OCPBUGS-21626: Validate accessTokenInactivityTimeout >= 300s

[muraee]

What this PR does / why we need it:
Validates that accessTokenInactivityTimeout >= 300s, similar to Standalone https://github.com/openshift/kubernetes/blob/c0449761f4ad0c3a585990c26aea90a1dadb82cb/openshift-kube-apiserver/admission/customresourcevalidation/oauth/validate_idp.go#L75C1-L81

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #OCPBUGS-21626

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

[openshift-ci-robot]

@muraee: This pull request references Jira Issue OCPBUGS-21626, which is invalid:

• expected the bug to target the "4.15.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #OCPBUGS-21626

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[jparrill]

/lgtm

[jparrill]

/jira refresh

[openshift-ci-robot]

@jparrill: This pull request references Jira Issue OCPBUGS-21626, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.15.0) matches configured target version for branch (4.15.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[enxebre]

how's this being validated in standalone https://github.com/openshift/api/blob/master/config/v1/types_oauth.go#L76

[muraee]

probably using an admission webhook

[enxebre]

can we validate that and link the source here?

[muraee]

https://github.com/openshift/kubernetes/blob/c0449761f4ad0c3a585990c26aea90a1dadb82cb/openshift-kube-apiserver/admission/customresourcevalidation/oauth/validate_idp.go#L75C1-L81

[enxebre]

thanks!

[openshift-ci-robot]

@muraee: This pull request references Jira Issue OCPBUGS-21626, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.15.0) matches configured target version for branch (4.15.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

In response to this:

What this PR does / why we need it:
Validates that accessTokenInactivityTimeout >= 300s, similar to Standalone https://github.com/openshift/kubernetes/blob/c0449761f4ad0c3a585990c26aea90a1dadb82cb/openshift-kube-apiserver/admission/customresourcevalidation/oauth/validate_idp.go#L75C1-L81

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #OCPBUGS-21626

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[muraee]

/cherry-pick release-4.14

[openshift-cherrypick-robot]

@muraee: once the present PR merges, I will cherry-pick it on top of release-4.14 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[sjenning]

/retest-required

[openshift-ci]

@muraee: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-ibmcloud-roks	fe3cbcc	link	false	/test e2e-ibmcloud-roks
ci/prow/e2e-ibmcloud-iks	fe3cbcc	link	false	/test e2e-ibmcloud-iks

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[enxebre]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enxebre, muraee

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [enxebre]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sjenning]

/lgtm

[openshift-ci-robot]

@muraee: Jira Issue OCPBUGS-21626: All pull requests linked via external trackers have merged:

• openshift/hypershift#3110

Jira Issue OCPBUGS-21626 has been moved to the MODIFIED state.

In response to this:

What this PR does / why we need it:
Validates that accessTokenInactivityTimeout >= 300s, similar to Standalone https://github.com/openshift/kubernetes/blob/c0449761f4ad0c3a585990c26aea90a1dadb82cb/openshift-kube-apiserver/admission/customresourcevalidation/oauth/validate_idp.go#L75C1-L81

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #OCPBUGS-21626

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-cherrypick-robot]

@muraee: new pull request created: #3130

In response to this:

/cherry-pick release-4.14

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-merge-robot]

Fix included in accepted release 4.15.0-0.nightly-2023-10-25-052621