Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Labels:
- oap-plan

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
SPIRE-40
Intelligence Requested:
Market:

Sprint:
OAPE Sprint 275, OAPE Sprint 276
sprint_count:
2

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:

It's an associated requirement with Upstream Authority feature (SPIRE-129)

This would be an important function for admin to configure when managing CA hierarchy and rotation.

Currently the SPIRE Server uses a hardcoded CA TTL value as 24h: https://github.com/openshift/zero-trust-workload-identity-manager/blob/dfcaa616ce964ac292b3109c9ed9d41603e9ffea/pkg/controller/spire-server/configmap.go#L145

Additionally we also need to evaluate if `default_jwt_svid_ttl` and `default_x509_svid_ttl` should support customized in this time. https://github.com/openshift/zero-trust-workload-identity-manager/blob/dfcaa616ce964ac292b3109c9ed9d41603e9ffea/pkg/controller/spire-server/configmap.go#L147-L148

relates to

SPIRE-129 Add support for Upstream Authority in ZTWIM

Code Review

links to

openshift/zero-trust-workload-identity-manager#31: SPIRE-134: Adds the support to update the TTL for the spire servers

Assignee:: Anirudh Agnihotri

Reporter:: Yuedong Wu

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/07/28 6:16 AM

Updated:: 2025/09/03 5:44 AM

Resolved:: 2025/09/03 5:44 AM