6 Commits

Author	SHA1	Message	Date
Brad Davidson	45d8c1a1a2	Soft-fail on node password verification if the secret cannot be created ... Allows nodes to join the cluster during a webhook outage. This also enhances auditability by creating Kubernetes events for the deferred verification. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-06-05 15:31:04 -07:00
Brad Davidson	239021e759	Consistently use constant-time comparison of password hashes ... As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-05-09 13:54:50 -07:00
Brad Davidson	0bf7c09569	Don't print password conversion rate ... Avoids divide-by-zero when the password file is empty Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-04-06 15:55:45 -07:00
Luther Monson	9a849b1bb7	[master] changing package to k3s-io (#4846) ... * changing package to k3s-io Signed-off-by: Luther Monson <luther.monson@gmail.com> Co-authored-by: Derek Nola <derek.nola@suse.com>	2022-03-02 15:47:27 -08:00
Brad Davidson	dc14f370c4	Update wrangler to v0.8.5 ... Required to support apiextensions.v1 as v1beta1 has been deleted. Also update helm-controller and dynamiclistener to track wrangler versions. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-08-20 18:47:16 -07:00
Erik Wilson	92d04355f4	Use secrets for node-passwd entries and cleanup	2020-11-05 09:48:53 -07:00