-
Story
-
Resolution: Done
-
Undefined
-
ACM 2.12.0, MCE 2.7.0
-
2
-
False
-
None
-
False
-
-
-
-
SF Train-17
-
No
Value Statement
Different tokens can reduce the risk of a shared token be compromised.
Currently, after installed the MCE, the OCP(tested with 4.15) will create the token secret for the agent-registration-bootstrap serviceaccount.
This means the agent-registraiton will also return the same token of agent-registration-bootstrap-token based on the code: https://github.com/stolostron/managedcluster-import-controller/blob/2198e50b13b71d5429f5bd921bddf209fca33bfb/pkg/bootstrap/boostrapkubeconfig.go#L115
But we also want to provide a short-term token and the token should be different each time.
And we want the caller to assign the expiration of the token.
Definition of Done for Engineering Story Owner (Checklist)
- ...
Development Complete
- The code is complete.
- Functionality is working.
- Any required downstream Docker file changes are made.
Tests Automated
- [ ] Unit/function tests have been automated and incorporated into the
build. - [ ] 100% automated unit/function test coverage for new or changed APIs.
Secure Design
- [ ] Security has been assessed and incorporated into your threat model.
Multidisciplinary Teams Readiness
- [ ] Create an informative documentation issue using the [Customer
Portal_doc_issue template](
https://github.com/stolostron/backlog/issues/new?assignees=&labels=squad%3Adoc&template=doc_issue.md&title=),
and ensure doc acceptance criteria is met. Link the development issue to
the doc issue. - [ ] Provide input to the QE team, and ensure QE acceptance criteria
(established between story owner and QE focal) are met.
Support Readiness
- [ ] The must-gather script has been updated.
