feat(setting): add validation for auth-user-session-idle-ttl-minutes

[alegrey91]

Issue: rancher/rancher#45931

This depends on: rancher/rancher#48778 to be merged and refers to the following RFC: https://docs.google.com/document/d/1jN2faXl9FEb2E_9Ohm7uBrrVwuwnIj4HORiL4Wb9Udw/edit?tab=t.0
This PR adds validation functionality to the webhook, for a new user attribute: auth-user-session-idle-ttl-minutes.
This parameter differs from the existing auth-user-session-ttl-minutes as the former tracks UI activity such as mouse clicks and keystrokes, while the latter is a timer for user session.

Problem

Rancher has auth-user-session-ttl-minutes to set a max length a UI session (16hrs) can last, where has user is idle for a specific time and come back still session is valid now. i.e., There is no configurable parameter to set the idle session timeout.

Solution

For rancher/webhook I developed the validation function to be added to the validating webhook.
This will validate the user input for auth-user-session-idle-ttl-minutes, the new configurable parameter to set the idle session duration on the UI.

How to test it

Prerequisites: k3d running, with rancher instance up.
Build the branch:

make

Setup ngrok as follow:

ngrok http https://localhost:9443

Export the variables needed by the webhook and run it:

export KUBECONFIG=<rancher_kube_config>
export CATTLE_WEBHOOK_URL="https://<NGROK_URL>.ngrok.io"
./bin/webhook

Check with kubectl that the webhook is behaving in the right way, by changing the value field randomly:

kubectl edit settings auth-user-session-idle-ttl-minutes

CheckList

• Test
• Docs

[JonCrowther]

Functionally looks good, just a comment and test change

[crobby]

Super tiny nit and a non-blocking question.
lgtm. very straightforward