Feature #17298

remove the need to run get_anonymous_user_token.rb during installation

Added by Ward Vandewege 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-

Description

As part of ticket #16726 the services/api/script/get_anonymous_user_token.rb logic was changed. It currently takes the configured anonymous token from the config file and makes sure that the corresponding database record exists.

It is called from lib/boot/seed.go.

It needs to be run during manual installation in an awkward 2-step process: put a random string in config file; then run this script.

It would be much better to make the api server check the anonymous token as configured on startup, and if one is defined in the config file, make sure that the appropriate db record exists. If the token is not configured, it can do nothing. If a token is configured and other anonymous tokens exist in the database, those should be disabled. This is roughly the logic of the current services/api/script/get_anonymous_user_token.rb script.

Once this change is made, lib/boot/seed.go should be adapted and the documentation needs to be updated accordingly, in doc/install/install-keep-web.html.textile.liquid. Also update lib/config/config.default.yml and regenerate the reference.


Related issues

Related to Arvados - Bug #16726: other cluster's special users (root and anonymous) can appear in user listResolved08/31/2020

History

#1 Updated by Ward Vandewege 3 months ago

  • Related to Bug #16726: other cluster's special users (root and anonymous) can appear in user list added

#2 Updated by Ward Vandewege 3 months ago

  • Description updated (diff)

#3 Updated by Ward Vandewege 3 months ago

  • Description updated (diff)

#4 Updated by Ward Vandewege 3 months ago

  • Description updated (diff)

Also available in: Atom PDF