Refactor installation and runner scripts for enhanced usability and security
- Updated the installation script to clarify that production wrappers do not include fixed test secrets, improving user guidance for local testing. - Modified the jiggablend-manager and jiggablend-runner scripts to remove fixed test configurations, emphasizing the use of local test credentials via `make init-test`. - Enhanced error handling in the runner script to ensure that an API key is provided, improving security and user feedback. - Added new flags and options for the runner, including sandboxing capabilities and GPU ray tracing control, enhancing flexibility for users. - Improved README documentation to reflect changes in usage and configuration, ensuring users have clear instructions for setup and execution.
This commit is contained in:
@@ -7,11 +7,54 @@ import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// JobTokenDuration is the validity period for job tokens
|
||||
const JobTokenDuration = 1 * time.Hour
|
||||
// DefaultJobTokenDuration is the minimum validity period for job tokens.
|
||||
const DefaultJobTokenDuration = 1 * time.Hour
|
||||
|
||||
// JobTokenSkew is extra lifetime added beyond configured task timeouts.
|
||||
const JobTokenSkew = 15 * time.Minute
|
||||
|
||||
// JobTokenDuration is the current validity period for newly issued job tokens.
|
||||
// Prefer JobTokenTTL() / SetJobTokenTTL; this var remains for backward-compatible reads.
|
||||
var (
|
||||
jobTokenTTL = DefaultJobTokenDuration
|
||||
jobTokenTTLMu sync.RWMutex
|
||||
)
|
||||
|
||||
// JobTokenTTL returns the current job token lifetime used when minting tokens.
|
||||
func JobTokenTTL() time.Duration {
|
||||
jobTokenTTLMu.RLock()
|
||||
defer jobTokenTTLMu.RUnlock()
|
||||
return jobTokenTTL
|
||||
}
|
||||
|
||||
// SetJobTokenTTL sets the lifetime for newly issued job tokens.
|
||||
// Values below DefaultJobTokenDuration are raised to the default.
|
||||
func SetJobTokenTTL(d time.Duration) {
|
||||
if d < DefaultJobTokenDuration {
|
||||
d = DefaultJobTokenDuration
|
||||
}
|
||||
jobTokenTTLMu.Lock()
|
||||
jobTokenTTL = d
|
||||
jobTokenTTLMu.Unlock()
|
||||
}
|
||||
|
||||
// ConfigureJobTokenTTLFromTimeouts sets token lifetime from the longest of the
|
||||
// given task timeouts (seconds) plus JobTokenSkew, floored at DefaultJobTokenDuration.
|
||||
func ConfigureJobTokenTTLFromTimeouts(timeoutSeconds ...int) time.Duration {
|
||||
maxSec := 0
|
||||
for _, s := range timeoutSeconds {
|
||||
if s > maxSec {
|
||||
maxSec = s
|
||||
}
|
||||
}
|
||||
d := time.Duration(maxSec)*time.Second + JobTokenSkew
|
||||
SetJobTokenTTL(d)
|
||||
return JobTokenTTL()
|
||||
}
|
||||
|
||||
// JobTokenClaims represents the claims in a job token
|
||||
type JobTokenClaims struct {
|
||||
@@ -41,7 +84,7 @@ func GenerateJobToken(jobID, runnerID, taskID int64) (string, error) {
|
||||
JobID: jobID,
|
||||
RunnerID: runnerID,
|
||||
TaskID: taskID,
|
||||
Exp: time.Now().Add(JobTokenDuration).Unix(),
|
||||
Exp: time.Now().Add(JobTokenTTL()).Unix(),
|
||||
}
|
||||
|
||||
// Encode claims to JSON
|
||||
@@ -112,4 +155,3 @@ func ValidateJobToken(token string) (*JobTokenClaims, error) {
|
||||
|
||||
return &claims, nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user