16736: Adds API.MaxTokenLifetime config knob.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index c644de3741923bfc90bcf7371cfcac7265bcb95f..b7d555d08901fae5cb926bcc417b0a3c29bead49 100644 (file)
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -158,6 +158,13 @@ Clusters:
         dbname: ""
         SAMPLE: ""
     API:
+      # Limits for how long a client token created by regular users can be valid,
+      # and also is used as a default expiration policy when no expiration date is
+      # specified.
+      # Default value zero menans token expirations don't get clamped and no
+      # default expiration is set.
+      MaxTokenLifetime: 0s
+
       # Maximum size (in bytes) allowed for a single API request.  This
       # limit is published in the discovery document for use by clients.
       # Note: You must separately configure the upstream web server or

diff --git a/lib/config/export.go b/lib/config/export.go
index 3d0e27c7224f0c886643ef8be7f671ae8a1a2d74..b6531c59d87dd329a24d0b43f22dfd738f9208d5 100644 (file)
--- a/lib/config/export.go
+++ b/lib/config/export.go
@@ -69,6 +69,7 @@ var whitelist = map[string]bool{
        "API.MaxKeepBlobBuffers":                              false,
        "API.MaxRequestAmplification":                         false,
        "API.MaxRequestSize":                                  true,
+       "API.MaxTokenLifetime":                                false,
        "API.RequestTimeout":                                  true,
        "API.SendTimeout":                                     true,
        "API.WebsocketClientEventQueue":                       false,

diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index 8354102c2a321d062ca204e7eec7280568dcb117..9481d7a5c732f860ef2bb46aa5e662c9483f5b16 100644 (file)
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -164,6 +164,13 @@ Clusters:
         dbname: ""
         SAMPLE: ""
     API:
+      # Limits for how long a client token created by regular users can be valid,
+      # and also is used as a default expiration policy when no expiration date is
+      # specified.
+      # Default value zero menans token expirations don't get clamped and no
+      # default expiration is set.
+      MaxTokenLifetime: 0s
+
       # Maximum size (in bytes) allowed for a single API request.  This
       # limit is published in the discovery document for use by clients.
       # Note: You must separately configure the upstream web server or

diff --git a/sdk/go/arvados/config.go b/sdk/go/arvados/config.go
index 4a56c930213abf389a782fd593622d776da9584f..4ccb1ef5da9bb1fbec003f0215511e0268e86d58 100644 (file)
--- a/sdk/go/arvados/config.go
+++ b/sdk/go/arvados/config.go
@@ -86,6 +86,7 @@ type Cluster struct {
                MaxKeepBlobBuffers             int
                MaxRequestAmplification        int
                MaxRequestSize                 int
+               MaxTokenLifetime               Duration
                RequestTimeout                 Duration
                SendTimeout                    Duration
                WebsocketClientEventQueue      int