From 36b0b69cf4af601701094f5c2a903e8a91c44116 Mon Sep 17 00:00:00 2001 From: Mark Gurevich Date: Tue, 17 Apr 2018 14:07:29 -0400 Subject: [PATCH] Documentation changes for REST API token --- .../restapi/restapi_usage/restapi_usage.rst | 10 +++++++++- .../admin-guides/references/man5/policy.5.rst | 2 +- .../guides/admin-guides/references/man5/site.5.rst | 2 ++ .../admin-guides/references/man5/token.5.rst | 14 +++++++++++++- .../admin-guides/references/man7/policy.7.rst | 2 +- perl-xCAT/xCAT/Schema.pm | 4 +++- 6 files changed, 29 insertions(+), 5 deletions(-) diff --git a/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst b/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst index 09c65095c..89729c2d2 100644 --- a/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst +++ b/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst @@ -58,7 +58,15 @@ Then in the subsequent REST API access, the token can be used to replace the use curl -X GET -k -H X-Auth-Token:5cabd675-bc2e-4318-b1d6-831fd1f32f97 'https:///xcatws/? -The validity of token is 24 hours. If an old token has expired, you will get a 'Authentication failure' error. Then you need reacquire a token with your account. +The default validity of a token is 1 day. This default can be changed by the setting of `expiretokendays` attribute in `site` table. :: + + chdef -t site clustersite expiretokendays= + +To make tokens valid forever use "never". :: + + chdef -t site clustersite expiretokendays=never + +If an old token has expired, you will get a 'Authentication failure' error. You will need to reacquire a token for your account. The Common Parameters for Resource URI diff --git a/docs/source/guides/admin-guides/references/man5/policy.5.rst b/docs/source/guides/admin-guides/references/man5/policy.5.rst index e9b53ba0c..7b41a78db 100644 --- a/docs/source/guides/admin-guides/references/man5/policy.5.rst +++ b/docs/source/guides/admin-guides/references/man5/policy.5.rst @@ -80,7 +80,7 @@ policy Attributes: \ **rule**\ - Specifies how this rule should be applied. Valid values are: allow, accept, trusted. Allow or accept will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question. This authorization should only be given to the xcatd on the management node at this time. + Specifies how this rule should be applied. Valid values are: allow, trusted. Allow will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question. This authorization should only be given to the xcatd on the management node at this time. diff --git a/docs/source/guides/admin-guides/references/man5/site.5.rst b/docs/source/guides/admin-guides/references/man5/site.5.rst index d4ea2ab7e..f9bc5383a 100644 --- a/docs/source/guides/admin-guides/references/man5/site.5.rst +++ b/docs/source/guides/admin-guides/references/man5/site.5.rst @@ -429,6 +429,8 @@ site Attributes: -------------------- XCAT DAEMON ATTRIBUTES -------------------- + expiretokendays: Number of days before REST API token will expire. The default is 1. + use 'never' if you want your token to never expire. useflowcontrol: (yes/1 or no/0). If yes, the postscript processing on each node contacts xcatd on the MN/SN using a lightweight UDP packet to wait until xcatd is ready to handle the requests associated with diff --git a/docs/source/guides/admin-guides/references/man5/token.5.rst b/docs/source/guides/admin-guides/references/man5/token.5.rst index f70bf9eaf..e91287888 100644 --- a/docs/source/guides/admin-guides/references/man5/token.5.rst +++ b/docs/source/guides/admin-guides/references/man5/token.5.rst @@ -19,7 +19,7 @@ SYNOPSIS ******** -\ **token Attributes:**\ \ *tokenid*\ , \ *username*\ , \ *expire*\ , \ *comments*\ , \ *disable*\ +\ **token Attributes:**\ \ *tokenid*\ , \ *username*\ , \ *created*\ , \ *access*\ , \ *expire*\ , \ *comments*\ , \ *disable*\ *********** @@ -48,6 +48,18 @@ token Attributes: +\ **created**\ + + Creation time for this token. + + + +\ **access**\ + + Last access time for this token. + + + \ **expire**\ The expire time for this token. diff --git a/docs/source/guides/admin-guides/references/man7/policy.7.rst b/docs/source/guides/admin-guides/references/man7/policy.7.rst index 5c9709647..b920c052f 100644 --- a/docs/source/guides/admin-guides/references/man7/policy.7.rst +++ b/docs/source/guides/admin-guides/references/man7/policy.7.rst @@ -77,7 +77,7 @@ policy Attributes: \ **rule**\ (policy.rule) - Specifies how this rule should be applied. Valid values are: allow, accept, trusted. Allow or accept will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question. This authorization should only be given to the xcatd on the management node at this time. + Specifies how this rule should be applied. Valid values are: allow, trusted. Allow will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question. This authorization should only be given to the xcatd on the management node at this time. diff --git a/perl-xCAT/xCAT/Schema.pm b/perl-xCAT/xCAT/Schema.pm index ca97fd170..c475a6c02 100755 --- a/perl-xCAT/xCAT/Schema.pm +++ b/perl-xCAT/xCAT/Schema.pm @@ -890,7 +890,7 @@ passed as argument rather than by table value', noderange => 'The Noderange that this rule applies to. Default is "*" (all nodes). Not supported with the *def commands.', parameters => 'A regular expression that matches the command parameters (everything except the noderange) that this rule applies to. Default is "*" (all parameters). Not supported with the *def commands.', time => 'Time ranges that this command may be executed in. This is not supported.', - rule => 'Specifies how this rule should be applied. Valid values are: allow, accept, trusted. Allow or accept will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question. This authorization should only be given to the xcatd on the management node at this time.', + rule => 'Specifies how this rule should be applied. Valid values are: allow, trusted. Allow will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question. This authorization should only be given to the xcatd on the management node at this time.', comments => 'Any user-written notes.', disable => "Set to 'yes' or '1' to comment out this row.", }, @@ -1285,6 +1285,8 @@ passed as argument rather than by table value', " --------------------\n" . "XCAT DAEMON ATTRIBUTES\n" . " --------------------\n" . +" expiretokendays: Number of days before REST API token will expire. The default is 1.\n" . +" use 'never' if you want your token to never expire.\n" . " useflowcontrol: (yes/1 or no/0). If yes, the postscript processing on each node\n" . " contacts xcatd on the MN/SN using a lightweight UDP packet to wait\n" . " until xcatd is ready to handle the requests associated with\n" .