Bug 1384946 - Prevent usage of service account OAuth tokens for external access
Summary: Prevent usage of service account OAuth tokens for external access
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Mo
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-14 12:03 UTC by Jaspreet Kaur
Modified: 2020-12-14 07:48 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-10-26 15:36:30 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jaspreet Kaur 2016-10-14 12:03:41 UTC 
3. What is the nature and description of the request?

 Prevent usage of service account OAuth tokens for external access

4. Why does the customer need this? (List the business requirements here)

 
Service account tokens currently have no validity period. This is troublesome from a security point of view, because it allows a user to copy such a token, and use it from outside of the platform. While in some cases this is justified, for most cases, for cases where it is not identified as OK, it should be prevented. Otherwise, even people that leave the company could keep using such a token for access to the platform.

5. How would the customer like to achieve this? (List the functional requirements here)

 We would like to maintain a whitelist (to be defined by the administrator) of service accounts which can access the platform from externally (to the platform).

6. For each functional requirement listed in question 5, specify how Red Hat

and the customer can test to confirm the requirement is successfully implemented.

 yes
Note You need to log in before you can comment on or make changes to this bug.