New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement inactivity timeout for logging user out #451
Conversation
pkg/console/operator/sync_v400.go
Outdated
if oauthClient.AccessTokenInactivityTimeoutSeconds != nil { | ||
inactivityTimeoutSeconds = int(*oauthClient.AccessTokenInactivityTimeoutSeconds) | ||
} else { | ||
oauthConfig, oacErr := co.oauthConfigClient.Get(co.ctx, api.ConfigResourceName, metav1.GetOptions{}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should already have this right? Can we pass this into the function like we do for Infrastructure config?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, sorry forgot to remove it
ClientSecretFile string `yaml:"clientSecretFile,omitempty"` | ||
OAuthEndpointCAFile string `yaml:"oauthEndpointCAFile,omitempty"` | ||
LogoutRedirect string `yaml:"logoutRedirect,omitempty"` | ||
InactivityTimeoutSeconds int `yaml:"inactivityTimeoutSeconds,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think omitempty
on these fields will work since they're not pointers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
they will, in this case if the InactivityTimeoutSeconds
will be 0
, it will get omitted
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
they will, in this case if the
InactivityTimeoutSeconds
will be0
, it will get omitted
I'm skeptical :) But we can look at it separately since all the existing properties have it also.
pkg/console/operator/sync_v400.go
Outdated
if oacErr != nil { | ||
return nil, false, "FailedGetOAuthConfigClient", oacErr | ||
} | ||
inactivityTimeoutSeconds = int(oauthConfig.Spec.TokenConfig.AccessTokenInactivityTimeout.Seconds()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can AccessTokenInactivityTimeout
be nil
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So based on the vendor bump I did its not... but the changed it recently in upstream.
I guess we shall bump again then :(
@spadgett rebased && comments addressed |
/retest |
1 similar comment
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
} else { | ||
if oauthConfig.Spec.TokenConfig.AccessTokenInactivityTimeout != nil { | ||
inactivityTimeoutSeconds = int(oauthConfig.Spec.TokenConfig.AccessTokenInactivityTimeout.Seconds()) | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
} else { | |
if oauthConfig.Spec.TokenConfig.AccessTokenInactivityTimeout != nil { | |
inactivityTimeoutSeconds = int(oauthConfig.Spec.TokenConfig.AccessTokenInactivityTimeout.Seconds()) | |
} | |
} | |
} else if oauthConfig.Spec.TokenConfig.AccessTokenInactivityTimeout != nil { | |
inactivityTimeoutSeconds = int(oauthConfig.Spec.TokenConfig.AccessTokenInactivityTimeout.Seconds()) | |
} |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jhadvig, spadgett The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
@jhadvig: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
We fetch the inactivity timeout first from the
accessTokenInactivityTimeoutSeconds
in theOAuthClient
. If thats not set we fetchaccessTokenInactivityTimeout
field fromOAuth
config. The inactivity timeout is stored in seconds.When the inactivity timeout is set, the console configmap will look:
story: https://issues.redhat.com/browse/CONSOLE-740
/assign @spadgett
cc'ing @stlaz