XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Normal
Fix Version/s: ACM 2.13.0
Affects Version/s: None
Component/s: Application Lifecycle, GRC, Hive
Labels:
- cross-squad

Epic Name:
Check on long lived token in application-manager
Blocked:
False
Blocked Reason:
None
Ready:
False
Color Status:
Not Selected
Epic Status:
To Do
Hierarchy Progress Bar:

33% To Do, 0% In Progress, 67% Done

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Intelligence Requested:
Market:

Epic Goal

Remove long lived tokens and move to single use tokens.

Why is this important?

Security

Scenarios

oc get secrets \
--all-namespaces \
--field-selector type=kubernetes.io/service-account-token

Shows three secrets:

hiveadmission-sa-token

open-cluster-management-compliance-history-api-recorder

application-manager

oc get secrets \
--all-namespaces \
--show-labels \
--field-selector type=kubernetes.io/service-account-token \
--selector kubernetes.io/legacy-token-last-used

The above query shows that the ACM tokens aren't used unless the specific feature gets used.

Acceptance Criteria

Remove any long lived tokens.

Dependencies (internal and external)

Hive, Policy, AppSubscription

Previous Work (Optional):

Discusses with xiangli@redhat.com

Open questions:

Can a justification be provided as the solution? (I don't think so, but figured I would ask)

Done Checklist

DEV - No more long lived tokens.

Assignee:: Joshua Packer

Reporter:: Joshua Packer

QA Contact:: Derek Ho

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/10/01 7:34 PM

Updated:: 2024/11/18 4:32 PM

Details

Description

Epic Goal

Why is this important?

Scenarios

Acceptance Criteria

Dependencies (internal and external)

Previous Work (Optional):

Open questions:

Done Checklist

Attachments

Easy Agile Planning Poker

Activity

People

Dates