From 141d91be979b3919076bbc0cdfe8ed97d421bddb Mon Sep 17 00:00:00 2001 From: Muthu Chidambaram Date: Tue, 26 Mar 2024 13:37:05 -0500 Subject: [PATCH] [BACKPORT 2.20.2][PLAT-13268][PLAT-13267] Allow API token request on HA follower Summary: Original commit: e1e77ba78ee634a21dc9b2e5c9769841e3cc6a08 / D33545 Regression from https://phorge.dev.yugabyte.com/D30758 where we stopped allowing HA followers to access the api_token endpoint, which created a short lived API token for use with subsequent HTTP requests. We are now recommending customers to use the login token with long running scripts/workflows, but this is a difficulty for customers who already have automation built with the assumption api_token can be retrieved in this way. As there is no technical issue/risk with allowing this (just potential usage difficulty by multiple clients invalidating other API tokens), we can add api_token to the whitelisted set of endpoints. Test Plan: manual cURL to generate API token Reviewers: nsingh, sanketh, nbhatia Reviewed By: nsingh, sanketh Subscribers: yugaware Tags: #jenkins-ready Differential Revision: https://phorge.dev.yugabyte.com/D33553 --- .../java/com/yugabyte/yw/controllers/TokenAuthenticator.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/managed/src/main/java/com/yugabyte/yw/controllers/TokenAuthenticator.java b/managed/src/main/java/com/yugabyte/yw/controllers/TokenAuthenticator.java index 31040da9e84..06c6ec426cf 100644 --- a/managed/src/main/java/com/yugabyte/yw/controllers/TokenAuthenticator.java +++ b/managed/src/main/java/com/yugabyte/yw/controllers/TokenAuthenticator.java @@ -56,7 +56,8 @@ public class TokenAuthenticator extends Action.Simple { "/performance_recommendations/page", "/performance_recommendation_state_change/page", "/node_agents/page", - "/login"); + "/login", + "/api_token"); public static final String COOKIE_AUTH_TOKEN = "authToken"; public static final String AUTH_TOKEN_HEADER = "X-AUTH-TOKEN"; public static final String COOKIE_API_TOKEN = "apiToken";