Add control-plane token expiry #620
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Merged
addyess
reviewed
Aug 23, 2024
| @@ -9,10 +9,13 @@ import ( | |||
| "github.com/spf13/cobra" | |||
| ) | |||
|
|
|||
| const minTokenTTL = 3 * time.Second | |||
There was a problem hiding this comment.
ok, so you can't make a token that is valid for 2 seconds but 4 seconds is fine? Am i reading that right... no complaints just making sure i understand.
There was a problem hiding this comment.
So, I added this because we also do this for the timeout flag. My assumption was that this is done to avoid error if the user assumes a unit (e.g. seconds) and does not set them in the flag. However, it seems like this would just fail:
➜ sudo k8s get-join-token test --expires-in 10
Error: invalid argument "10" for "--expires-in" flag: time: missing unit in duration "10"
Usage:
k8s get-join-token <node-name> [flags]
Flags:
--expires-in duration the time until the token expires (default 24h0m0s)
-h, --help help for get-join-token
--timeout duration the max time to wait for the command to execute (default 1m30s)
--worker generate a join token for a worker node
So, I don't see a reason to actually have this check - removed it.
HomayoonAlimohammadi
approved these changes
Aug 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Microcluster v2 supports token TTL. This PR exposes this configuration option to the API/CLI.
Note that is only applicable for the control-plane tokens right now. Workers will be done in separate work (since we don't use microcluster for that it is more involved as we need to implement the logic ourselves).
This PR requires the (backward-compatible) update in the
k8s-snap-api.canonical/k8s-snap-api#5
Once this PR is reviewed and approved, I will merge the API change, create a new tag (
1.0.3) and update thisk8s-snapPR to use the new API version.