mirror of https://github.com/coder/coder.git
increase default max-token-duration (#6467)
This commit is contained in:
parent
87ed7a7dba
commit
ef2e86f309
|
@ -499,10 +499,11 @@ func newConfig() *codersdk.DeploymentConfig {
|
|||
Default: flag.Lookup("test.v") == nil && !buildinfo.IsDev(),
|
||||
},
|
||||
MaxTokenLifetime: &codersdk.DeploymentConfigField[time.Duration]{
|
||||
Name: "Max Token Lifetime",
|
||||
Usage: "The maximum lifetime duration users can specify when creating an API token.",
|
||||
Flag: "max-token-lifetime",
|
||||
Default: 24 * 30 * time.Hour,
|
||||
Name: "Max Token Lifetime",
|
||||
Usage: "The maximum lifetime duration users can specify when creating an API token.",
|
||||
Flag: "max-token-lifetime",
|
||||
// max time.Duration is 290 years
|
||||
Default: 290 * 365 * 24 * time.Hour,
|
||||
},
|
||||
Swagger: &codersdk.SwaggerConfig{
|
||||
Enable: &codersdk.DeploymentConfigField[bool]{
|
||||
|
|
|
@ -147,7 +147,7 @@ Flags:
|
|||
can specify when creating an API
|
||||
token.
|
||||
Consumes $CODER_MAX_TOKEN_LIFETIME
|
||||
(default 720h0m0s)
|
||||
(default 2540400h0m0s)
|
||||
--oauth2-github-allow-everyone Allow all logins, setting this
|
||||
option means allowed orgs and teams
|
||||
must be empty.
|
||||
|
|
|
@ -71,7 +71,7 @@ func TestTokenScoped(t *testing.T) {
|
|||
require.Equal(t, keys[0].Scope, codersdk.APIKeyScopeApplicationConnect)
|
||||
}
|
||||
|
||||
func TestTokenDuration(t *testing.T) {
|
||||
func TestUserSetTokenDuration(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
|
@ -89,7 +89,23 @@ func TestTokenDuration(t *testing.T) {
|
|||
require.Less(t, keys[0].ExpiresAt, time.Now().Add(time.Hour*8*24))
|
||||
}
|
||||
|
||||
func TestTokenMaxLifetime(t *testing.T) {
|
||||
func TestDefaultTokenDuration(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
client := coderdtest.New(t, nil)
|
||||
_ = coderdtest.CreateFirstUser(t, client)
|
||||
|
||||
_, err := client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{})
|
||||
require.NoError(t, err)
|
||||
keys, err := client.Tokens(ctx, codersdk.Me, codersdk.TokensFilter{})
|
||||
require.NoError(t, err)
|
||||
require.Greater(t, keys[0].ExpiresAt, time.Now().Add(time.Hour*29*24))
|
||||
require.Less(t, keys[0].ExpiresAt, time.Now().Add(time.Hour*31*24))
|
||||
}
|
||||
|
||||
func TestTokenUserSetMaxLifetime(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
|
@ -114,6 +130,31 @@ func TestTokenMaxLifetime(t *testing.T) {
|
|||
require.ErrorContains(t, err, "lifetime must be less")
|
||||
}
|
||||
|
||||
func TestTokenDefaultMaxLifetime(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
|
||||
defer cancel()
|
||||
dc := coderdtest.DeploymentConfig(t)
|
||||
client := coderdtest.New(t, &coderdtest.Options{
|
||||
DeploymentConfig: dc,
|
||||
})
|
||||
_ = coderdtest.CreateFirstUser(t, client)
|
||||
|
||||
// success
|
||||
_, err := client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{
|
||||
Lifetime: time.Hour * 24 * 365,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
// fail - default --max-token-lifetime is the maximum value of time.Duration
|
||||
// which is 24 * 365 * 290.
|
||||
_, err = client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{
|
||||
Lifetime: time.Hour * 24 * 366 * 290,
|
||||
})
|
||||
require.ErrorContains(t, err, "lifetime must be less")
|
||||
}
|
||||
|
||||
func TestSessionExpiry(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
|
|
|
@ -211,7 +211,7 @@ The maximum lifetime duration users can specify when creating an API token.
|
|||
| | |
|
||||
| --- | --- |
|
||||
| Consumes | <code>$CODER_MAX_TOKEN_LIFETIME</code> |
|
||||
| Default | <code>720h0m0s</code> |
|
||||
| Default | <code>2540400h0m0s</code> |
|
||||
|
||||
### --oauth2-github-allow-everyone
|
||||
|
||||
|
|
|
@ -8,6 +8,8 @@ curl -L https://coder.com/install.sh | sh
|
|||
# curl -L https://coder.com/install.sh | sh -s -- --version=0.x
|
||||
|
||||
# To create API tokens, use `coder tokens create`.
|
||||
# If no `--lifetime` flag is passed during creation, the default token lifetime
|
||||
# will be 30 days.
|
||||
# These variables are consumed by Coder
|
||||
export CODER_URL=https://coder.example.com
|
||||
export CODER_SESSION_TOKEN=*****
|
||||
|
@ -26,4 +28,4 @@ coder templates push --yes $CODER_TEMPLATE_NAME \
|
|||
> Looking for an example? See how we push our development image
|
||||
> and template [via GitHub actions](https://github.com/coder/coder/blob/main/.github/workflows/dogfood.yaml).
|
||||
|
||||
> To create tokens with over a 30 day lifetime, [configure Coder server to set a longer max token lifetime](../cli/coder_server#--max-token-lifetime)
|
||||
> To cap token lifetime on creation, [configure Coder server to set a shorter max token lifetime](../cli/coder_server#--max-token-lifetime)
|
||||
|
|
Loading…
Reference in New Issue