X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a999ea55a6fdfabeca12c8d8db24214698ae2908..8daccc2ab3f2178745d12bc54ec9a8d06d88864a:/lib/config/config.default.yml?ds=sidebyside

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index c644de3741..d00c7d9ade 100644
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -158,6 +158,13 @@ Clusters:
         dbname: ""
         SAMPLE: ""
     API:
+      # Limits for how long a client token created by regular users can be valid,
+      # and also is used as a default expiration policy when no expiration date is
+      # specified.
+      # Default value zero means token expirations don't get clamped and no
+      # default expiration is set.
+      MaxTokenLifetime: 0s
+
       # Maximum size (in bytes) allowed for a single API request.  This
       # limit is published in the discovery document for use by clients.
       # Note: You must separately configure the upstream web server or
@@ -426,7 +433,7 @@ Clusters:
       #
       # BalancePeriod determines the interval between start times of
       # successive scan/balance operations. If a scan/balance operation
-      # takes longer than RunPeriod, the next one will follow it
+      # takes longer than BalancePeriod, the next one will follow it
       # immediately.
       #
       # If SIGUSR1 is received during an idle period between operations,
@@ -523,21 +530,30 @@ Clusters:
       TrustAllContent: false
 
       # Cache parameters for WebDAV content serving:
-      # * TTL: Maximum time to cache manifests and permission checks.
-      # * UUIDTTL: Maximum time to cache collection state.
-      # * MaxBlockEntries: Maximum number of block cache entries.
-      # * MaxCollectionEntries: Maximum number of collection cache entries.
-      # * MaxCollectionBytes: Approximate memory limit for collection cache.
-      # * MaxPermissionEntries: Maximum number of permission cache entries.
-      # * MaxUUIDEntries: Maximum number of UUID cache entries.
       WebDAVCache:
+        # Time to cache manifests, permission checks, and sessions.
         TTL: 300s
+
+        # Time to cache collection state.
         UUIDTTL: 5s
-        MaxBlockEntries:      4
+
+        # Block cache entries. Each block consumes up to 64 MiB RAM.
+        MaxBlockEntries: 20
+
+        # Collection cache entries.
         MaxCollectionEntries: 1000
-        MaxCollectionBytes:   100000000
+
+        # Approximate memory limit (in bytes) for collection cache.
+        MaxCollectionBytes: 100000000
+
+        # Permission cache entries.
         MaxPermissionEntries: 1000
-        MaxUUIDEntries:       1000
+
+        # UUID cache entries.
+        MaxUUIDEntries: 1000
+
+        # Persistent sessions.
+        MaxSessions: 100
 
     Login:
       # One of the following mechanisms (SSO, Google, PAM, LDAP, or
@@ -555,9 +571,6 @@ Clusters:
         # ID > Web application) and add your controller's /login URL
         # (e.g., "https://zzzzz.example.com/login") as an authorized
         # redirect URL.
-        #
-        # Incompatible with ForceLegacyAPI14. ProviderAppID must be
-        # blank.
         ClientID: ""
         ClientSecret: ""
 
@@ -620,6 +633,17 @@ Clusters:
         AuthenticationRequestParameters:
           SAMPLE: ""
 
+        # Accept an OIDC access token as an API token if it is a JWT
+        # whose "scope" value includes this scope. To accept any
+        # access token (even if it's not a JWT), use "*". To disable
+        # this feature, use the empty string "".
+        #
+        # If an incoming token's scope is satisfactory, Arvados
+        # verifies the token is valid by presenting it at the OIDC
+        # provider's UserInfo endpoint. (Signature and expiry are not
+        # checked separately.) Valid tokens are cached for 10 minutes.
+        AcceptAccessTokenScope: ""
+
       PAM:
         # (Experimental) Use PAM to authenticate users.
         Enable: false
@@ -1176,13 +1200,13 @@ Clusters:
         StorageClasses:
           default: true
           SAMPLE: true
-        Driver: s3
+        Driver: S3
         DriverParameters:
           # for s3 driver -- see
           # https://doc.arvados.org/install/configure-s3-object-storage.html
           IAMRole: aaaaa
-          AccessKey: aaaaa
-          SecretKey: aaaaa
+          AccessKeyID: aaaaa
+          SecretAccessKey: aaaaa
           Endpoint: ""
           Region: us-east-1a
           Bucket: aaaaa
@@ -1416,15 +1440,11 @@ Clusters:
         <img src="/arvados-logo-big.png" style="width: 20%; float: right; padding: 1em;" />
         <h2>Please log in.</h2>
 
-        <p>The "Log in" button below will show you a sign-in
-        page. After you log in, you will be redirected back to
-        Arvados Workbench.</p>
-
         <p>If you have never used Arvados Workbench before, logging in
         for the first time will automatically create a new
         account.</p>
 
-        <i>Arvados Workbench uses your name and email address only for
+        <i>Arvados Workbench uses your information only for
         identification, and does not retrieve any other personal
         information.</i>
 
@@ -1465,13 +1485,6 @@ Clusters:
       # this blank.
       SSHHelpHostSuffix: ""
 
-    # Bypass new (Arvados 1.5) API implementations, and hand off
-    # requests directly to Rails instead. This can provide a temporary
-    # workaround for clients that are incompatible with the new API
-    # implementation. Note that it also disables some new federation
-    # features and will be removed in a future release.
-    ForceLegacyAPI14: false
-
 # (Experimental) Restart services automatically when config file
 # changes are detected. Only supported by `arvados-server boot` in
 # dev/test mode.