Skip to content

Access token lifespan terrfaform configuration #305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 9, 2025
Merged

Access token lifespan terrfaform configuration #305

merged 1 commit into from
Oct 9, 2025

Conversation

@palagdan
Copy link
Collaborator

@palagdan palagdan commented Oct 9, 2025
edited
Loading

Resolve #301

@palagdan
Copy link
Collaborator Author

palagdan commented Oct 9, 2025
edited
Loading

/kbss-bot summarize

@kbss-bot
Copy link

kbss-bot bot commented Oct 9, 2025

SummarizePRAgent Report 🤖

🔍 PR Overview

This Pull Request aims to enhance the Terraform configuration for Access Token lifespan settings within the Keycloak authentication server setup. It adds flexibility by allowing the lifespan to be configured through environment variables.

🧐 Diff Summary

  • docker-compose.yml

    • Modified the entrypoint to include ${KC_REALM}.
    • Replaced hardcoded kc_realm variable with a dynamic one via the $KC_REALM environment variable, defaulting to "record-manager".
    • Introduced a new environment variable, kc_access_token_lifespan, which defaults to "5m".

  • main.tf

    • Added a keycloak_realm resource definition to set the access_token_lifespan property based on the variable kc_access_token_lifespan.

  • run.sh

    • Adjusted the script to accept the realm name as a third argument (KC_REALM).
    • Included a command to import the Keycloak realm using the provided realm name.

  • variables.tf

    • Introduced a new variable for kc_access_token_lifespan, allowing configurable management of access token duration.

⚡️ Change Impact

  • Benefits:

    • Enhances configurability of the Keycloak setup, which can now adapt to different environments without altering the code.
    • Supports better security practices by allowing customized access token lifespans based on specific application requirements.

  • Risks:

    • Introducing additional environment variables could lead to configuration errors if not properly documented or managed.
    • The effectiveness of the access_token_lifespan setting depends on the operator's understanding of how Keycloak manages tokens and potential implications of shorter token lifespans.

✅ Final Verdict (Experimental)

This PR is considered ready to merge as it introduces useful configuration improvements that align with flexible infrastructure management practices. However, it is advisable to conduct thorough testing in a staging environment to confirm the correct behavior of the access_token_lifespan setting before deployment in production. Proper documentation of the new environment variables should also be provided to minimize configuration errors.

📋 Click to see available commands

🤖 PR Command List

Command Description
/kbss-bot label Label the current PR
/kbss-bot summarize Generates a concise summary of the current PR changes

@palagdan palagdan merged commit 73c0ea4 into main Oct 9, 2025
2 checks passed
@palagdan palagdan deleted the 301-access-token-lifespan branch October 9, 2025 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Make a configurable timeout for access_token in keycloak authorization

2 participants

@palagdan