Repository: kudu Updated Branches: refs/heads/master ed2bc18de -> 0c3f82db1
[security] added info on non-renewable authn tokens It's not possible to renew Kudu authn tokens. That information is added into the description of the --authn_token_validity_seconds command-line flag. I also opened KUDU-1895 JIRA case for adding corresponding information into end-user documentation. Change-Id: I44b5aedb05803ffba7a22f8127b2edac60d3752c Reviewed-on: http://gerrit.cloudera.org:8080/6122 Tested-by: Alexey Serbin <[email protected]> Reviewed-by: Todd Lipcon <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/kudu/repo Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/085f1e04 Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/085f1e04 Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/085f1e04 Branch: refs/heads/master Commit: 085f1e04a8e9daca1bc5aa35666be507c7a800c8 Parents: ed2bc18 Author: Alexey Serbin <[email protected]> Authored: Wed Feb 22 19:33:15 2017 -0800 Committer: Todd Lipcon <[email protected]> Committed: Sun Feb 26 21:43:48 2017 +0000 ---------------------------------------------------------------------- src/kudu/master/master.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kudu/blob/085f1e04/src/kudu/master/master.cc ---------------------------------------------------------------------- diff --git a/src/kudu/master/master.cc b/src/kudu/master/master.cc index 984f50a..eda44c7 100644 --- a/src/kudu/master/master.cc +++ b/src/kudu/master/master.cc @@ -60,9 +60,10 @@ TAG_FLAG(tsk_rotation_seconds, advanced); TAG_FLAG(tsk_rotation_seconds, experimental); DEFINE_int64(authn_token_validity_seconds, 60 * 60 * 24 * 7, - "Period of time for which an issued authentication token is valid."); -// TODO(PKI): docs for what actual effect this has, given we don't support -// token renewal. + "Period of time for which an issued authentication token is valid. " + "It's not possible to renew a token, hence the token validity " + "interval defines the longest possible lifetime of an external " + "job which uses a token for authentication."); TAG_FLAG(authn_token_validity_seconds, experimental); using std::min;
