Uploaded image for project: 'OpenShift Console'
  1. OpenShift Console
  2. CONSOLE-3524

Add token creation to Service Accounts


    • False
    • None
    • False

      See https://github.com/openshift/console/pull/12589.

      We need to add token creation to Service Accounts to replace the removed `Download kubeconfig file`, but the addition of token creation needs design.  We may want to account for optionally setting the expiration duration and/or binding the token to a secret.

      See https://docs.openshift.com/container-platform/4.12/cli_reference/openshift_cli/developer-cli-commands.html#oc-create-token

      Relevant CLI code: https://github.com/kubernetes/kubectl/blob/77a7b65409fc364fa3ff37060cc9342dc0527292/pkg/cmd/create/create_token.go#L228-L268

      Background: https://redhat-internal.slack.com/archives/C6A3NV5J9/p1676903843342839

      Before realizing adding token creation was going to be more involved and require some design, I had stubbed out token creation:

            .post(`${k8sBasePath}/api/v1/namespaces/${namespace}/serviceaccounts/${name}/token`, {
              kind: 'TokenRequest',
              apiVersion: 'authentication.k8s.io/v1',
              metadata: { creationTimestamp: null },
              spec: { audiences: null, expirationSeconds: null, boundObjectRef: null },
              status: { token: '', expirationTimestamp: null },
            .then((res) => {
              console.log('CONSOLE LOG: res', res);
            .catch((e) => console.log('CONSOLE LOG: e', e)); 

            Unassigned Unassigned
            rhn-engineering-rhamilto Robb Hamilton
            0 Vote for this issue
            3 Start watching this issue