Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalidate and remove join tokens after use #207

Merged
merged 12 commits into from
Oct 11, 2021
Merged

Invalidate and remove join tokens after use #207

merged 12 commits into from
Oct 11, 2021

Conversation

kke
Copy link
Contributor

@kke kke commented Sep 8, 2021
edited
Loading

Fixes #45

The generated join tokens will always be invalidated after use

@kke kke added the enhancement New feature or request label Sep 8, 2021
@kke kke requested a review from jnummelin September 8, 2021 12:09
jnummelin
jnummelin reviewed Sep 9, 2021
View reviewed changes
phase/install_workers.go Outdated
@@ -60,12 +61,24 @@ func (p *InstallWorkers) Run() error {
return err
}

defer func() {
if err := p.leader.Exec(p.leader.Configurer.K0sCmdf("invalidate %s", token), exec.RedactString(token)); err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't this be something like:

p.leader.Exec(p.leader.Configurer.K0sCmdf("token invalidate %s", token), exec.RedactString(token))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes

@kke kke mentioned this pull request Sep 13, 2021
Closed
@kke
Copy link
Contributor Author

kke commented Sep 13, 2021

The token can't be invalidated using the token. Would need to know the token id, and that requires guessing.

@kke
Copy link
Contributor Author

kke commented Sep 21, 2021

Actually the ID may be in the beginning of the token if you base64-decode and gunzip it.

@kke
Copy link
Contributor Author

kke commented Sep 21, 2021

And so it is.

@kke kke changed the title Invalidate and remove join tokens after worker install is finished Invalidate and remove join tokens after use Sep 21, 2021
@kke kke requested a review from jnummelin September 28, 2021 10:09
@kke kke merged commit 51869b1 into main Oct 11, 2021
@kke kke deleted the token-cleanup branch October 11, 2021 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jnummelin jnummelin jnummelin approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clean up used and/or expired tokens
2 participants
@kke @jnummelin