Ephemeral keys can now be reusable and non-reusable

Fixes the issue reported in #1712. In Tailscale SaaS, ephemeral keys can be single-user or reusable. Until now, our ephemerals were only reusable. This PR makes us adhere to the .com behaviour.
This commit is contained in:
Juan Font 2024-03-03 10:11:10 +00:00
parent e15a08326c
commit a244eabd03
3 changed files with 38 additions and 12 deletions

View file

@ -107,13 +107,6 @@ var listPreAuthKeys = &cobra.Command{
expiration = ColourTime(key.GetExpiration().AsTime()) expiration = ColourTime(key.GetExpiration().AsTime())
} }
var reusable string
if key.GetEphemeral() {
reusable = "N/A"
} else {
reusable = fmt.Sprintf("%v", key.GetReusable())
}
aclTags := "" aclTags := ""
for _, tag := range key.GetAclTags() { for _, tag := range key.GetAclTags() {
@ -125,7 +118,7 @@ var listPreAuthKeys = &cobra.Command{
tableData = append(tableData, []string{ tableData = append(tableData, []string{
key.GetId(), key.GetId(),
key.GetKey(), key.GetKey(),
reusable, strconv.FormatBool(key.GetReusable()),
strconv.FormatBool(key.GetEphemeral()), strconv.FormatBool(key.GetEphemeral()),
strconv.FormatBool(key.GetUsed()), strconv.FormatBool(key.GetUsed()),
expiration, expiration,

View file

@ -196,7 +196,7 @@ func ValidatePreAuthKey(tx *gorm.DB, k string) (*types.PreAuthKey, error) {
return nil, ErrPreAuthKeyExpired return nil, ErrPreAuthKeyExpired
} }
if pak.Reusable || pak.Ephemeral { // we don't need to check if has been used before if pak.Reusable { // we don't need to check if has been used before
return &pak, nil return &pak, nil
} }

View file

@ -123,7 +123,41 @@ func (*Suite) TestNotReusableNotBeingUsedKey(c *check.C) {
c.Assert(key.ID, check.Equals, pak.ID) c.Assert(key.ID, check.Equals, pak.ID)
} }
func (*Suite) TestEphemeralKey(c *check.C) { func (*Suite) TestEphemeralKeyReusable(c *check.C) {
user, err := db.CreateUser("test7")
c.Assert(err, check.IsNil)
pak, err := db.CreatePreAuthKey(user.Name, true, true, nil, nil)
c.Assert(err, check.IsNil)
now := time.Now().Add(-time.Second * 30)
node := types.Node{
ID: 0,
Hostname: "testest",
UserID: user.ID,
RegisterMethod: util.RegisterMethodAuthKey,
LastSeen: &now,
AuthKeyID: uint(pak.ID),
}
db.DB.Save(&node)
_, err = db.ValidatePreAuthKey(pak.Key)
c.Assert(err, check.IsNil)
_, err = db.getNode("test7", "testest")
c.Assert(err, check.IsNil)
db.DB.Transaction(func(tx *gorm.DB) error {
ExpireEphemeralNodes(tx, time.Second*20)
return nil
})
// The machine record should have been deleted
_, err = db.getNode("test7", "testest")
c.Assert(err, check.NotNil)
}
func (*Suite) TestEphemeralKeyNotReusable(c *check.C) {
user, err := db.CreateUser("test7") user, err := db.CreateUser("test7")
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)
@ -142,8 +176,7 @@ func (*Suite) TestEphemeralKey(c *check.C) {
db.DB.Save(&node) db.DB.Save(&node)
_, err = db.ValidatePreAuthKey(pak.Key) _, err = db.ValidatePreAuthKey(pak.Key)
// Ephemeral keys are by definition reusable c.Assert(err, check.NotNil)
c.Assert(err, check.IsNil)
_, err = db.getNode("test7", "testest") _, err = db.getNode("test7", "testest")
c.Assert(err, check.IsNil) c.Assert(err, check.IsNil)