16736: Adds API.MaxTokenLifetime config knob.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 68e518732d6f85b8ef377a4f22ea1efebf16af46..2c0429edc518ba8b4f46d44e352f8014c280d3e3 100644 (file)
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -158,6 +158,13 @@ Clusters:
         dbname: ""
         SAMPLE: ""
     API:
+      # Limits for how long a client token created by regular users can be valid,
+      # and also is used as a default expiration policy when no expiration date is
+      # specified.
+      # Default value zero menans token expirations don't get clamped and no
+      # default expiration is set.
+      MaxTokenLifetime: 0s
+
       # Maximum size (in bytes) allowed for a single API request.  This
       # limit is published in the discovery document for use by clients.
       # Note: You must separately configure the upstream web server or

diff --git a/lib/config/export.go b/lib/config/export.go
index 3d0e27c7224f0c886643ef8be7f671ae8a1a2d74..b6531c59d87dd329a24d0b43f22dfd738f9208d5 100644 (file)
--- a/lib/config/export.go
+++ b/lib/config/export.go
@@ -69,6 +69,7 @@ var whitelist = map[string]bool{
        "API.MaxKeepBlobBuffers":                              false,
        "API.MaxRequestAmplification":                         false,
        "API.MaxRequestSize":                                  true,
+       "API.MaxTokenLifetime":                                false,
        "API.RequestTimeout":                                  true,
        "API.SendTimeout":                                     true,
        "API.WebsocketClientEventQueue":                       false,

diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index 8ef787771ebb9986f3b88f52ec69a6851d2eb8d2..6135e2a3c6b62057f8dbbdda7b07c9015d96cb90 100644 (file)
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -164,6 +164,13 @@ Clusters:
         dbname: ""
         SAMPLE: ""
     API:
+      # Limits for how long a client token created by regular users can be valid,
+      # and also is used as a default expiration policy when no expiration date is
+      # specified.
+      # Default value zero menans token expirations don't get clamped and no
+      # default expiration is set.
+      MaxTokenLifetime: 0s
+
       # Maximum size (in bytes) allowed for a single API request.  This
       # limit is published in the discovery document for use by clients.
       # Note: You must separately configure the upstream web server or

diff --git a/sdk/go/arvados/config.go b/sdk/go/arvados/config.go
index 4a56c930213abf389a782fd593622d776da9584f..4ccb1ef5da9bb1fbec003f0215511e0268e86d58 100644 (file)
--- a/sdk/go/arvados/config.go
+++ b/sdk/go/arvados/config.go
@@ -86,6 +86,7 @@ type Cluster struct {
                MaxKeepBlobBuffers             int
                MaxRequestAmplification        int
                MaxRequestSize                 int
+               MaxTokenLifetime               Duration
                RequestTimeout                 Duration
                SendTimeout                    Duration
                WebsocketClientEventQueue      int