-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalidate and remove join tokens after use #207
Conversation
phase/install_workers.go
Outdated
@@ -60,12 +61,24 @@ func (p *InstallWorkers) Run() error { | |||
return err | |||
} | |||
|
|||
defer func() { | |||
if err := p.leader.Exec(p.leader.Configurer.K0sCmdf("invalidate %s", token), exec.RedactString(token)); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't this be something like:
p.leader.Exec(p.leader.Configurer.K0sCmdf("token invalidate %s", token), exec.RedactString(token))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes
The token can't be invalidated using the token. Would need to know the token id, and that requires guessing. |
Actually the ID may be in the beginning of the token if you base64-decode and gunzip it. |
And so it is. |
Fixes #45
The generated join tokens will always be invalidated after use