fix missing authz token max age config

openshift · Jun 16, 2020 · 7e12e9a · 7e12e9a
1 parent b3a5368
commit 7e12e9a
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 14 deletions.
diff --git a/pkg/controllers/configobservation/oauth/observe_tokenconfig.go b/pkg/controllers/configobservation/oauth/observe_tokenconfig.go
@@ -12,7 +12,10 @@ import (
 	"github.com/openshift/cluster-authentication-operator/pkg/controllers/configobservation"
 )
 
-const defaultAccessTokenMaxAgeSeconds = float64(86400) // a day
+const (
+	defaultAccessTokenMaxAgeSeconds    = float64(86400) // a day
+	defaultAuthorizeTokenMaxAgeSeconds = float64(300)   // 5 minutes
+)
 
 func ObserveTokenConfig(genericlisters configobserver.Listers, recorder events.Recorder, existingConfig map[string]interface{}) (ret map[string]interface{}, errs []error) {
 	tokenConfigPath := []string{"oauthConfig", "tokenConfig"}
@@ -44,17 +47,19 @@ func ObserveTokenConfig(genericlisters configobserver.Listers, recorder events.R
 		}
 	}
 
-	observedConfig := map[string]interface{}{}
+	observedTokenConfigFieldMap := map[string]interface{}{
+		"accessTokenMaxAgeSeconds":    defaultAccessTokenMaxAgeSeconds,
+		"authorizeTokenMaxAgeSeconds": defaultAuthorizeTokenMaxAgeSeconds,
+	}
+	observedConfig := map[string]interface{}{
+		"oauthConfig": map[string]interface{}{
+			"tokenConfig": observedTokenConfigFieldMap,
+		},
+	}
 	oauthConfig, err := listers.OAuthLister.Get("cluster")
 	if errors.IsNotFound(err) {
 		klog.Warning("oauth.config.openshift.io/cluster: not found")
-		return map[string]interface{}{
-			"oauthConfig": map[string]interface{}{
-				"tokenConfig": map[string]interface{}{
-					"accessTokenMaxAgeSeconds": defaultAccessTokenMaxAgeSeconds,
-				},
-			},
-		}, nil
+		return observedConfig, errs
 	} else if err != nil {
 		return existingConfig, append(errs, err)
 	}
@@ -63,10 +68,7 @@ func ObserveTokenConfig(genericlisters configobserver.Listers, recorder events.R
 	if observedAccessTokenMaxAgeSeconds == 0 {
 		observedAccessTokenMaxAgeSeconds = defaultAccessTokenMaxAgeSeconds
 	}
-
-	observedTokenConfigFieldMap := map[string]interface{}{
-		"accessTokenMaxAgeSeconds": observedAccessTokenMaxAgeSeconds,
-	}
+	observedTokenConfigFieldMap["accessTokenMaxAgeSeconds"] = observedAccessTokenMaxAgeSeconds
 
 	observedAccessTokenInactivityTimeoutSeconds := convertAccessTokenInactivityTimeout(oauthConfig.Spec.TokenConfig.AccessTokenInactivityTimeoutSeconds)
 	if observedAccessTokenInactivityTimeoutSeconds != nil {

diff --git a/pkg/controllers/configobservation/oauth/observe_tokenconfig_test.go b/pkg/controllers/configobservation/oauth/observe_tokenconfig_test.go
@@ -29,7 +29,10 @@ func TestObserveTokenConfig(t *testing.T) {
 			previouslyObservedConfig: map[string]interface{}{},
 			expected: map[string]interface{}{
 				"oauthConfig": map[string]interface{}{
-					"tokenConfig": map[string]interface{}{"accessTokenMaxAgeSeconds": float64(86400)},
+					"tokenConfig": map[string]interface{}{
+						"accessTokenMaxAgeSeconds":    float64(86400),
+						"authorizeTokenMaxAgeSeconds": float64(300),
+					},
 				},
 			},
 			errors: []error{},
@@ -99,6 +102,7 @@ func TestObserveTokenConfig(t *testing.T) {
 					"tokenConfig": map[string]interface{}{
 						"accessTokenInactivityTimeoutSeconds": float64(300),
 						"accessTokenMaxAgeSeconds":            float64(172800),
+						"authorizeTokenMaxAgeSeconds":         float64(300),
 					},
 				},
 			},