AdminTokenRequest

pydantic model gafaelfawr.models.token.AdminTokenRequest

A request to create a new token via the admin interface.

Parameters:

data (Any)

Show JSON schema
{
   "title": "AdminTokenRequest",
   "description": "A request to create a new token via the admin interface.",
   "type": "object",
   "properties": {
      "username": {
         "description": "The username may only contain lowercase letters, digits, and hyphen-minus, and may not start or end with a dash",
         "examples": [
            "some-service"
         ],
         "maxLength": 64,
         "minLength": 1,
         "pattern": "^[a-z0-9](?:[a-z0-9]|-[a-z0-9])*[a-z](?:[a-z0-9]|-[a-z0-9])*$",
         "title": "User for which to issue a token",
         "type": "string"
      },
      "token_type": {
         "$ref": "#/$defs/TokenType",
         "description": "Must be either ``service`` or ``user``",
         "examples": [
            "service"
         ],
         "title": "Token type"
      },
      "token_name": {
         "anyOf": [
            {
               "maxLength": 64,
               "minLength": 1,
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "Only provide this field for a token type of ``user``",
         "examples": [
            "laptop token"
         ],
         "title": "User-given name of the token"
      },
      "scopes": {
         "$ref": "#/$defs/Scopes",
         "default": [],
         "examples": [
            [
               "read:all"
            ]
         ],
         "title": "Token scopes"
      },
      "expires": {
         "anyOf": [
            {
               "format": "date-time",
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "Expiration timestamp of the token in seconds since epoch, or omitted to never expire",
         "examples": [
            1616986130
         ],
         "title": "Token expiration"
      },
      "name": {
         "anyOf": [
            {
               "minLength": 1,
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "If a value is not provided, and LDAP is configured, the full name from the LDAP entry for that username will be used",
         "examples": [
            "Service User"
         ],
         "title": "Preferred full name"
      },
      "email": {
         "anyOf": [
            {
               "minLength": 1,
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "If a value is not provided, and LDAP is configured, the email address from the LDAP entry for that username will be used",
         "examples": [
            "service@example.com"
         ],
         "title": "Email address"
      },
      "uid": {
         "anyOf": [
            {
               "minimum": 1,
               "type": "integer"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "If a value is not provided, and Firestore or LDAP are configured, the UID from Firestore (preferred) or the LDAP entry for that username will be used",
         "examples": [
            4131
         ],
         "title": "UID number"
      },
      "gid": {
         "anyOf": [
            {
               "minimum": 1,
               "type": "integer"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "GID of primary group. If set, should correspond to the id of a group of which the user is a member. If a value is not provided and LDAP is configured to add user private groups, it will be set to the same value as the UID.",
         "examples": [
            4123
         ],
         "title": "Primary GID"
      },
      "groups": {
         "anyOf": [
            {
               "items": {
                  "$ref": "#/$defs/Group"
               },
               "type": "array"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "Groups of which the user is a member. If a value is not provided, and LDAP is configured, the group membership from LDAP will be used",
         "title": "Groups"
      }
   },
   "$defs": {
      "Group": {
         "description": "Information about a single group.",
         "properties": {
            "name": {
               "examples": [
                  "g_special_users"
               ],
               "minLength": 1,
               "pattern": "^[a-zA-Z][a-zA-Z0-9._-]*$",
               "title": "Name of the group",
               "type": "string"
            },
            "id": {
               "examples": [
                  123181
               ],
               "title": "Numeric GID of the group",
               "type": "integer"
            }
         },
         "required": [
            "name",
            "id"
         ],
         "title": "Group",
         "type": "object"
      },
      "Scopes": {},
      "TokenType": {
         "description": "The class of token.",
         "enum": [
            "session",
            "user",
            "notebook",
            "internal",
            "service",
            "oidc"
         ],
         "title": "TokenType",
         "type": "string"
      }
   },
   "required": [
      "username",
      "token_type"
   ]
}

Fields:
Validators:
field email: str | None = None

If a value is not provided, and LDAP is configured, the email address from the LDAP entry for that username will be used

Constraints:
  • min_length = 1

field expires: UtcDatetime | None = None

Expiration timestamp of the token in seconds since epoch, or omitted to never expire

field gid: int | None = None

GID of primary group. If set, should correspond to the id of a group of which the user is a member. If a value is not provided and LDAP is configured to add user private groups, it will be set to the same value as the UID.

Constraints:
  • ge = 1

field groups: list[Group] | None = None

Groups of which the user is a member. If a value is not provided, and LDAP is configured, the group membership from LDAP will be used

field name: str | None = None

If a value is not provided, and LDAP is configured, the full name from the LDAP entry for that username will be used

Constraints:
  • min_length = 1

field scopes: Scopes = {}
field token_name: str | None = None

Only provide this field for a token type of user

Constraints:
  • min_length = 1

  • max_length = 64

Validated by:
  • _valid_token_name

field token_type: TokenType [Required]

Must be either service or user

Validated by:
  • _valid_token_type

field uid: int | None = None

If a value is not provided, and Firestore or LDAP are configured, the UID from Firestore (preferred) or the LDAP entry for that username will be used

Constraints:
  • ge = 1

field username: str [Required]

The username may only contain lowercase letters, digits, and hyphen-minus, and may not start or end with a dash

Constraints:
  • min_length = 1

  • max_length = 64

  • pattern = ^[a-z0-9](?:[a-z0-9]|-[a-z0-9])*[a-z](?:[a-z0-9]|-[a-z0-9])*$