New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-21626: Validate accessTokenInactivityTimeout >= 300s #3110
OCPBUGS-21626: Validate accessTokenInactivityTimeout >= 300s #3110
Conversation
@muraee: This pull request references Jira Issue OCPBUGS-21626, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Skipping CI for Draft Pull Request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/jira refresh |
@jparrill: This pull request references Jira Issue OCPBUGS-21626, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
api/v1beta1/hostedcluster_types.go
Outdated
@@ -2100,6 +2100,7 @@ type ClusterConfiguration struct { | |||
// It is used to configure the integrated OAuth server. | |||
// This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. | |||
// +optional | |||
// +kubebuilder:validation:XValidation:rule="duration(self.tokenConfig.accessTokenInactivityTimeout).getSeconds() >= 300", message="spec.configuration.oauth.tokenConfig.accessTokenInactivityTimeout minimum acceptable token timeout value is 300 seconds" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how's this being validated in standalone https://github.com/openshift/api/blob/master/config/v1/types_oauth.go#L76
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably using an admission webhook
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we validate that and link the source here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks!
@muraee: This pull request references Jira Issue OCPBUGS-21626, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.14 |
@muraee: once the present PR merges, I will cherry-pick it on top of release-4.14 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
0b6726b
to
f8aebb6
Compare
f8aebb6
to
fe3cbcc
Compare
/retest-required |
@muraee: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enxebre, muraee The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
@muraee: Jira Issue OCPBUGS-21626: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-21626 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@muraee: new pull request created: #3130 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Fix included in accepted release 4.15.0-0.nightly-2023-10-25-052621 |
What this PR does / why we need it:
Validates that accessTokenInactivityTimeout >= 300s, similar to Standalone https://github.com/openshift/kubernetes/blob/c0449761f4ad0c3a585990c26aea90a1dadb82cb/openshift-kube-apiserver/admission/customresourcevalidation/oauth/validate_idp.go#L75C1-L81
Which issue(s) this PR fixes (optional, use
fixes #<issue_number>(, fixes #<issue_number>, ...)
format, where issue_number might be a GitHub issue, or a Jira story:Fixes #OCPBUGS-21626
Checklist