From 2a0039f7c628e25e7f80a9968a4212fa93c55746 Mon Sep 17 00:00:00 2001 From: Denton Gentry Date: Thu, 11 May 2023 22:59:36 -0700 Subject: [PATCH] Revert "client: allow the expiry time to be specified for new keys" This reverts commit 9b6e48658f36e347f009d819bfa69c85c08aa3cf. Rebased PR doesn't build. Signed-off-by: Denton Gentry --- client/tailscale/keys.go | 14 +++----------- cmd/get-authkey/main.go | 2 +- cmd/k8s-operator/operator.go | 10 +++------- cmd/k8s-operator/operator_test.go | 4 ++-- 4 files changed, 9 insertions(+), 21 deletions(-) diff --git a/client/tailscale/keys.go b/client/tailscale/keys.go index 38b37e38f..05a29be50 100644 --- a/client/tailscale/keys.go +++ b/client/tailscale/keys.go @@ -70,18 +70,10 @@ func (c *Client) Keys(ctx context.Context) ([]string, error) { // CreateKey creates a new key for the current user. Currently, only auth keys // can be created. Returns the key itself, which cannot be retrieved again // later, and the key metadata. -func (c *Client) CreateKey(ctx context.Context, caps KeyCapabilities, expiry time.Duration) (string, *Key, error) { - - // convert expirySeconds to an int64 (seconds) - expirySeconds := int64(expiry.Seconds()) - if expirySeconds < 0 { - return "", nil, fmt.Errorf("expiry must be positive") - } - +func (c *Client) CreateKey(ctx context.Context, caps KeyCapabilities) (string, *Key, error) { keyRequest := struct { - Capabilities KeyCapabilities `json:"capabilities"` - ExpirySeconds int64 `json:"expirySeconds,omitempty"` - }{caps, int64(expirySeconds)} + Capabilities KeyCapabilities `json:"capabilities"` + }{caps} bs, err := json.Marshal(keyRequest) if err != nil { return "", nil, err diff --git a/cmd/get-authkey/main.go b/cmd/get-authkey/main.go index 196f45908..5f5e85186 100644 --- a/cmd/get-authkey/main.go +++ b/cmd/get-authkey/main.go @@ -67,7 +67,7 @@ func main() { }, } - authkey, _, err := tsClient.CreateKey(ctx, caps, 0) + authkey, _, err := tsClient.CreateKey(ctx, caps) if err != nil { log.Fatal(err.Error()) } diff --git a/cmd/k8s-operator/operator.go b/cmd/k8s-operator/operator.go index fef99e2d5..4398c21cc 100644 --- a/cmd/k8s-operator/operator.go +++ b/cmd/k8s-operator/operator.go @@ -153,9 +153,7 @@ waitOnline: }, }, } - // zeroSeconds adopts the default expiration time. - zeroSeconds := time.Duration(0 * time.Second) - authkey, _, err := tsClient.CreateKey(ctx, caps, zeroSeconds) + authkey, _, err := tsClient.CreateKey(ctx, caps) if err != nil { startlog.Fatalf("creating operator authkey: %v", err) } @@ -289,7 +287,7 @@ type ServiceReconciler struct { } type tsClient interface { - CreateKey(ctx context.Context, caps tailscale.KeyCapabilities, expiry time.Duration) (string, *tailscale.Key, error) + CreateKey(ctx context.Context, caps tailscale.KeyCapabilities) (string, *tailscale.Key, error) DeleteDevice(ctx context.Context, id string) error } @@ -595,9 +593,7 @@ func (a *ServiceReconciler) newAuthKey(ctx context.Context, tags []string) (stri }, }, } - - zeroDuration := time.Duration(0) - key, _, err := a.tsClient.CreateKey(ctx, caps, zeroDuration) + key, _, err := a.tsClient.CreateKey(ctx, caps) if err != nil { return "", err } diff --git a/cmd/k8s-operator/operator_test.go b/cmd/k8s-operator/operator_test.go index 001d890f2..25167961c 100644 --- a/cmd/k8s-operator/operator_test.go +++ b/cmd/k8s-operator/operator_test.go @@ -807,14 +807,14 @@ type fakeTSClient struct { deleted []string } -func (c *fakeTSClient) CreateKey(ctx context.Context, caps tailscale.KeyCapabilities, expiry time.Duration) (string, *tailscale.Key, error) { +func (c *fakeTSClient) CreateKey(ctx context.Context, caps tailscale.KeyCapabilities) (string, *tailscale.Key, error) { c.Lock() defer c.Unlock() c.keyRequests = append(c.keyRequests, caps) k := &tailscale.Key{ ID: "key", Created: time.Now(), - Expires: time.Now().Add(expiry), + Expires: time.Now().Add(24 * time.Hour), Capabilities: caps, } return "secret-authkey", k, nil