skupper icon indicating copy to clipboard operation
skupper copied to clipboard

Published 20 hours ago verified publisher icon skupperproject

Establishing numerous links on the same site using the identical token, all without CLI

Open bartoval opened this issue 1 year ago • 4 comments

Describe the bug

It appears that a token generated on one Site has the potential to be utilized indefinitely on a different site, resulting in the establishment of numerous Links

How To Reproduce I am using the Kube apis:

  1. I request the generation of a token by sending from the site vb-test-1:
kind: Secret
apiVersion: v1
metadata:
  name: potato-gorilla
  labels:
    skupper.io/type: connection-token-request
  1. This is the generated token that I will use, excluding the namespace, creationTimestamp, and resourceVersion manually
kind: Secret
apiVersion: v1
metadata:
  name: potato-gorilla
  uid: 97104799-3b28-40d2-8d6a-7260e56f313d
  labels:
    skupper.io/type: connection-token
  annotations:
    edge-host: skupper-edge-vb-test.skupper-1-153f1de160110098c1928a6c05e19444-0000.eu-gb.containers.appdomain.cloud
    edge-port: "443"
    inter-router-host: skupper-inter-router-vb-test.skupper-1-153f1de160110098c1928a6c05e19444-0000.eu-gb.containers.appdomain.cloud
    inter-router-port: "443"
    skupper.io/generated-by: 763ae2bb-682c-4639-beb4-a70578205c63
    skupper.io/site-version: 1.5.3
  managedFields:
    - manager: Mozilla
      operation: Update
      apiVersion: v1
      time: 2024-01-23T15:39:08Z
      fieldsType: FieldsV1
      fieldsV1:
        f:metadata:
          f:labels: {}
        f:type: {}
    - manager: site-controller
      operation: Update
      apiVersion: v1
      time: 2024-01-23T15:39:08Z
      fieldsType: FieldsV1
      fieldsV1:
        f:data:
          .: {}
          f:ca.crt: {}
          f:tls.crt: {}
          f:tls.key: {}
        f:metadata:
          f:annotations:
            .: {}
            f:edge-host: {}
            f:edge-port: {}
            f:inter-router-host: {}
            f:inter-router-port: {}
            f:skupper.io/generated-by: {}
            f:skupper.io/site-version: {}
          f:labels:
            f:skupper.io/type: {}
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMVENDQWhXZ0F3SUJBZ0lSQUphQ3VueU5yS3hzZUcyclB3Sk52UUV3RFFZSk......hblVYaXp2elVoY2pUY05tOHVRcXU3bUJoc2UvSWhXc2dUYWh3OAp3Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lRTENJekF5bG5McnJRdW9sVVE4Z1VyVEFOQmdrcW...R040M3B3K1lVa05PRGcyZENmdENuV3UzMEFNZWI2R3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd21wSVhvNG8yMlhCVlk0ZFRPRG1hZ3lXODZFNXJ....jV4cHA0Q29xM0pla01KekVVWUE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
type: Opaque
  1. Afterwards, I switched to the 'vb-test-2' site and submitted this token three times (POST.../api/kubernetes/api/v1/namespaces/vb-test-2/secrets).

and this is the result:

link

Expected behavior I think we need a check on duplicate links in case you are not using the CLI

Environment details

  • Skupper 1.5.3
  • Openshift

bartoval avatar Jan 23 '24 17:01 bartoval