Ephemeral keys can now be reusable and non-reusable
Fixes the issue reported in #1712. In Tailscale SaaS, ephemeral keys can be single-user or reusable. Until now, our ephemerals were only reusable. This PR makes us adhere to the .com behaviour.
This commit is contained in:
parent
e15a08326c
commit
a244eabd03
3 changed files with 38 additions and 12 deletions
|
@ -107,13 +107,6 @@ var listPreAuthKeys = &cobra.Command{
|
||||||
expiration = ColourTime(key.GetExpiration().AsTime())
|
expiration = ColourTime(key.GetExpiration().AsTime())
|
||||||
}
|
}
|
||||||
|
|
||||||
var reusable string
|
|
||||||
if key.GetEphemeral() {
|
|
||||||
reusable = "N/A"
|
|
||||||
} else {
|
|
||||||
reusable = fmt.Sprintf("%v", key.GetReusable())
|
|
||||||
}
|
|
||||||
|
|
||||||
aclTags := ""
|
aclTags := ""
|
||||||
|
|
||||||
for _, tag := range key.GetAclTags() {
|
for _, tag := range key.GetAclTags() {
|
||||||
|
@ -125,7 +118,7 @@ var listPreAuthKeys = &cobra.Command{
|
||||||
tableData = append(tableData, []string{
|
tableData = append(tableData, []string{
|
||||||
key.GetId(),
|
key.GetId(),
|
||||||
key.GetKey(),
|
key.GetKey(),
|
||||||
reusable,
|
strconv.FormatBool(key.GetReusable()),
|
||||||
strconv.FormatBool(key.GetEphemeral()),
|
strconv.FormatBool(key.GetEphemeral()),
|
||||||
strconv.FormatBool(key.GetUsed()),
|
strconv.FormatBool(key.GetUsed()),
|
||||||
expiration,
|
expiration,
|
||||||
|
|
|
@ -196,7 +196,7 @@ func ValidatePreAuthKey(tx *gorm.DB, k string) (*types.PreAuthKey, error) {
|
||||||
return nil, ErrPreAuthKeyExpired
|
return nil, ErrPreAuthKeyExpired
|
||||||
}
|
}
|
||||||
|
|
||||||
if pak.Reusable || pak.Ephemeral { // we don't need to check if has been used before
|
if pak.Reusable { // we don't need to check if has been used before
|
||||||
return &pak, nil
|
return &pak, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -123,7 +123,41 @@ func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) {
|
||||||
c.Assert(key.ID, check.Equals, pak.ID)
|
c.Assert(key.ID, check.Equals, pak.ID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*Suite) TestEphemeralKey(c *check.C) {
|
func (*Suite) TestEphemeralKeyReusable(c *check.C) {
|
||||||
|
user, err := db.CreateUser("test7")
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
pak, err := db.CreatePreAuthKey(user.Name, true, true, nil, nil)
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
now := time.Now().Add(-time.Second * 30)
|
||||||
|
node := types.Node{
|
||||||
|
ID: 0,
|
||||||
|
Hostname: "testest",
|
||||||
|
UserID: user.ID,
|
||||||
|
RegisterMethod: util.RegisterMethodAuthKey,
|
||||||
|
LastSeen: &now,
|
||||||
|
AuthKeyID: uint(pak.ID),
|
||||||
|
}
|
||||||
|
db.DB.Save(&node)
|
||||||
|
|
||||||
|
_, err = db.ValidatePreAuthKey(pak.Key)
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
_, err = db.getNode("test7", "testest")
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
db.DB.Transaction(func(tx *gorm.DB) error {
|
||||||
|
ExpireEphemeralNodes(tx, time.Second*20)
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
|
||||||
|
// The machine record should have been deleted
|
||||||
|
_, err = db.getNode("test7", "testest")
|
||||||
|
c.Assert(err, check.NotNil)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (*Suite) TestEphemeralKeyNotReusable(c *check.C) {
|
||||||
user, err := db.CreateUser("test7")
|
user, err := db.CreateUser("test7")
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
@ -142,8 +176,7 @@ func (*Suite) TestEphemeralKey(c *check.C) {
|
||||||
db.DB.Save(&node)
|
db.DB.Save(&node)
|
||||||
|
|
||||||
_, err = db.ValidatePreAuthKey(pak.Key)
|
_, err = db.ValidatePreAuthKey(pak.Key)
|
||||||
// Ephemeral keys are by definition reusable
|
c.Assert(err, check.NotNil)
|
||||||
c.Assert(err, check.IsNil)
|
|
||||||
|
|
||||||
_, err = db.getNode("test7", "testest")
|
_, err = db.getNode("test7", "testest")
|
||||||
c.Assert(err, check.IsNil)
|
c.Assert(err, check.IsNil)
|
||||||
|
|
Loading…
Reference in a new issue