Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Auth
Labels:
- rfe-rejected-to-wontdo

Target Version:
None
Activity Type:
Product / Portfolio Work
Status Summary:
None
Blocked:
False
Blocked Reason:
None
Products:
None
Hierarchy Progress Bar:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
None
PX Impact Score:
PX Impact Range:
None
PX Priority Data:
PX Technical Impact:
None
PX Technical Impact Notes:
None
PX Scheduling Request:
None

TTL on access tokens does not affect Prometheus/Alertmanager

My customer has requested:

We've set a maximum TTL on the OAuth token and the OAuthClients and this works fine for the API token and the console.
However, the maximum TTL does not apply to sessions in Prometheus, the Alertmanager and (probably) Grafana.
From a security point of view, one of our customers requires a maximum TTL of 4 hours on these sessions as well.

Is there a different way to configure the TTL of the tokens used by Prometheus, the Alertmanager and Grafana or is this a bug/missing configuration option within Openshift?

Our Ansible code to configure the TTL for tokens:
```

name: Get OAuthClients
k8s_info:
kind: OAuthClient
register: oauthclients
name: Set access token TTL for OAuthClients
k8s:
state: present
kind: OAuthClient
name: "{{ item.metadata.name }}"
definition:
accessTokenInactivityTimeoutSeconds: "{{ access_token_ttl }}"
loop: "{{ oauthclients.resources }}"
name: Set access token TTL for api
k8s:
state: present
kind: OAuth
name: cluster
definition:
spec:
tokenConfig:
accessTokenMaxAgeSeconds: "{{ access_token_ttl }}"

There is more detail on this in https://bugzilla.redhat.com/show_bug.cgi?id=1973575

Assignee:: Anandnatraj Chandramohan (Inactive)

Reporter:: Andy Bartlett

Need Info From:: None

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2021/08/23 2:45 PM

Updated:: 2025/09/13 7:36 PM

Resolved:: 2022/09/02 2:44 PM

Target start:: None

Target end:: None

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates