Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitef2e86f

Browse files
authored
increase default max-token-duration (#6467)
1 parent87ed7a7 commitef2e86f

File tree

5 files changed

+53
-9
lines changed

5 files changed

+53
-9
lines changed

‎cli/deployment/config.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -499,10 +499,11 @@ func newConfig() *codersdk.DeploymentConfig {
499499
Default:flag.Lookup("test.v")==nil&&!buildinfo.IsDev(),
500500
},
501501
MaxTokenLifetime:&codersdk.DeploymentConfigField[time.Duration]{
502-
Name:"Max Token Lifetime",
503-
Usage:"The maximum lifetime duration users can specify when creating an API token.",
504-
Flag:"max-token-lifetime",
505-
Default:24*30*time.Hour,
502+
Name:"Max Token Lifetime",
503+
Usage:"The maximum lifetime duration users can specify when creating an API token.",
504+
Flag:"max-token-lifetime",
505+
// max time.Duration is 290 years
506+
Default:290*365*24*time.Hour,
506507
},
507508
Swagger:&codersdk.SwaggerConfig{
508509
Enable:&codersdk.DeploymentConfigField[bool]{

‎cli/testdata/coder_server_--help.golden

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ Flags:
147147
can specify when creating an API
148148
token.
149149
Consumes $CODER_MAX_TOKEN_LIFETIME
150-
(default720h0m0s)
150+
(default2540400h0m0s)
151151
--oauth2-github-allow-everyone Allow all logins, setting this
152152
option means allowed orgs and teams
153153
must be empty.

‎coderd/apikey_test.go

Lines changed: 43 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ func TestTokenScoped(t *testing.T) {
7171
require.Equal(t,keys[0].Scope,codersdk.APIKeyScopeApplicationConnect)
7272
}
7373

74-
funcTestTokenDuration(t*testing.T) {
74+
funcTestUserSetTokenDuration(t*testing.T) {
7575
t.Parallel()
7676

7777
ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)
@@ -89,7 +89,23 @@ func TestTokenDuration(t *testing.T) {
8989
require.Less(t,keys[0].ExpiresAt,time.Now().Add(time.Hour*8*24))
9090
}
9191

92-
funcTestTokenMaxLifetime(t*testing.T) {
92+
funcTestDefaultTokenDuration(t*testing.T) {
93+
t.Parallel()
94+
95+
ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)
96+
defercancel()
97+
client:=coderdtest.New(t,nil)
98+
_=coderdtest.CreateFirstUser(t,client)
99+
100+
_,err:=client.CreateToken(ctx,codersdk.Me, codersdk.CreateTokenRequest{})
101+
require.NoError(t,err)
102+
keys,err:=client.Tokens(ctx,codersdk.Me, codersdk.TokensFilter{})
103+
require.NoError(t,err)
104+
require.Greater(t,keys[0].ExpiresAt,time.Now().Add(time.Hour*29*24))
105+
require.Less(t,keys[0].ExpiresAt,time.Now().Add(time.Hour*31*24))
106+
}
107+
108+
funcTestTokenUserSetMaxLifetime(t*testing.T) {
93109
t.Parallel()
94110

95111
ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)
@@ -114,6 +130,31 @@ func TestTokenMaxLifetime(t *testing.T) {
114130
require.ErrorContains(t,err,"lifetime must be less")
115131
}
116132

133+
funcTestTokenDefaultMaxLifetime(t*testing.T) {
134+
t.Parallel()
135+
136+
ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)
137+
defercancel()
138+
dc:=coderdtest.DeploymentConfig(t)
139+
client:=coderdtest.New(t,&coderdtest.Options{
140+
DeploymentConfig:dc,
141+
})
142+
_=coderdtest.CreateFirstUser(t,client)
143+
144+
// success
145+
_,err:=client.CreateToken(ctx,codersdk.Me, codersdk.CreateTokenRequest{
146+
Lifetime:time.Hour*24*365,
147+
})
148+
require.NoError(t,err)
149+
150+
// fail - default --max-token-lifetime is the maximum value of time.Duration
151+
// which is 24 * 365 * 290.
152+
_,err=client.CreateToken(ctx,codersdk.Me, codersdk.CreateTokenRequest{
153+
Lifetime:time.Hour*24*366*290,
154+
})
155+
require.ErrorContains(t,err,"lifetime must be less")
156+
}
157+
117158
funcTestSessionExpiry(t*testing.T) {
118159
t.Parallel()
119160

‎docs/cli/coder_server.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,7 @@ The maximum lifetime duration users can specify when creating an API token.
211211
|||
212212
| ---| ---|
213213
| Consumes| <code>$CODER_MAX_TOKEN_LIFETIME</code>|
214-
| Default| <code>720h0m0s</code>|
214+
| Default| <code>2540400h0m0s</code>|
215215

216216
###--oauth2-github-allow-everyone
217217

‎docs/templates/change-management.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ curl -L https://coder.com/install.sh | sh
88
#curl -L https://coder.com/install.sh| sh -s -- --version=0.x
99

1010
#To create API tokens, use`coder tokens create`.
11+
#If no`--lifetime` flag is passed during creation, the default token lifetime
12+
#will be 30 days.
1113
#These variables are consumed by Coder
1214
export CODER_URL=https://coder.example.com
1315
export CODER_SESSION_TOKEN=*****
@@ -26,4 +28,4 @@ coder templates push --yes $CODER_TEMPLATE_NAME \
2628
>Looking for an example? See how we push our development image
2729
>and template[via GitHub actions](https://github.com/coder/coder/blob/main/.github/workflows/dogfood.yaml).
2830
29-
>Tocreate tokens with over a 30 day lifetime,[configure Coder server to set alonger max token lifetime](../cli/coder_server#--max-token-lifetime)
31+
>Tocap token lifetime on creation,[configure Coder server to set ashorter max token lifetime](../cli/coder_server#--max-token-lifetime)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp