webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tka: refer consistently to "DisablementValues"

Browse Source 
This avoids putting "DisablementSecrets" in the JSON output from
`tailscale lock log`, which is potentially scary to somebody who doesn't
understand the distinction.

AUMs are stored and transmitted in CBOR-encoded format, which uses an
integer rather than a string key, so this doesn't break already-created
TKAs.

Fixes #19189

Change-Id: I15b4e81a7cef724a450bafcfa0b938da223c78c9
Signed-off-by: Alex Chan <alexc@tailscale.com>
This commit is contained in:
Alex Chan
2026-03-31 11:14:50 +01:00
committed by Alex Chan
parent 990d25c97d
commit 4ffb92d7f6
17 changed files with 117 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tka/sync_test.go
+2 -2
View File
@@ -340,8 +340,8 @@ func TestSyncSimpleE2E(t *testing.T) {
G1.template = genesis
`,
optTemplate("genesis", AUM{MessageKind: AUMCheckpoint, State: &State{
Keys: []Key{key},
DisablementSecrets: [][]byte{DisablementKDF([]byte{1, 2, 3})},
Keys: []Key{key},
DisablementValues: [][]byte{DisablementKDF([]byte{1, 2, 3})},
}}),
optKey("key", key, priv),
optSignAllUsing("key"))