fix: there is a bug with force_revocable, disable for now

[TJM]

Temporarily disable force_revocable and token expiration. Found a problem. See Issue #50

[TJM]

Manual Testing

[tmcneely@local artifactory-secrets-plugin]$ vault read artifactory/token/test
Key                Value
---                -----
lease_id           artifactory/token/test/atIsYL9F7XzxJ6gS9OtU1kz4
lease_duration     2h
lease_renewable    true
access_token       eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJyRHlWeHZiZ1BqS0pLUE1zUnRfdUlzZC1ESmZCY3k2RDRIUlh1eXgtRmU4In0.eyJzdWIiOiJqZmFjQDAxZ3Zla2FyaDgycm1nMG5jbXlqZXMxYzY0XC91c2Vyc1wvdi10ZXN0LW5pcGV2YTA2Iiwic2NwIjoiYXBwbGllZC1wZXJtaXNzaW9uc1wvZ3JvdXBzOnJlYWRlcnMiLCJhdWQiOiIqQCoiLCJpc3MiOiJqZmFjQDAxZ3Zla2FyaDgycm1nMG5jbXlqZXMxYzY0IiwiaWF0IjoxNjc4NzQ5OTM3LCJqdGkiOiI2YmM3NmJjYS02ZjU5LTQ1YmUtOGE3My1hMmJiNTQ2MTljMTMifQ.FS4-vGhTnmCnNM2reoP5A4i-iIQosgHcLJZNVTrfjz7C5pbPCwVffEVclK5xLegFATC9Kod5rjNVCFPuxn7w5MNHuVX6jOmXlghdllDbCCI_2Obr0V-VoyZ8ttSimHyLo9LUv62oB9yfF0pUjulVBd-IofESLpyHLwDNMErjsxiFF4r9Eo1nsXACanoBV_dGNAI_ydG9iWqYQ-JmyUcTcNOXosiTQfpC5Dk8GmZhwlBc7A9y34YijHpBK_HaOio7u31fLjLeEf47Xibp88uIC7g6Jo1hGXaweX0g5FqnmZc9a0Cx2_V8oy8y2x2215i-pFxchZr9-Q5v6XGUfJBKqg
role               test
scope              applied-permissions/groups:readers
token_id           6bc76bca-6f59-45be-8a73-a2bb54619c13
username           v-test-nIpeVA06
[tmcneely@local artifactory-secrets-plugin]$ vault lease revoke artifactory/token/test/atIsYL9F7XzxJ6gS9OtU1kz4
All revocation operations queued successfully!

2023-03-13T17:25:25.897-0600 [INFO]  core: successfully reloaded plugin: plugin=artifactory path=artifactory/ version=""
2023-03-13T17:25:58.000-0600 [INFO]  expiration: revoked lease: lease_id=artifactory/token/test/atIsYL9F7XzxJ6gS9OtU1kz4

It is also gone from the JFrog GUI, but lets test to verify:

[tmcneely@local artifactory-secrets-plugin]$ curl -H 'Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJyRHlWeHZiZ1BqS0pLUE1zUnRfdUlzZC1ESmZCY3k2RDRIUlh1eXgtRmU4In0.eyJzdWIiOiJqZmFjQDAxZ3Zla2FyaDgycm1nMG5jbXlqZXMxYzY0XC91c2Vyc1wvdi10ZXN0LW5pcGV2YTA2Iiwic2NwIjoiYXBwbGllZC1wZXJtaXNzaW9uc1wvZ3JvdXBzOnJlYWRlcnMiLCJhdWQiOiIqQCoiLCJpc3MiOiJqZmFjQDAxZ3Zla2FyaDgycm1nMG5jbXlqZXMxYzY0IiwiaWF0IjoxNjc4NzQ5OTM3LCJqdGkiOiI2YmM3NmJjYS02ZjU5LTQ1YmUtOGE3My1hMmJiNTQ2MTljMTMifQ.FS4-vGhTnmCnNM2reoP5A4i-iIQosgHcLJZNVTrfjz7C5pbPCwVffEVclK5xLegFATC9Kod5rjNVCFPuxn7w5MNHuVX6jOmXlghdllDbCCI_2Obr0V-VoyZ8ttSimHyLo9LUv62oB9yfF0pUjulVBd-IofESLpyHLwDNMErjsxiFF4r9Eo1nsXACanoBV_dGNAI_ydG9iWqYQ-JmyUcTcNOXosiTQfpC5Dk8GmZhwlBc7A9y34YijHpBK_HaOio7u31fLjLeEf47Xibp88uIC7g6Jo1hGXaweX0g5FqnmZc9a0Cx2_V8oy8y2x2215i-pFxchZr9-Q5v6XGUfJBKqg' http://localhost:8082/artifactory/api/system/version
{
  "errors" : [ {
    "status" : 401,
    "message" : "Token failed verification: revoked"
  } ]
}%    

Perfect.

[alexhung]

@TJM I received a GitHub security alert for the token in the comment above. See https://github.com/jfrog/vault-plugin-secrets-artifactory/security/secret-scanning.

Can you confirm that the token has been revoked? If so, I can close these alerts.

[TJM]

Yes, besides it was a local docker Artifactory that has been gone for a long time.

On Thu, Jun 15, 2023 at 10:39 AM Alex Hung @.***> wrote:

@TJM https://github.com/TJM I received a GitHub security alert for the token in the comment above. See https://github.com/jfrog/vault-plugin-secrets-artifactory/security/secret-scanning .

Can you confirm that the token has been revoked? If so, I can close these alerts.

— Reply to this email directly, view it on GitHub https://github.com/jfrog/vault-plugin-secrets-artifactory/pull/51#issuecomment-1593393788, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMQWZBPSLC4FEKVDUJZ5SLXLM3FFANCNFSM6AAAAAAVZWYSAY . You are receiving this because you were mentioned.Message ID: @.***>

[alexhung]

@TJM Just want to be double sure before I close those alert 😄

Yes, besides it was a local docker Artifactory that has been gone for a long time.