Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat!: add --default-token-lifetime#14631

Merged
ethanndickson merged 1 commit intomainfrom
09-10-chore_make_cli_session_keys_respect_--session-duration_
Sep 18, 2024
Merged

feat!: add --default-token-lifetime#14631
ethanndickson merged 1 commit intomainfrom
09-10-chore_make_cli_session_keys_respect_--session-duration_

Conversation

@ethanndickson
Copy link
Copy Markdown
Member

@ethanndickson ethanndickson commented Sep 10, 2024
edited
Loading

Closes #13990.

Adds a new deployment value that influences the lifetime of tokens created via:

  • /users/{user}/keys [post] - Used by /cli-auth
  • /users/{user}/keys/tokens [post] - Used by Tokens page in web UI settings, and coder tokens create.

The default value of this option is 7 days, to retain the existing TTL for /cli-auth tokens.

Of note is that the web UI and coder tokens create supply default values when calling /tokens [post].

Therefore, the only breaking change in this PR is for tokens created by directly calling /users/{user}/keys/tokens [post] without a lifetime in the request body. The default TTL for these tokens is 7 days, down from 30. Users calling this endpoint directly should already be specifying a lifetime, so this is unlikely to break any existing workflows.

The tokens returned by /users/{user}/keys [post] are still refreshed with activity, unless --disable-session-expiry-refresh is set.

@ethanndickson Graphite App
Copy link
Copy Markdown
Member Author

ethanndickson commented Sep 10, 2024

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @ethanndickson and the rest of your teammates on Graphite Graphite

@ethanndickson ethanndickson force-pushed the 09-10-chore_make_cli_session_keys_respect_--session-duration_ branch from 2d3f8f4 to 5f56829 Compare September 10, 2024 08:51
@bpmct
Copy link
Copy Markdown
Member

bpmct commented Sep 11, 2024

nice. we will definitely want to label this as a breaking change in our changelog. a couple of questions?

  1. how is expiry handled? i'm assuming these are also automatically refreshed?
  2. any thoughts on whether we should deprecate this flag in favor of a more cohesive server flag to avoid breaking any existing behaviors? i'm not super concerned about it but I also haven't spent a ton of time considering consequences

cc @stirby as I'll be PTO for the rest of this week

@ethanndickson
Copy link
Copy Markdown
Member Author

ethanndickson commented Sep 11, 2024
edited
Loading

Yep, they get refreshed with activity, and I wrote a test to confirm that's the case. The only behaviour I'm worried about breaking is that with the default duration you'll end up needing to login your CLI every work-week. Currently you'd need to take a week off for your session to expire.
I think if we label this appropriately in the changelog, deployment admins will pick up on that potential annoyance, and adjust.

Approach changed.

@ethanndickson ethanndickson changed the title chore: make cli session keys respect --session-duration chore!: make cli session keys respect --session-duration Sep 11, 2024
@ethanndickson ethanndickson marked this pull request as ready for review September 13, 2024 07:26
@mafredri mafredri changed the title chore!: make cli session keys respect --session-duration chore!: make cli session keys respect --session-duration_ Sep 13, 2024
@github-actions github-actions Bot added the release/breaking This label is applied to PRs to detect breaking changes as part of the release process label Sep 13, 2024
@mafredri mafredri changed the title chore!: make cli session keys respect --session-duration_ chore!: make cli session keys respect --session-duration Sep 13, 2024
@mafredri
Copy link
Copy Markdown
Member

mafredri commented Sep 13, 2024
edited
Loading

Sorry for the PR rename, wanted to check if this fixed the release labels: #14664 (it did). (Edit: Actually, #14667 was the cause.)

@ethanndickson ethanndickson force-pushed the 09-10-chore_make_cli_session_keys_respect_--session-duration_ branch from 5f56829 to b691a47 Compare September 18, 2024 07:52
@ethanndickson ethanndickson changed the title chore!: make cli session keys respect --session-duration feat!: add --default-token-lifetime Sep 18, 2024
@ethanndickson ethanndickson force-pushed the 09-10-chore_make_cli_session_keys_respect_--session-duration_ branch from b691a47 to 67e03fa Compare September 18, 2024 08:08
@ethanndickson ethanndickson force-pushed the 09-10-chore_make_cli_session_keys_respect_--session-duration_ branch from 67e03fa to 43477bf Compare September 18, 2024 08:19
deansheather
deansheather approved these changes Sep 18, 2024
View reviewed changes
Comment thread coderd/apikey_test.go Outdated
@ethanndickson ethanndickson force-pushed the 09-10-chore_make_cli_session_keys_respect_--session-duration_ branch from 43477bf to c969613 Compare September 18, 2024 11:02
@ethanndickson ethanndickson merged commit fccf6f1 into main Sep 18, 2024
@ethanndickson ethanndickson deleted the 09-10-chore_make_cli_session_keys_respect_--session-duration_ branch September 18, 2024 11:23
@github-actions github-actions Bot locked and limited conversation to collaborators Sep 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@deansheather deansheather deansheather approved these changes

@stirby stirby Awaiting requested review from stirby

Assignees

@ethanndickson ethanndickson

Labels

release/breaking This label is applied to PRs to detect breaking changes as part of the release process

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow a configurable default TTL to tokens generated by coder login

4 participants

@ethanndickson @bpmct @mafredri @deansheather