IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Add expiry date for service accounts access tokens (#58885)

Browse Source 
* Add new configuration option for SA tokens

* Add new expiry date option to frontend components

* Add backend validation


Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
This commit is contained in:
linoman
2022-11-22 10:08:40 +01:00
committed by GitHub
parent c1eabb893f
commit f8f61c1a69
10 changed files with 67 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/services/serviceaccounts/api/token.go
View File

@@ -160,6 +160,14 @@ func (api *ServiceAccountsAPI) CreateToken(c *models.ReqContext) response.Respon
}
}
if api.cfg.SATokenExpirationDayLimit > 0 {
dayExpireLimit := time.Now().Add(time.Duration(api.cfg.SATokenExpirationDayLimit) * time.Hour * 24).Truncate(24 * time.Hour)
expirationDate := time.Now().Add(time.Duration(cmd.SecondsToLive) * time.Second).Truncate(24 * time.Hour)
if expirationDate.After(dayExpireLimit) {
return response.Respond(http.StatusBadRequest, "The expiration date input exceeds the limit for service account access tokens expiration date")
}
}
newKeyInfo, err := apikeygenprefix.New(ServiceID)
if err != nil {
return response.Error(http.StatusInternalServerError, "Generating service account token failed", err)