X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/80f26d7ffad85dc15a89bbf6f33a66e206832704..ed4d8462e763eb1d8c8f1548912495563cd9288f:/lib/config/config.default.yml
diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index ca627d07e8..655e973c2f 100644
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -433,7 +433,7 @@ Clusters:
#
# BalancePeriod determines the interval between start times of
# successive scan/balance operations. If a scan/balance operation
- # takes longer than RunPeriod, the next one will follow it
+ # takes longer than BalancePeriod, the next one will follow it
# immediately.
#
# If SIGUSR1 is received during an idle period between operations,
@@ -538,7 +538,7 @@ Clusters:
UUIDTTL: 5s
# Block cache entries. Each block consumes up to 64 MiB RAM.
- MaxBlockEntries: 4
+ MaxBlockEntries: 20
# Collection cache entries.
MaxCollectionEntries: 1000
@@ -633,6 +633,23 @@ Clusters:
AuthenticationRequestParameters:
SAMPLE: ""
+ # Accept an OIDC access token as an API token if the OIDC
+ # provider's UserInfo endpoint accepts it.
+ #
+ # AcceptAccessTokenScope should also be used when enabling
+ # this feature.
+ AcceptAccessToken: false
+
+ # Before accepting an OIDC access token as an API token, first
+ # check that it is a JWT whose "scope" value includes this
+ # value. Example: "https://zzzzz.example.com/" (your Arvados
+ # API endpoint).
+ #
+ # If this value is empty and AcceptAccessToken is true, all
+ # access tokens will be accepted regardless of scope,
+ # including non-JWT tokens. This is not recommended.
+ AcceptAccessTokenScope: ""
+
PAM:
# (Experimental) Use PAM to authenticate users.
Enable: false
@@ -754,8 +771,15 @@ Clusters:
# Default value zero means tokens don't have expiration.
TokenLifetime: 0s
+ # If true (default) tokens issued through login are allowed to create
+ # new tokens.
+ # If false, tokens issued through login are not allowed to
+ # viewing/creating other tokens. New tokens can only be created
+ # by going through login again.
+ IssueTrustedTokens: true
+
# When the token is returned to a client, the token itself may
- # be restricted from manipulating other tokens based on whether
+ # be restricted from viewing/creating other tokens based on whether
# the client is "trusted" or not. The local Workbench1 and
# Workbench2 are trusted by default, but if this is a
# LoginCluster, you probably want to include the other Workbench
@@ -1189,13 +1213,13 @@ Clusters:
StorageClasses:
default: true
SAMPLE: true
- Driver: s3
+ Driver: S3
DriverParameters:
# for s3 driver -- see
# https://doc.arvados.org/install/configure-s3-object-storage.html
IAMRole: aaaaa
- AccessKey: aaaaa
- SecretKey: aaaaa
+ AccessKeyID: aaaaa
+ SecretAccessKey: aaaaa
Endpoint: ""
Region: us-east-1a
Bucket: aaaaa
@@ -1429,15 +1453,11 @@ Clusters:
The "Log in" button below will show you a sign-in - page. After you log in, you will be redirected back to - Arvados Workbench.
-If you have never used Arvados Workbench before, logging in for the first time will automatically create a new account.
- Arvados Workbench uses your name and email address only for + Arvados Workbench uses your information only for identification, and does not retrieve any other personal information.