AdminTokenRequest#

pydantic model gafaelfawr.models.token.AdminTokenRequest#

A request to create a new token via the admin interface.

Parameters:

data (Any) –

Show JSON schema
{
   "title": "AdminTokenRequest",
   "description": "A request to create a new token via the admin interface.",
   "type": "object",
   "properties": {
      "username": {
         "description": "The username may only contain lowercase letters, digits, and dash (`-`), and may not start or end with a dash",
         "examples": [
            "some-service"
         ],
         "maxLength": 64,
         "minLength": 1,
         "pattern": "^[a-z0-9](?:[a-z0-9]|-[a-z0-9])*[a-z](?:[a-z0-9]|-[a-z0-9])*$",
         "title": "User for which to issue a token",
         "type": "string"
      },
      "token_type": {
         "allOf": [
            {
               "$ref": "#/$defs/TokenType"
            }
         ],
         "description": "Must be either `service` or `user`\n\n* `service`: A service-to-service token used for internal calls initiated by services, unrelated to a user request\n* `user`: A user-generated token that may be used programmatically\n",
         "examples": [
            "service"
         ],
         "title": "Token type"
      },
      "token_name": {
         "anyOf": [
            {
               "maxLength": 64,
               "minLength": 1,
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "Only provide this field for a token type of `user`",
         "examples": [
            "laptop token"
         ],
         "title": "User-given name of the token"
      },
      "scopes": {
         "examples": [
            [
               "read:all"
            ]
         ],
         "items": {
            "type": "string"
         },
         "title": "Token scopes",
         "type": "array"
      },
      "expires": {
         "anyOf": [
            {
               "format": "date-time",
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "Expiration timestamp of the token in seconds since epoch, or omitted to never expire",
         "examples": [
            1616986130
         ],
         "title": "Token expiration"
      },
      "name": {
         "anyOf": [
            {
               "minLength": 1,
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "If a value is not provided, and LDAP is configured, the full name from the LDAP entry for that username will be used",
         "examples": [
            "Service User"
         ],
         "title": "Preferred full name"
      },
      "email": {
         "anyOf": [
            {
               "minLength": 1,
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "If a value is not provided, and LDAP is configured, the email address from the LDAP entry for that username will be used",
         "examples": [
            "service@example.com"
         ],
         "title": "Email address"
      },
      "uid": {
         "anyOf": [
            {
               "minimum": 1,
               "type": "integer"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "If a value is not provided, and Firestore or LDAP are configured, the UID from Firestore (preferred) or the LDAP entry for that username will be used",
         "examples": [
            4131
         ],
         "title": "UID number"
      },
      "gid": {
         "anyOf": [
            {
               "minimum": 1,
               "type": "integer"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "GID of primary group. If set, should correspond to the id of a group of which the user is a member. If a value is not provided and LDAP is configured to add user private groups, it will be set to the same value as the UID.",
         "examples": [
            4123
         ],
         "title": "Primary GID"
      },
      "groups": {
         "anyOf": [
            {
               "items": {
                  "$ref": "#/$defs/TokenGroup"
               },
               "type": "array"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "Groups of which the user is a member. If a value is not provided, and LDAP is configured, the group membership from LDAP will be used",
         "title": "Groups"
      }
   },
   "$defs": {
      "TokenGroup": {
         "description": "Information about a single group.",
         "properties": {
            "name": {
               "examples": [
                  "g_special_users"
               ],
               "minLength": 1,
               "pattern": "^[a-zA-Z][a-zA-Z0-9._-]*$",
               "title": "Name of the group",
               "type": "string"
            },
            "id": {
               "anyOf": [
                  {
                     "type": "integer"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Numeric GID may be unset, in which case the group still contributes to determining scopes, but may be ignored by services that require a GID. If Firestore is configured, a numeric GID will be allocated by Firestore if left unset when creating a token.",
               "examples": [
                  123181
               ],
               "title": "Numeric GID of the group"
            }
         },
         "required": [
            "name"
         ],
         "title": "TokenGroup",
         "type": "object"
      },
      "TokenType": {
         "description": "The class of token.",
         "enum": [
            "session",
            "user",
            "notebook",
            "internal",
            "service"
         ],
         "title": "TokenType",
         "type": "string"
      }
   },
   "required": [
      "username",
      "token_type"
   ]
}

Fields:
Validators:
field email: str | None = None#

If a value is not provided, and LDAP is configured, the email address from the LDAP entry for that username will be used

Constraints:
  • min_length = 1

field expires: datetime | None = None#

Expiration timestamp of the token in seconds since epoch, or omitted to never expire

field gid: int | None = None#

GID of primary group. If set, should correspond to the id of a group of which the user is a member. If a value is not provided and LDAP is configured to add user private groups, it will be set to the same value as the UID.

Constraints:
  • ge = 1

field groups: list[TokenGroup] | None = None#

Groups of which the user is a member. If a value is not provided, and LDAP is configured, the group membership from LDAP will be used

field name: str | None = None#

If a value is not provided, and LDAP is configured, the full name from the LDAP entry for that username will be used

Constraints:
  • min_length = 1

field scopes: list[str] [Optional]#
field token_name: str | None = None#

Only provide this field for a token type of user

Constraints:
  • min_length = 1

  • max_length = 64

Validated by:
  • _valid_token_name

field token_type: TokenType [Required]#

Must be either service or user

  • service: A service-to-service token used for internal calls initiated by services, unrelated to a user request

  • user: A user-generated token that may be used programmatically

Validated by:
  • _valid_token_type

field uid: int | None = None#

If a value is not provided, and Firestore or LDAP are configured, the UID from Firestore (preferred) or the LDAP entry for that username will be used

Constraints:
  • ge = 1

field username: str [Required]#

The username may only contain lowercase letters, digits, and dash (-), and may not start or end with a dash

Constraints:
  • min_length = 1

  • max_length = 64

  • pattern = ^[a-z0-9](?:[a-z0-9]|-[a-z0-9])*[a-z](?:[a-z0-9]|-[a-z0-9])*$