-
Notifications
You must be signed in to change notification settings - Fork 18.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Generate a swarm joining secret if none is specified
The current behavior of `docker swarm init` is to set up a swarm that has no secret for joining, and does not require manual acceptance for workers. Since workers may sometimes receive sensitive data such as pull credentials, it makes sense to harden the defaults. This change makes `docker swarm init` generate a random secret if none is provided, and print it to the terminal. This secret will be needed to join workers or managers to the swarm. In addition to improving access control to the cluster, this setup removes an avenue for denial-of-service attacks, since the secret is necessary to even create an entry in the node list. `docker swarm init --secret ""` will set up a swarm without a secret, matching the old behavior. `docker swarm update --secret ""` removes the automatically generated secret after `docker swarm init`. Closes #23785 Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
- Loading branch information
1 parent
ecc3cfe
commit 7342e42
Showing
8 changed files
with
84 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
package swarm | ||
|
||
import ( | ||
cryptorand "crypto/rand" | ||
"fmt" | ||
"math/big" | ||
) | ||
|
||
func generateRandomSecret() string { | ||
var secretBytes [generatedSecretEntropyBytes]byte | ||
|
||
if _, err := cryptorand.Read(secretBytes[:]); err != nil { | ||
panic(fmt.Errorf("failed to read random bytes: %v", err)) | ||
} | ||
|
||
var nn big.Int | ||
nn.SetBytes(secretBytes[:]) | ||
return fmt.Sprintf("%0[1]*s", maxGeneratedSecretLength, nn.Text(generatedSecretBase)) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters