From: Lucas Di Pentima <lucas@di-pentima.com.ar>
Date: Fri, 15 Jan 2021 15:34:57 +0000 (-0300)
Subject: 16736: Adds API.MaxTokenLifetime config knob.
X-Git-Tag: 2.2.0~119^2~6
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/1118101f84c013e4a9f8d33d1f2f9c072c6ff4aa

16736: Adds API.MaxTokenLifetime config knob.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
---

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 68e518732d..2c0429edc5 100644
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -158,6 +158,13 @@ Clusters:
         dbname: ""
         SAMPLE: ""
     API:
+      # Limits for how long a client token created by regular users can be valid,
+      # and also is used as a default expiration policy when no expiration date is
+      # specified.
+      # Default value zero menans token expirations don't get clamped and no
+      # default expiration is set.
+      MaxTokenLifetime: 0s
+
       # Maximum size (in bytes) allowed for a single API request.  This
       # limit is published in the discovery document for use by clients.
       # Note: You must separately configure the upstream web server or
diff --git a/lib/config/export.go b/lib/config/export.go
index 3d0e27c722..b6531c59d8 100644
--- a/lib/config/export.go
+++ b/lib/config/export.go
@@ -69,6 +69,7 @@ var whitelist = map[string]bool{
 	"API.MaxKeepBlobBuffers":                              false,
 	"API.MaxRequestAmplification":                         false,
 	"API.MaxRequestSize":                                  true,
+	"API.MaxTokenLifetime":                                false,
 	"API.RequestTimeout":                                  true,
 	"API.SendTimeout":                                     true,
 	"API.WebsocketClientEventQueue":                       false,
diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index 8ef787771e..6135e2a3c6 100644
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -164,6 +164,13 @@ Clusters:
         dbname: ""
         SAMPLE: ""
     API:
+      # Limits for how long a client token created by regular users can be valid,
+      # and also is used as a default expiration policy when no expiration date is
+      # specified.
+      # Default value zero menans token expirations don't get clamped and no
+      # default expiration is set.
+      MaxTokenLifetime: 0s
+
       # Maximum size (in bytes) allowed for a single API request.  This
       # limit is published in the discovery document for use by clients.
       # Note: You must separately configure the upstream web server or
diff --git a/sdk/go/arvados/config.go b/sdk/go/arvados/config.go
index 4a56c93021..4ccb1ef5da 100644
--- a/sdk/go/arvados/config.go
+++ b/sdk/go/arvados/config.go
@@ -86,6 +86,7 @@ type Cluster struct {
 		MaxKeepBlobBuffers             int
 		MaxRequestAmplification        int
 		MaxRequestSize                 int
+		MaxTokenLifetime               Duration
 		RequestTimeout                 Duration
 		SendTimeout                    Duration
 		WebsocketClientEventQueue      int