Tokens in a serving engine project refer to encoded JWT tokens containing access rights information for querying or managing models in a namespace.
Tokens object contains 2 attributes :
- The list of authorized roles
- The target resource
There are 2 available roles :
model-management: Tokens containing this role are allowed to manage models (deploy, update, delete) targeted by the applying resource.
model-evaluation: Tokens containing this role are allowed to evaluate models (i.e call the model http endpoint) targeted by the authorized resource.
The resource attribute describes the resource (i.e. model identifiers) on which roles are applied (see the example below). You can provide an exact identifier that will match the resource id or a fuzzy string that ends with * to match multiple resources starting with the same prefix or a * to match all resources
A token containing a role of
model-evaluation with an applying
iris* will be allowed to request evaluation of each model
whose identifier starts with
iris inside its namespace.
- Each Token is created inside a namespace and is only relevant for that namespace.
- Tokens have no expiration date but can be renewed. For security purpose it is important for users to understand that tokens should be regularly renewed to avoid compromised ones.
- You can check the OVHcloud documention on how to manage models.