Documentation changes for REST API token

2025-05-29 09:13:08 +00:00 · 2018-04-17 14:07:29 -04:00 · 2018-04-17 14:07:29 -04:00 · 36b0b69cf4
commit 36b0b69cf4
parent 4163a6bb6c
6 changed files with 29 additions and 5 deletions
--- a/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst
+++ b/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst
@ -58,7 +58,15 @@ Then in the subsequent REST API access, the token can be used to replace the use

    curl -X GET -k -H X-Auth-Token:5cabd675-bc2e-4318-b1d6-831fd1f32f97 'https://<FQDN of xCAT MN>/xcatws/<resource>?<parameters>

-The validity of token is 24 hours. If an old token has expired, you will get a 'Authentication failure' error. Then you need reacquire a token with your account.
+The default validity of a token is 1 day. This default can be changed by the setting of `expiretokendays` attribute in `site` table. :: 
+
+    chdef -t site clustersite expiretokendays=<days>
+
+To make tokens valid forever use "never". ::
+
+    chdef -t site clustersite expiretokendays=never
+
+If an old token has expired, you will get a 'Authentication failure' error. You will need to reacquire a token for your account.


 The Common Parameters for Resource URI
--- a/docs/source/guides/admin-guides/references/man5/policy.5.rst
+++ b/docs/source/guides/admin-guides/references/man5/policy.5.rst
@ -80,7 +80,7 @@ policy Attributes:

 \ **rule**\ 
 
- Specifies how this rule should be applied.  Valid values are: allow, accept, trusted. Allow or accept  will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question.  This authorization should only be given to the xcatd on the management node at this time.
+ Specifies how this rule should be applied.  Valid values are: allow, trusted. Allow will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question.  This authorization should only be given to the xcatd on the management node at this time.
 


--- a/docs/source/guides/admin-guides/references/man5/site.5.rst
+++ b/docs/source/guides/admin-guides/references/man5/site.5.rst
@ -429,6 +429,8 @@ site Attributes:
   --------------------
  XCAT DAEMON ATTRIBUTES
   --------------------
+   expiretokendays: Number of days before REST API token will expire. The default is 1.
+                    use 'never' if you want your token to never expire.
   useflowcontrol:  (yes/1 or no/0). If yes, the postscript processing on each node
                 contacts xcatd on the MN/SN using a lightweight UDP packet to wait
                 until xcatd is ready to handle the requests associated with
--- a/docs/source/guides/admin-guides/references/man5/token.5.rst
+++ b/docs/source/guides/admin-guides/references/man5/token.5.rst
@ -19,7 +19,7 @@ SYNOPSIS
 ********


-\ **token Attributes:**\   \ *tokenid*\ , \ *username*\ , \ *expire*\ , \ *comments*\ , \ *disable*\ 
+\ **token Attributes:**\   \ *tokenid*\ , \ *username*\ , \ *created*\ , \ *access*\ , \ *expire*\ , \ *comments*\ , \ *disable*\ 


 ***********
@ -48,6 +48,18 @@ token Attributes:
 


+\ **created**\ 
+ 
+ Creation time for this token.
+ 
+
+
+\ **access**\ 
+ 
+ Last access time for this token.
+ 
+
+
 \ **expire**\ 
 
 The expire time for this token.
--- a/docs/source/guides/admin-guides/references/man7/policy.7.rst
+++ b/docs/source/guides/admin-guides/references/man7/policy.7.rst
@ -77,7 +77,7 @@ policy Attributes:

 \ **rule**\  (policy.rule)
 
- Specifies how this rule should be applied.  Valid values are: allow, accept, trusted. Allow or accept  will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question.  This authorization should only be given to the xcatd on the management node at this time.
+ Specifies how this rule should be applied.  Valid values are: allow, trusted. Allow will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question.  This authorization should only be given to the xcatd on the management node at this time.
 


--- a/perl-xCAT/xCAT/Schema.pm
+++ b/perl-xCAT/xCAT/Schema.pm
@ -890,7 +890,7 @@ passed as argument rather than by table value',
            noderange => 'The Noderange that this rule applies to.  Default is "*" (all nodes). Not supported with the *def commands.',
            parameters => 'A regular expression that matches the command parameters (everything except the noderange) that this rule applies to.  Default is "*" (all parameters). Not supported with the *def commands.',
            time => 'Time ranges that this command may be executed in.  This is not supported.',
-            rule => 'Specifies how this rule should be applied.  Valid values are: allow, accept, trusted. Allow or accept  will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question.  This authorization should only be given to the xcatd on the management node at this time.',
+            rule => 'Specifies how this rule should be applied.  Valid values are: allow, trusted. Allow will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question.  This authorization should only be given to the xcatd on the management node at this time.',
            comments => 'Any user-written notes.',
            disable  => "Set to 'yes' or '1' to comment out this row.",
        },
@ -1285,6 +1285,8 @@ passed as argument rather than by table value',
 " --------------------\n" .
 "XCAT DAEMON ATTRIBUTES\n" .
 " --------------------\n" .
+" expiretokendays: Number of days before REST API token will expire. The default is 1.\n" .
+"                  use 'never' if you want your token to never expire.\n" .
 " useflowcontrol:  (yes/1 or no/0). If yes, the postscript processing on each node\n" .
 "               contacts xcatd on the MN/SN using a lightweight UDP packet to wait\n" .
 "               until xcatd is ready to handle the requests associated with\n" .