Skip to content

The BreakglassSession CRD should contain idle timeout and last used fields. #8

New issue
New issue
Open
Open
The BreakglassSession CRD should contain idle timeout and last used fields.#8
Labels
enhancementNew feature or requestnicetohaveA label for optional features that are not crucial for system functional requirements.
@bazko1

Description

@bazko1
bazko1
opened on Dec 20, 2024

To be reconsidered if required and if could be handled in some smart tricky manner.

Feature description:

  • Breakglass system operators would like to have an insight when specific session group was last time used.
  • Approved session (group) that was not used for defined period of time should be revoked for new approval procedure.

Blocks:

  • k auth can-i allows multiple groups checks (multiple --as-group params) so we can perform single check for all BreakglasSessions this limits number of RBAC check calls, but if access in approved we do not know specifically which group
  • Without this feature the webhook call could only trigger read operation on BreakglassSession CRDs this will force to perform write and update CRD status.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestnicetohaveA label for optional features that are not crucial for system functional requirements.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions