TOKENGEN
Extension: io.warp10.script.ext.token.TokenWarpScriptExtension
extensions platformConfiguration parameters
-
token.secret
Generates a token given a map of parameters. The TOKENGEN
function outputs a map.
The input parameter map contains the following entries:
Key | Type | Description |
---|---|---|
id | STRING | Optional identifier that will be put verbatim in the result map |
type | STRING | READ or WRITE depending on the type of token to generate |
owner | STRING | UUID of the owner associated with the token |
producer | STRING | UUID of the producer associated with the token |
application | STRING | Name of application associated with the token |
issuance | LONG | Issuance timestamp of the token, in milliseconds since the Unix Epoch |
expiry | LONG | Expiry timestamp of the token, in milliseconds since the Unix Epoch |
ttl | LONG | If expiry is not specified, a time to live can be set with this key. The TTL is expressed in milliseconds, the computed expiry timestamp will be the issuance timestamp plus the ttl |
labels | MAP | Map of labels which will be added to the pushed Geo Time Series™ int the case of a WRITE token, or map of label selectors which will be added to the selection criteria for a READ token |
attributes | MAP | Map of attributes attached to the token |
When generating a READ
token, the following parameters are needed to ensure data isolation:
Key | Type | Description |
---|---|---|
owners | LIST | List of owners the READ token can access, they will be added to the selection criteria |
producers | LIST | List of producers the READ token can access, they will be added to the selection criteria |
applications | LIST | List of applications the READ token can access, they will be added to the selection criteria |
If one of these parameter key is not set or set to an empty list, then the generated READ
token will be granted access to all the scope associated with the parameter key. For example, if owners
is not set, data from all owners will be accessible to this token.
The TOKENGEN
function outputs a map with the following keys:
Key | Type | Description |
---|---|---|
token | STRING | Generated token |
ident | LONG | TokenIdent associated with token , can be used in a TRL |
id | STRING | Optional identifier if the id key was specified in the parameter map |
Note that the TOKENGEN
function can only be called using the Worf
tool if the token.secret
configuration was not set.
Since 2.7.3, Siphash and AES key can be specified to create the token.