-
Bug
-
Resolution: Unresolved
-
Undefined
-
CNV v4.15.0
-
None
-
0.42
-
False
-
-
False
-
No
-
---
-
---
-
Description of problem:
Tokens generated via token.kubevirt.io have no mechanism for revocation. For now, If we generate a one-time token using curl and no longer need it, we simply discard it or let it expire but if they are still valid and get leaked, that brings risk. There is no direct way for now to manage/revoke/delete such token. Removing sa every time could not be a feasible solution.
Version-Release number of selected component (if applicable):
4.15
How reproducible:
always
Steps to Reproduce:
1. 2. 3.
Actual results:
Expected results:
Additional info:
- relates to
-
CNV-37922 Document token revocation limitation for vm-console-proxy
- POST