Skip to content

Commit

Permalink
Add control-plane token expiry (#620)
Browse files Browse the repository at this point in the history
  • Loading branch information
bschimke95 authored Aug 26, 2024
1 parent a1dc288 commit 84551b1
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 12 deletions.
7 changes: 4 additions & 3 deletions docs/src/_parts/commands/k8s_get-join-token.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@ k8s get-join-token <node-name> [flags]
### Options

```
-h, --help help for get-join-token
--timeout duration the max time to wait for the command to execute (default 1m30s)
--worker generate a join token for a worker node
--expires-in duration the time until the token expires (default 24h0m0s)
-h, --help help for get-join-token
--timeout duration the max time to wait for the command to execute (default 1m30s)
--worker generate a join token for a worker node
```

### SEE ALSO
Expand Down
5 changes: 4 additions & 1 deletion src/k8s/cmd/k8s/k8s_get_join_token.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ func newGetJoinTokenCmd(env cmdutil.ExecutionEnvironment) *cobra.Command {
var opts struct {
worker bool
timeout time.Duration
ttl time.Duration
}
cmd := &cobra.Command{
Use: "get-join-token <node-name>",
Expand All @@ -39,7 +40,7 @@ func newGetJoinTokenCmd(env cmdutil.ExecutionEnvironment) *cobra.Command {

ctx, cancel := context.WithTimeout(cmd.Context(), opts.timeout)
cobra.OnFinalize(cancel)
token, err := client.GetJoinToken(ctx, apiv1.GetJoinTokenRequest{Name: name, Worker: opts.worker})
token, err := client.GetJoinToken(ctx, apiv1.GetJoinTokenRequest{Name: name, Worker: opts.worker, TTL: opts.ttl})
if err != nil {
cmd.PrintErrf("Error: Could not generate a join token for %q.\n\nThe error was: %v\n", name, err)
env.Exit(1)
Expand All @@ -52,5 +53,7 @@ func newGetJoinTokenCmd(env cmdutil.ExecutionEnvironment) *cobra.Command {

cmd.Flags().BoolVar(&opts.worker, "worker", false, "generate a join token for a worker node")
cmd.Flags().DurationVar(&opts.timeout, "timeout", 90*time.Second, "the max time to wait for the command to execute")
// The CLI uses verbose names for flags instead of abbreviations. Internally and for the API, the common TTL (time-to-live) name is used.
cmd.Flags().DurationVar(&opts.ttl, "expires-in", 24*time.Hour, "the time until the token expires")
return cmd
}
2 changes: 1 addition & 1 deletion src/k8s/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.22.6
require (
dario.cat/mergo v1.0.0
github.com/canonical/go-dqlite v1.22.0
github.com/canonical/k8s-snap-api v1.0.2
github.com/canonical/k8s-snap-api v1.0.3
github.com/canonical/lxd v0.0.0-20240730172021-8e39e5d4f55f
github.com/canonical/microcluster/v2 v2.0.2
github.com/go-logr/logr v1.4.2
Expand Down
4 changes: 2 additions & 2 deletions src/k8s/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -101,8 +101,8 @@ github.com/canonical/go-dqlite v1.22.0 h1:DuJmfcREl4gkQJyvZzjl2GHFZROhbPyfdjDRQX
github.com/canonical/go-dqlite v1.22.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg=
github.com/canonical/k8s-microcluster/v2 v2.1.0 h1:zoK/fYzEkhCKAWf6NcZHG6+3U2c4PqkDTUVtwju951I=
github.com/canonical/k8s-microcluster/v2 v2.1.0/go.mod h1:09N/J8tuijpAJdOER+e8IVWpn9cjzw9KzZvIunii/pA=
github.com/canonical/k8s-snap-api v1.0.2 h1:9tyIneGQ6dPouX/8DH/HBqQIk+PF+MtQB3Qwt43Cuu4=
github.com/canonical/k8s-snap-api v1.0.2/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY=
github.com/canonical/k8s-snap-api v1.0.3 h1:unMuIdLgdjlYj3bhkTQoHzphNrJG54IV23mAi1EBB38=
github.com/canonical/k8s-snap-api v1.0.3/go.mod h1:LDPoIYCeYnfgOFrwVPJ/4edGU264w7BB7g0GsVi36AY=
github.com/canonical/lxd v0.0.0-20240730172021-8e39e5d4f55f h1:bTaF5FmQk66wI8ILr+pzelTY6iNLXE9c2Ks2HG4Sp5U=
github.com/canonical/lxd v0.0.0-20240730172021-8e39e5d4f55f/go.mod h1:BVyKLSsJLTLX3o6WW0f5YDOO+J5HE3Np2WwYVrug0sY=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
Expand Down
12 changes: 7 additions & 5 deletions src/k8s/pkg/k8sd/api/cluster_tokens.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func (e *Endpoints) postClusterJoinTokens(s state.State, r *http.Request) respon
if req.Worker {
token, err = getOrCreateWorkerToken(r.Context(), s, hostname)
} else {
token, err = getOrCreateJoinToken(r.Context(), e.provider.MicroCluster(), hostname)
token, err = getOrCreateJoinToken(r.Context(), e.provider.MicroCluster(), hostname, req.TTL)
}
if err != nil {
return response.InternalError(fmt.Errorf("failed to create token: %w", err))
Expand All @@ -40,7 +40,7 @@ func (e *Endpoints) postClusterJoinTokens(s state.State, r *http.Request) respon
return response.SyncResponse(true, &apiv1.GetJoinTokenResponse{EncodedToken: token})
}

func getOrCreateJoinToken(ctx context.Context, m *microcluster.MicroCluster, tokenName string) (string, error) {
func getOrCreateJoinToken(ctx context.Context, m *microcluster.MicroCluster, tokenName string, ttl time.Duration) (string, error) {
// grab token if it exists and return it
records, err := m.ListJoinTokens(ctx)
if err != nil {
Expand All @@ -54,9 +54,11 @@ func getOrCreateJoinToken(ctx context.Context, m *microcluster.MicroCluster, tok
fmt.Println("No token exists yet. Creating a new token.")
}

// if token does not exist, create a new one
// TODO(ben): make token expiry configurable
token, err := m.NewJoinToken(ctx, tokenName, 24*time.Hour)
if ttl == 0 {
ttl = 24 * time.Hour
}

token, err := m.NewJoinToken(ctx, tokenName, ttl)
if err != nil {
return "", fmt.Errorf("failed to generate a new microcluster join token: %w", err)
}
Expand Down

0 comments on commit 84551b1

Please sign in to comment.