Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-39008

[RFE] Tokens generated via token.kubevirt.io have no revocation mechanism

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • CNV vfuture
    • CNV v4.15.0
    • CNV Infrastructure
    • None
    • 0.42
    • False
    • Hide

      None

      Show
      None
    • False
    • No
    • ---
    • ---

      Description of problem:

      Tokens generated via token.kubevirt.io have no mechanism for revocation. 
For now, If we generate a one-time token using curl and no longer need it, we simply discard it or let it expire but if they are still valid and get leaked, that brings risk. There is no direct way for now to manage/revoke/delete such token. Removing sa every time could not be a feasible solution.

      Version-Release number of selected component (if applicable):

      4.15

      How reproducible:

      always

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

            akrejcir@redhat.com Andrej Krejcir
            gkapoor@redhat.com Geetika Kapoor
            Geetika Kapoor Geetika Kapoor
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: