X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/9c03bedaa6aa6a64b42dc61efcd6d46154fe6732..767b749993089167120a533e43dc4b4e318bccde:/services/api/config/arvados_config.rb diff --git a/services/api/config/arvados_config.rb b/services/api/config/arvados_config.rb index 035a3972f8..72c11649d8 100644 --- a/services/api/config/arvados_config.rb +++ b/services/api/config/arvados_config.rb @@ -46,14 +46,15 @@ end # Load the defaults, used by config:migrate and fallback loading # legacy application.yml -Open3.popen2("arvados-server", "config-dump", "-config=-", "-skip-legacy") do |stdin, stdout, status_thread| - stdin.write("Clusters: {xxxxx: {}}") - stdin.close - confs = YAML.load(stdout, deserialize_symbols: false) - clusterID, clusterConfig = confs["Clusters"].first - $arvados_config_defaults = clusterConfig - $arvados_config_defaults["ClusterID"] = clusterID +defaultYAML, stderr, status = Open3.capture3("arvados-server", "config-dump", "-config=-", "-skip-legacy", stdin_data: "Clusters: {xxxxx: {}}") +if !status.success? + puts stderr + raise "error loading config: #{status}" end +confs = YAML.load(defaultYAML, deserialize_symbols: false) +clusterID, clusterConfig = confs["Clusters"].first +$arvados_config_defaults = clusterConfig +$arvados_config_defaults["ClusterID"] = clusterID # Load the global config file Open3.popen2("arvados-server", "config-dump", "-skip-legacy") do |stdin, stdout, status_thread| @@ -92,8 +93,8 @@ arvcfg.declare_config "API.DisabledAPIs", Hash, :disable_api_methods, ->(cfg, k, arvcfg.declare_config "API.MaxRequestSize", Integer, :max_request_size arvcfg.declare_config "API.MaxIndexDatabaseRead", Integer, :max_index_database_read arvcfg.declare_config "API.MaxItemsPerResponse", Integer, :max_items_per_response +arvcfg.declare_config "API.MaxTokenLifetime", ActiveSupport::Duration arvcfg.declare_config "API.AsyncPermissionsUpdateInterval", ActiveSupport::Duration, :async_permissions_update_interval -arvcfg.declare_config "API.RailsSessionSecretToken", NonemptyString, :secret_token arvcfg.declare_config "Users.AutoSetupNewUsers", Boolean, :auto_setup_new_users arvcfg.declare_config "Users.AutoSetupNewUsersWithVmUUID", String, :auto_setup_new_users_with_vm_uuid arvcfg.declare_config "Users.AutoSetupNewUsersWithRepository", Boolean, :auto_setup_new_users_with_repository @@ -110,7 +111,9 @@ arvcfg.declare_config "Users.NewInactiveUserNotificationRecipients", Hash, :new_ arvcfg.declare_config "Login.SSO.ProviderAppSecret", String, :sso_app_secret arvcfg.declare_config "Login.SSO.ProviderAppID", String, :sso_app_id arvcfg.declare_config "Login.LoginCluster", String +arvcfg.declare_config "Login.TrustedClients", Hash arvcfg.declare_config "Login.RemoteTokenRefresh", ActiveSupport::Duration +arvcfg.declare_config "Login.TokenLifetime", ActiveSupport::Duration arvcfg.declare_config "TLS.Insecure", Boolean, :sso_insecure arvcfg.declare_config "Services.SSO.ExternalURL", String, :sso_provider_url arvcfg.declare_config "AuditLogs.MaxAge", ActiveSupport::Duration, :max_audit_log_age @@ -295,5 +298,9 @@ Server::Application.configure do # Rails.configuration.API["Blah"] ConfigLoader.copy_into_config $arvados_config, config ConfigLoader.copy_into_config $remaining_config, config - secrets.secret_key_base = $arvados_config["API"]["RailsSessionSecretToken"] + + # We don't rely on cookies for authentication, so instead of + # requiring a signing key in config, we assign a new random one at + # startup. + secrets.secret_key_base = rand(1<<255).to_s(36) end