security: Add version number to base64 form of join tokens #65329
Conversation
|
|
|
Thank you for contributing to CockroachDB. Please ensure you have followed the guidelines for creating a PR. Before a member of our team reviews your PR, I have some potential action items for you:
I was unable to automatically find a reviewer. You can try CCing one of the following members:
🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan. |
blathers-crl
bot
added
O-community
|
This change is |
|
Issue: #64885 |
|
Adding @itsbilal (author of the issue) |
|
Thank you for updating your pull request. Before a member of our team reviews your PR, I have some potential action items for you:
I was unable to automatically find a reviewer. You can try CCing one of the following members:
🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan. |
|
oh nice, thank you for this! |
nikola-n6c
force-pushed
the
nikola/join-tokens-versioning
branch
from
618fe11 to
9356ec7
Compare
|
Thank you for updating your pull request. Before a member of our team reviews your PR, I have some potential action items for you:
🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan. |
There was a problem hiding this comment.
Hey, thank you so much @nikola-n6c for working away on this! This mostly looks good, I've left some comments that you can get to in the meantime.
Also it'd be great if you could update the PR description and commit message to have a Release note: None. line at the end.
Reviewed 3 of 3 files at r1.
Reviewable status:complete! 0 of 0 LGTMs obtained (waiting on @nikola-n6c)
pkg/security/join_token.go, line 33 at r1 (raw file):
// JoinTokenVersion is used to version the encoding of join tokens, and is the // first byte in the marshaled token. type JoinTokenVersion byte
The type doesn't need to be exported, so it could just start with a lowercase letter.
pkg/security/join_token.go, line 39 at r1 (raw file):
// The format of the text is: // <version:1>base64(<TokenID:uuid.Size><SharedSecret:joinTokenSecretLen><fingerprint:variable><crc:4>) V0 JoinTokenVersion = '0'
Also lowercase as it's unexported, plus the name could be joinTokenV0 to be more descriptive
pkg/security/join_token.go, line 44 at r1 (raw file):
// joinTokenVersionError is used when unsupported version is found while // (un)marshaling join tokens. type joinTokenVersionError struct {
This error may not be necessary, however instead of this you could add a:
var invalidJoinTokenError = errors.New("invalid join token")
and use invalidJoinTokenError for all instances of errors.New("invalid join token") below, as well as for the version error.
pkg/security/join_token.go, line 67 at r1 (raw file):
SharedSecret []byte fingerprint []byte version JoinTokenVersion
I don't think storing the version in the token itself is necessary - the marshaller could (currently) always marshal it as V0, and the unmarshaller could just have a switch based on it.
pkg/security/join_token.go, line 79 at r1 (raw file):
// // The format of the text (after base64-decoding) is: // <TokenID:uuid.Size><SharedSecret:joinTokenSecretLen><fingerprint:variable><crc:4>
I think it's a good idea to still keep the format here.
pkg/security/join_token.go, line 168 at r1 (raw file):
// Prefix the encoded token with version number. version := []byte{byte(j.version)}
It's slightly more efficient to do:
version := make([]byte, 0, len(b.Bytes()) + 1)
version = append(version, j.version)
version = append(version, b.Bytes()...)
return version, nil
As it avoids a reallocation.
pkg/security/join_token_test.go, line 75 at r1 (raw file):
require.True(t, token.VerifySignature(cm.CACert().FileContents)) t.Run("Supported", func(t *testing.T) {
Test looks great! You could change the test name to lowercase as per convention (supported, unsupported_marshal etc)
nikola-n6c
force-pushed
the
nikola/join-tokens-versioning
branch
from
9356ec7 to
306d27b
Compare
|
Thank you for updating your pull request. My owl senses detect your PR is good for review. Please keep an eye out for any test failures in CI. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan. |
|
Thanks @itsbilal, all suggestions made sense.
Done! |
There was a problem hiding this comment.
Reviewable status:
pkg/security/join_token.go, line 33 at r1 (raw file):
Previously, itsbilal (Bilal Akhtar) wrote…
The type doesn't need to be exported, so it could just start with a lowercase letter.
Done.
pkg/security/join_token.go, line 39 at r1 (raw file):
Previously, itsbilal (Bilal Akhtar) wrote…
Also lowercase as it's unexported, plus the name could be
joinTokenV0to be more descriptive
Done.
pkg/security/join_token.go, line 44 at r1 (raw file):
Previously, itsbilal (Bilal Akhtar) wrote…
This error may not be necessary, however instead of this you could add a:
var invalidJoinTokenError = errors.New("invalid join token")and use
invalidJoinTokenErrorfor all instances oferrors.New("invalid join token")below, as well as for the version error.
Done.
pkg/security/join_token.go, line 67 at r1 (raw file):
Previously, itsbilal (Bilal Akhtar) wrote…
I don't think storing the version in the token itself is necessary - the marshaller could (currently) always marshal it as V0, and the unmarshaller could just have a switch based on it.
Done.
pkg/security/join_token.go, line 79 at r1 (raw file):
Previously, itsbilal (Bilal Akhtar) wrote…
I think it's a good idea to still keep the format here.
Done.
pkg/security/join_token.go, line 168 at r1 (raw file):
Previously, itsbilal (Bilal Akhtar) wrote…
It's slightly more efficient to do:
version := make([]byte, 0, len(b.Bytes()) + 1) version = append(version, j.version) version = append(version, b.Bytes()...) return version, nilAs it avoids a reallocation.
Done.
pkg/security/join_token_test.go, line 75 at r1 (raw file):
Previously, itsbilal (Bilal Akhtar) wrote…
Test looks great! You could change the test name to lowercase as per convention (
supported,unsupported_marshaletc)
Done.
nikola-n6c
force-pushed
the
nikola/join-tokens-versioning
branch
from
306d27b to
369f973
Compare
There was a problem hiding this comment.
Also, while you finish that up, can you sign the CLA as the comment at the top mentions? That's necessary before we can merge this. Thanks again!
Reviewed 2 of 2 files at r2.
Reviewable status:
pkg/security/join_token_test.go, line 86 at r2 (raw file):
// Set first byte to unsupported version. Other parts of the token are // omitted for simplicity. tokenBytes := []byte{'x'}
It would be a better test to take the token.MarshalText() output from the valid token above, then change b[0] = 'x' and then try Unmarshaling that. That'll ensure you're testing the version mismatch case.
Also nit: we prefer to do var j2 JoinToken (or if you want the pointer type, j2 := &JoinToken{}) instead of new(JoinToken) by convention.
Release note: None.
nikola-n6c
force-pushed
the
nikola/join-tokens-versioning
branch
from
369f973 to
f658236
Compare
Thanks, agreed on the test improvement, and applying the convention nit. |
There was a problem hiding this comment.
Looks great. thanks for addressing this!
Can you sign the CLA so I can merge this? You can do it here: https://cla.crdb.dev/cockroachdb/cockroach?pullRequest=65329
Reviewed 1 of 1 files at r3.
Reviewable status:
Thanks, it took forever to make sure this is ok with policies at work. Signed the CLA. |
|
thank you! bors r=itsbilal |
|
Build succeeded: |
Add version number to base64 form of join tokens, to future proof the encoding and prevent command line issues when base64 encoded token starts with
-.Add unit test for version (un)marshaling.
Add error types to distinguish between version related error and other (i.e. encoding) errors in tests.
Release note: None.