Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acl: add token expiry checking to ACL token resolution. #13756

Merged
merged 1 commit into from
Jul 15, 2022
Merged

acl: add token expiry checking to ACL token resolution. #13756

merged 1 commit into from
Jul 15, 2022

Conversation

jrasell
Copy link
Member

@jrasell jrasell commented Jul 14, 2022

This commit adds basic expiry checking when performing ACL token
resolution. This expiry checking is local to each server and does
not at this time take into account potential time skew on server
hosts.

A new error message has been created so clients whose token has
expired get a clear message, rather than a generic token not
found.

The ACL resolution tests have been refactored into table driven
tests, so additions are easier in the future.

This is the simpler of two potential approaches, the second of
which I will raise an issue to track as a potential future
enhancement. This followup includes a new leader loop that watches
for ACL token table changes and maintains a heap of expiring tokens
so that the leader can set expiry authoritatively. There is significant
overhead in this approach that needs to be researched and
considered.

related: #13120
targets: feature branch

@jrasell
acl: add token expiry checking to ACL token resolution.
1881834 
This commit adds basic expiry checking when performing ACL token
resolution. This expiry checking is local to each server and does
not at this time take into account potential time skew on server
hosts.

A new error message has been created so clients whose token has
expired get a clear message, rather than a generic token not
found.

The ACL resolution tests have been refactored into table driven
tests, so additions are easier in the future.
@jrasell jrasell added this to the 1.4.0 milestone Jul 14, 2022
@jrasell jrasell self-assigned this Jul 14, 2022
shoenig
shoenig approved these changes Jul 14, 2022
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jrasell jrasell merged commit ee2e7d1 into f-gh-13120-acl-token-expiration Jul 15, 2022
@jrasell jrasell deleted the f-gh-1312-acl-expiry-checking branch July 15, 2022 13:20
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shoenig shoenig shoenig approved these changes

@lgfa29 lgfa29 lgfa29 approved these changes

@schmichael schmichael Awaiting requested review from schmichael

Assignees

@jrasell jrasell

Labels
None yet
Projects
None yet
Milestone
1.4.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jrasell @shoenig @lgfa29