1) Proposed title of this feature request: Support for granting temporary access to users. 3) What is the nature and description of the request? As a customer I want to give temporary access out to some users / service accounts by assigning maybe a token which is valid for a specified amount of time. 4) Why does the customer need this? (List the business requirements here) There are application support teams that need the ability to request temporary access, it is a standard that permanent admin access is not given out, only read-only. 5) How would the customer like to achieve this? (List the functional requirements here) A service account token or rolebinding timeout 8) Does the customer have any specific timeline dependencies? No, we have worked around the issue but are keen to do it native within OpenShift. 11) Would the customer be able to assist in testing this functionality if implemented? Yes.
This did not make 3.7, we'll see how to prioritize
Believe this was addressed with this PR: https://github.com/openshift/origin/pull/14784 Which allows overriding max access token age per OAuthClient. OAuthClient object gains a new field: accessTokenMaxAgeSeconds When absent, the master-config value is used When set to 0, tokens issued for that client do not expire When set to a value > 0, tokens issued for that client are given the specified expiration time
*** This bug has been marked as a duplicate of bug 1493903 ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days