Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: ACM 2.13.0
Affects Version/s: ACM 2.12.0
Component/s: Hive
Labels:
- groomed

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Check on long lived token in application-manager
Acceptance Criteria:

Hide

Provide the required acceptance criteria using this template.
* ...

Show
Provide the required acceptance criteria using this template. * ...
Intelligence Requested:
Market:

Regression:
None

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Value Statement

OpenShift has moved away from long lived tokens. On a default install of MCE, Hive creates a long lived token.

oc get secrets \
--all-namespaces \
--field-selector type=kubernetes.io/service-account-token

This token either needs to change or be removed. I don't believe OCP allows for justification.{}

Definition of Done for Engineering Story Owner (Checklist)

The secret query does NOT return a hive secret.

Development Complete

The code is complete.
Functionality is working.
Any required downstream Docker file changes are made.

Tests Automated

[ ] Unit/function tests have been automated and incorporated into the
build.
[ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

[ ] Security has been assessed and incorporated into your threat model.

is caused by

HIVE-2219 Create token for the hive service accounts if running on non-openshift cluster.

Closed

links to

openshift/hive#2504: Don't generate long-lived token for hiveadmission on OpenShift

Assignee:: Eric Fried

Reporter:: Joshua Packer

QA Contact:: Mingxia Huang

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/10/02 3:17 PM

Updated:: 2024/11/05 11:27 PM

Resolved:: 2024/11/05 11:27 PM