": true, + "Collections.BlobTrash": false, + "Collections.BlobTrashCheckInterval": false, + "Collections.BlobTrashConcurrency": false, + "Collections.BlobTrashLifetime": false, + "Collections.CollectionVersioning": true, + "Collections.DefaultReplication": true, + "Collections.DefaultTrashLifetime": true, + "Collections.ForwardSlashNameSubstitution": true, + "Collections.KeepproxyPermission": false, + "Collections.ManagedProperties": true, + "Collections.ManagedProperties.*": true, + "Collections.ManagedProperties.*.*": true, + "Collections.PreserveVersionIfIdle": true, + "Collections.S3FolderObjects": true, + "Collections.TrashSweepInterval": false, + "Collections.TrustAllContent": true, + "Collections.WebDAVCache": false, + "Collections.WebDAVLogEvents": false, + "Collections.WebDAVOutputBuffer": false, + "Collections.WebDAVPermission": false, + "Containers": true, + "Containers.AlwaysUsePreemptibleInstances": true, + "Containers.CloudVMs": false, + "Containers.CrunchRunArgumentsList": false, + "Containers.CrunchRunCommand": false, + "Containers.DefaultKeepCacheRAM": true, + "Containers.DispatchPrivateKey": false, + "Containers.JobsAPI": true, + "Containers.JobsAPI.Enable": true, + "Containers.LocalKeepBlobBuffersPerVCPU": false, + "Containers.LocalKeepLogsToContainerLog": false, + "Containers.Logging": false, + "Containers.LogReuseDecisions": false, + "Containers.LSF": false, + "Containers.MaxDispatchAttempts": false, + "Containers.MaximumPriceFactor": true, + "Containers.MaxRetryAttempts": true, + "Containers.MinRetryPeriod": true, + "Containers.PreemptiblePriceFactor": false, + "Containers.ReserveExtraRAM": true, + "Containers.RuntimeEngine": true, + "Containers.ShellAccess": true, + "Containers.ShellAccess.Admin": true, + "Containers.ShellAccess.User": true, + "Containers.SLURM": false, + "Containers.StaleLockTimeout": false, + "Containers.SupportedDockerImageFormats": true, + "Containers.SupportedDockerImageFormats.*": true, + "InstanceTypes": true, + "InstanceTypes.*": true, + "InstanceTypes.*.*": true, + "InstanceTypes.*.*.*": true, + "Login": true, + "Login.Google": true, + "Login.Google.AlternateEmailAddresses": false, "Login.Google.AuthenticationRequestParameters": false, "Login.Google.ClientID": false, "Login.Google.ClientSecret": false, @@ -162,6 +169,7 @@ var whitelist = map[string]bool{ "Login.LDAP.EmailAttribute": false, "Login.LDAP.Enable": true, "Login.LDAP.InsecureTLS": false, + "Login.LDAP.MinTLSVersion": false, "Login.LDAP.SearchAttribute": false, "Login.LDAP.SearchBase": false, "Login.LDAP.SearchBindPassword": false, @@ -233,7 +241,6 @@ var whitelist = map[string]bool{ "Users.AutoAdminFirstUser": false, "Users.AutoAdminUserWithEmail": false, "Users.AutoSetupNewUsers": false, - "Users.AutoSetupNewUsersWithRepository": false, "Users.AutoSetupNewUsersWithVmUUID": false, "Users.AutoSetupUsernameBlacklist": false, "Users.CanCreateRoleGroups": true, @@ -243,6 +250,12 @@ var whitelist = map[string]bool{ "Users.NewUsersAreActive": false, "Users.PreferDomainForUsername": false, "Users.RoleGroupsVisibleToAll": false, + "Users.SyncIgnoredGroups": true, + "Users.SyncRequiredGroups": true, + "Users.SyncUserAccounts": true, + "Users.SyncUserAPITokens": true, + "Users.SyncUserGroups": true, + "Users.SyncUserSSHKeys": true, "Users.UserNotifierEmailBcc": false, "Users.UserNotifierEmailFrom": false, "Users.UserProfileNotificationAddress": false, @@ -266,7 +279,7 @@ var whitelist = map[string]bool{ "Workbench.ApplicationMimetypesWithViewIcon.*": true, "Workbench.ArvadosDocsite": true, "Workbench.ArvadosPublicDataDocURL": true, - "Workbench.BannerURL": true, + "Workbench.BannerUUID": true, "Workbench.DefaultOpenIdPrefix": false, "Workbench.DisableSharingURLsUI": true, "Workbench.EnableGettingStartedPopup": true, @@ -280,7 +293,6 @@ var whitelist = map[string]bool{ "Workbench.Repositories": false, "Workbench.RepositoryCache": false, "Workbench.RunningJobLogRecordsToFetch": true, - "Workbench.SecretKeyBase": false, "Workbench.ShowRecentCollectionsOnDashboard": true, "Workbench.ShowUserAgreementInline": true, "Workbench.ShowUserNotifications": true,