X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/988181fdaf1485bea89445c1621f8344256ec707..94a62edb315ec297a02fb6c9a2016bcaa17fac9b:/services/api/config/arvados_config.rb?ds=inline diff --git a/services/api/config/arvados_config.rb b/services/api/config/arvados_config.rb index f63f8af033..5327713f69 100644 --- a/services/api/config/arvados_config.rb +++ b/services/api/config/arvados_config.rb @@ -16,6 +16,7 @@ # config:migrate to /etc/arvados/config.yml, you will be able to # delete application.yml and database.yml. +require "cgi" require 'config_loader' require 'open3' @@ -92,7 +93,6 @@ arvcfg.declare_config "API.MaxRequestSize", Integer, :max_request_size arvcfg.declare_config "API.MaxIndexDatabaseRead", Integer, :max_index_database_read arvcfg.declare_config "API.MaxItemsPerResponse", Integer, :max_items_per_response arvcfg.declare_config "API.AsyncPermissionsUpdateInterval", ActiveSupport::Duration, :async_permissions_update_interval -arvcfg.declare_config "API.RailsSessionSecretToken", NonemptyString, :secret_token arvcfg.declare_config "Users.AutoSetupNewUsers", Boolean, :auto_setup_new_users arvcfg.declare_config "Users.AutoSetupNewUsersWithVmUUID", String, :auto_setup_new_users_with_vm_uuid arvcfg.declare_config "Users.AutoSetupNewUsersWithRepository", Boolean, :auto_setup_new_users_with_repository @@ -109,7 +109,9 @@ arvcfg.declare_config "Users.NewInactiveUserNotificationRecipients", Hash, :new_ arvcfg.declare_config "Login.SSO.ProviderAppSecret", String, :sso_app_secret arvcfg.declare_config "Login.SSO.ProviderAppID", String, :sso_app_id arvcfg.declare_config "Login.LoginCluster", String +arvcfg.declare_config "Login.TrustedClients", Hash arvcfg.declare_config "Login.RemoteTokenRefresh", ActiveSupport::Duration +arvcfg.declare_config "Login.TokenLifetime", ActiveSupport::Duration arvcfg.declare_config "TLS.Insecure", Boolean, :sso_insecure arvcfg.declare_config "Services.SSO.ExternalURL", String, :sso_provider_url arvcfg.declare_config "AuditLogs.MaxAge", ActiveSupport::Duration, :max_audit_log_age @@ -277,14 +279,16 @@ end # For config migration, we've previously populated the PostgreSQL # section of the config from database.yml # -ENV["DATABASE_URL"] = "postgresql://#{$arvados_config["PostgreSQL"]["Connection"]["user"]}:"+ - "#{$arvados_config["PostgreSQL"]["Connection"]["password"]}@"+ - "#{dbhost}/#{$arvados_config["PostgreSQL"]["Connection"]["dbname"]}?"+ +database_url = "postgresql://#{CGI.escape $arvados_config["PostgreSQL"]["Connection"]["user"]}:"+ + "#{CGI.escape $arvados_config["PostgreSQL"]["Connection"]["password"]}@"+ + "#{dbhost}/#{CGI.escape $arvados_config["PostgreSQL"]["Connection"]["dbname"]}?"+ "template=#{$arvados_config["PostgreSQL"]["Connection"]["template"]}&"+ "encoding=#{$arvados_config["PostgreSQL"]["Connection"]["client_encoding"]}&"+ "collation=#{$arvados_config["PostgreSQL"]["Connection"]["collation"]}&"+ "pool=#{$arvados_config["PostgreSQL"]["ConnectionPool"]}" +ENV["DATABASE_URL"] = database_url + Server::Application.configure do # Copy into the Rails config object. This also turns Hash into # OrderedOptions so that application code can use @@ -292,5 +296,9 @@ Server::Application.configure do # Rails.configuration.API["Blah"] ConfigLoader.copy_into_config $arvados_config, config ConfigLoader.copy_into_config $remaining_config, config - secrets.secret_key_base = $arvados_config["API"]["RailsSessionSecretToken"] + + # We don't rely on cookies for authentication, so instead of + # requiring a signing key in config, we assign a new random one at + # startup. + secrets.secret_key_base = rand(1<<255).to_s(36) end