search

skupperproject / skupper

Skupper is an implementation of a Virtual Application Network, enabling rich hybrid cloud communication.
http://skupper.io
Apache License 2.0
579 stars 70 forks source link

Establishing numerous links on the same site using the identical token, all without CLI #1367

Open bartoval opened 7 months ago

bartoval commented 7 months ago

Describe the bug

It appears that a token generated on one Site has the potential to be utilized indefinitely on a different site, resulting in the establishment of numerous Links

How To Reproduce I am using the Kube apis:

1) I request the generation of a token by sending from the site vb-test-1:

kind: Secret
apiVersion: v1
metadata:
  name: potato-gorilla
  labels:
    skupper.io/type: connection-token-request

2) This is the generated token that I will use, excluding the namespace, creationTimestamp, and resourceVersion manually

kind: Secret
apiVersion: v1
metadata:
  name: potato-gorilla
  uid: 97104799-3b28-40d2-8d6a-7260e56f313d
  labels:
    skupper.io/type: connection-token
  annotations:
    edge-host: skupper-edge-vb-test.skupper-1-153f1de160110098c1928a6c05e19444-0000.eu-gb.containers.appdomain.cloud
    edge-port: "443"
    inter-router-host: skupper-inter-router-vb-test.skupper-1-153f1de160110098c1928a6c05e19444-0000.eu-gb.containers.appdomain.cloud
    inter-router-port: "443"
    skupper.io/generated-by: 763ae2bb-682c-4639-beb4-a70578205c63
    skupper.io/site-version: 1.5.3
  managedFields:
    - manager: Mozilla
      operation: Update
      apiVersion: v1
      time: 2024-01-23T15:39:08Z
      fieldsType: FieldsV1
      fieldsV1:
        f:metadata:
          f:labels: {}
        f:type: {}
    - manager: site-controller
      operation: Update
      apiVersion: v1
      time: 2024-01-23T15:39:08Z
      fieldsType: FieldsV1
      fieldsV1:
        f:data:
          .: {}
          f:ca.crt: {}
          f:tls.crt: {}
          f:tls.key: {}
        f:metadata:
          f:annotations:
            .: {}
            f:edge-host: {}
            f:edge-port: {}
            f:inter-router-host: {}
            f:inter-router-port: {}
            f:skupper.io/generated-by: {}
            f:skupper.io/site-version: {}
          f:labels:
            f:skupper.io/type: {}
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMVENDQWhXZ0F3SUJBZ0lSQUphQ3VueU5yS3hzZUcyclB3Sk52UUV3RFFZSk......hblVYaXp2elVoY2pUY05tOHVRcXU3bUJoc2UvSWhXc2dUYWh3OAp3Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lRTENJekF5bG5McnJRdW9sVVE4Z1VyVEFOQmdrcW...R040M3B3K1lVa05PRGcyZENmdENuV3UzMEFNZWI2R3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd21wSVhvNG8yMlhCVlk0ZFRPRG1hZ3lXODZFNXJ....jV4cHA0Q29xM0pla01KekVVWUE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
type: Opaque

3) Afterwards, I switched to the 'vb-test-2' site and submitted this token three times (POST.../api/kubernetes/api/v1/namespaces/vb-test-2/secrets).

and this is the result:

link

Expected behavior I think we need a check on duplicate links in case you are not using the CLI

Environment details

grs commented 7 months ago

How many secrets do you have in the namespace in which you want the link to be created?

bartoval commented 7 months ago

3 link1

grs commented 7 months ago

So you are creating multiple secrets, that is why you are getting multiple links. You are changing the name each time you are posting it would seem, otherwise you would not get the three different secrets.

bartoval commented 7 months ago

You are right, ttttt

Thank you for the clarification. +1