16678: Adds Login.TokenLifetime config knob.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index a2a34448f11cced6b01a6343eb56acc314e5556c..24e5b71c6c240c09a1eb7f2c1c397b37d34a9105 100644 (file)
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -698,6 +698,10 @@ Clusters:
       # remain valid before it needs to be revalidated.
       RemoteTokenRefresh: 5m
 
+      # How long a client token created from a login flow will be valid without
+      # asking the user to re-login.
+      TokenLifetime: 12h
+
     Git:
       # Path to git or gitolite-shell executable. Each authenticated
       # request will execute this program with the single argument "http-backend"

diff --git a/lib/config/export.go b/lib/config/export.go
index d6b02b750de122582e35a5aa34b508861106ac40..92389a73d4e0daa5744621c453e734cb140d3308 100644 (file)
--- a/lib/config/export.go
+++ b/lib/config/export.go
@@ -169,6 +169,7 @@ var whitelist = map[string]bool{
        "Login.SSO.ProviderAppID":                      false,
        "Login.SSO.ProviderAppSecret":                  false,
        "Login.RemoteTokenRefresh":                     true,
+       "Login.TokenLifetime":                          false,
        "Mail":                                         true,
        "Mail.MailchimpAPIKey":                         false,
        "Mail.MailchimpListID":                         false,

diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index bddb5cedb1df8428024f6461ed52ede12d8b9607..e35318ff95a8a2c06bc666414bf3e875d56982ba 100644 (file)
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -704,6 +704,10 @@ Clusters:
       # remain valid before it needs to be revalidated.
       RemoteTokenRefresh: 5m
 
+      # How long a client token created from a login flow will be valid without
+      # asking the user to re-login.
+      TokenLifetime: 12h
+
     Git:
       # Path to git or gitolite-shell executable. Each authenticated
       # request will execute this program with the single argument "http-backend"

diff --git a/sdk/go/arvados/config.go b/sdk/go/arvados/config.go
index 9cf1ed3cd182ba8f8659b38dee81bcf0a52ab976..399f1103fdf43fa11dd8ef162800f32895cb5948 100644 (file)
--- a/sdk/go/arvados/config.go
+++ b/sdk/go/arvados/config.go
@@ -178,6 +178,7 @@ type Cluster struct {
                }
                LoginCluster       string
                RemoteTokenRefresh Duration
+               TokenLifetime      Duration
        }
        Mail struct {
                MailchimpAPIKey                string

diff --git a/services/api/config/arvados_config.rb b/services/api/config/arvados_config.rb
index 035a3972f86c318e758318330c7aa63af44ff9c5..4f831160e9351790143505cc16447e6d0507b0e3 100644 (file)
--- a/services/api/config/arvados_config.rb
+++ b/services/api/config/arvados_config.rb
@@ -111,6 +111,7 @@ arvcfg.declare_config "Login.SSO.ProviderAppSecret", String, :sso_app_secret
 arvcfg.declare_config "Login.SSO.ProviderAppID", String, :sso_app_id
 arvcfg.declare_config "Login.LoginCluster", String
 arvcfg.declare_config "Login.RemoteTokenRefresh", ActiveSupport::Duration
+arvcfg.declare_config "Login.TokenLifetime", ActiveSupport::Duration
 arvcfg.declare_config "TLS.Insecure", Boolean, :sso_insecure
 arvcfg.declare_config "Services.SSO.ExternalURL", String, :sso_provider_url
 arvcfg.declare_config "AuditLogs.MaxAge", ActiveSupport::Duration, :max_audit_log_age