Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update TTL for ACR auth token #29

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

lindhe
Copy link

@lindhe lindhe commented Nov 25, 2024

It seems like the ACR token for service principals has a TTL of 75 minutes, not 3 hours like it said in the documentation. This change updates the documentation to be accurate.

I'm using External Secrets to populate an imagePullSecret in Kubernetes with a token using the ACRAccessToken generator, using credentials for a Service Principal. I have configured the ACRAccessToken generator to refresh every 3 hours since that's the TTL that it said in the docs for "ACR authentication token" for a Service Principal:

ACR authentication token gets created upon login to the ACR, and is refreshed upon subsequent operations. The time to live for that token is 3 hours.

Yet, I'm finding that the tokens I get only have a TTL of 75 minutes:

$ kubectl get secret regcred -o jsonpath='{ .data.\.dockerconfigjson }' | base64 -d | jq -r '.auths."example.azurecr.io".password' | cut -d . -f 2 | base64 -d | jq '.nbf,.exp,.iat' | awk '{ print strftime("%Y-%m-%d %H:%M:%S", $1) }'
2024-11-25 08:15:08
2024-11-25 09:30:08
2024-11-25 08:15:08

So now I'm trying to understand if the documentation is wrong or if I found the wrong documentation. I'm noting that you use the term "authentication token", not "access token", so perhaps I'm looking at the wrong thing. Am I?

If I'm right, I think we should merge this PR to fix the documentation. If I'm wrong, do you have any idea where I can find the documentation for the ACR Access Token? 🙏

It seems like the ACR auth token for service principals has a TTL of 75 minutes, not 3 hours like it said in the documentation. This change updates the documentation to be accurate.
Copy link
Contributor

@lindhe : Thanks for your contribution! The author(s) have been notified to review your proposed change.

Copy link
Contributor

Learn Build status updates of commit 6d728d6:

✅ Validation status: passed

File Status Preview URL Details
articles/container-registry/container-registry-authentication.md ✅Succeeded

For more details, please refer to the build report.

For any questions, please:

@Court72
Copy link
Contributor

Court72 commented Nov 25, 2024

@tejaswikolli-web

Can you review the proposed changes?

Important: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator bot added the aq-pr-triaged C+L Pull Request Review Team label label Nov 25, 2024
@lindhe
Copy link
Author

lindhe commented Nov 25, 2024

Again, I want to emphasise: do not blindly merge this! I hope this is correct, but I do not know and need your help verifying it.

Copy link

github-actions bot commented Dec 9, 2024

This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions.
Get Help
Docs Support Teams Channel
Resolve Merge Conflict

@github-actions github-actions bot added the inactive This PR is inactive for more than 14 days label Dec 9, 2024
@lindhe
Copy link
Author

lindhe commented Dec 9, 2024

Ping

@github-actions github-actions bot removed the inactive This PR is inactive for more than 14 days label Dec 10, 2024
Copy link

This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions.
Get Help
Docs Support Teams Channel
Resolve Merge Conflict

@github-actions github-actions bot added the inactive This PR is inactive for more than 14 days label Dec 24, 2024
@lindhe
Copy link
Author

lindhe commented Dec 24, 2024

Ping

@github-actions github-actions bot removed the inactive This PR is inactive for more than 14 days label Dec 24, 2024
@v-dirichards
Copy link
Contributor

@tejaswikolli-web

Can you review this old PR and determine whether it needs to be closed or merged?

@MicrosoftDocs/public-repo-pr-review-team

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants