[BACKPORT 2.20.2][PLAT-13268][PLAT-13267] Allow API token request on …

…HA follower Summary: Original commit: e1e77ba / D33545 Regression from https://phorge.dev.yugabyte.com/D30758 where we stopped allowing HA followers to access the api_token endpoint, which created a short lived API token for use with subsequent HTTP requests. We are now recommending customers to use the login token with long running scripts/workflows, but this is a difficulty for customers who already have automation built with the assumption api_token can be retrieved in this way. As there is no technical issue/risk with allowing this (just potential usage difficulty by multiple clients invalidating other API tokens), we can add api_token to the whitelisted set of endpoints. Test Plan: manual cURL to generate API token Reviewers: nsingh, sanketh, nbhatia Reviewed By: nsingh, sanketh Subscribers: yugaware Tags: #jenkins-ready Differential Revision: https://phorge.dev.yugabyte.com/D33553
yugabyte · Mar 26, 2024 · 141d91b · 141d91b
1 parent a75f372
commit 141d91b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/managed/src/main/java/com/yugabyte/yw/controllers/TokenAuthenticator.java b/managed/src/main/java/com/yugabyte/yw/controllers/TokenAuthenticator.java
@@ -56,7 +56,8 @@ public class TokenAuthenticator extends Action.Simple {
           "/performance_recommendations/page",
           "/performance_recommendation_state_change/page",
           "/node_agents/page",
-          "/login");
+          "/login",
+          "/api_token");
   public static final String COOKIE_AUTH_TOKEN = "authToken";
   public static final String AUTH_TOKEN_HEADER = "X-AUTH-TOKEN";
   public static final String COOKIE_API_TOKEN = "apiToken";