fix: set token ttl correctly in redis #766
Conversation
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
|
You can access the deployment of this PR at https://renku-ci-gw-766.dev.renku.ch |
Panaetius
force-pushed
the
fix-token-ttl
branch
from
5a4c825 to
6a1a31b
Compare
Panaetius
force-pushed
the
fix-token-ttl
branch
from
6a1a31b to
368ee15
Compare
Panaetius
had a problem deploying
to
renku-ci-gw-766
GitHub Actions
Failure
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
368ee15 to
40dea94
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
40dea94 to
c4ef65e
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
c4ef65e to
0bc86fb
Compare
Panaetius
had a problem deploying
to
renku-ci-gw-766
GitHub Actions
Failure
Panaetius
force-pushed
the
fix-token-ttl
branch
from
0bc86fb to
a065913
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
a065913 to
b59c6e1
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
b59c6e1 to
dfb2ed1
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
dfb2ed1 to
60bf5cb
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
60bf5cb to
5a095f3
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
5a095f3 to
7f16823
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
7f16823 to
eb9d769
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
Panaetius
force-pushed
the
fix-token-ttl
branch
from
eb9d769 to
6eced31
Compare
Panaetius
temporarily deployed
to
renku-ci-gw-766
GitHub Actions
Inactive
| func (*SessionStore) getTokenStorageExpiration(tokens models.AuthTokenSet, session models.Session) time.Time { | ||
| providerID := tokens.AccessToken.ProviderID | ||
| if providerID == "renku" || providerID == "gitlab" { | ||
| return time.Time{} |
There was a problem hiding this comment.
This change will break renku v1 if I understand it correctly.
There was a problem hiding this comment.
Forever tokens are needed for some v1 functionality.
There was a problem hiding this comment.
this is purely for redis expiration/ttl, not the live time of the token itself or anything like that.
There was a problem hiding this comment.
By doing this change, a TTL will be set on Keycloak and GitLab tokens, which some parts of renku v1 expect to be available forever (even if the user does no log in after session expiry). Feel free to run this as an experiment, but this is the reason redis is remembering tokens forever; I did not want to break renku v1 with the gateway refactor.
There was a problem hiding this comment.
So I am just adding this here after our discussion. The main issue is that SSH sessions would be affected if we started to evict tokens. Because for these users do not need to be logged in once they have started.
Panaetius
had a problem deploying
to
renku-ci-gw-766
GitHub Actions
Failure
|
Lets postpone this until we fully retire v1 sessions and all the v1 services. |
closes #765
/deploy #notest