client/tailscale: revert CreateKey API change, add Client.CreateKeyWithExpiry

The client/tailscale is a stable-ish API we try not to break. Revert the Client.CreateKey method as it was and add a new CreateKeyWithExpiry method to do the new thing. And document the expiry field and enforce that the time.Duration can't be between in range greater than 0 and less than a second. Updates #7143 Updates #8124 (reverts it, effectively) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-05-12 18:50:30 -07:00
parent 678bb92bb8
commit 4664318be2
5 changed files with 20 additions and 13 deletions
--- a/cmd/k8s-operator/operator.go
+++ b/cmd/k8s-operator/operator.go
@ -153,9 +153,7 @@ waitOnline:
 					},
 				},
 			}
-			// zeroSeconds adopts the default expiration time.
-			zeroSeconds := time.Duration(0 * time.Second)
-			authkey, _, err := tsClient.CreateKey(ctx, caps, zeroSeconds)
+			authkey, _, err := tsClient.CreateKey(ctx, caps)
 			if err != nil {
 				startlog.Fatalf("creating operator authkey: %v", err)
 			}
@ -289,7 +287,7 @@ type ServiceReconciler struct {
 }

 type tsClient interface {
-	CreateKey(ctx context.Context, caps tailscale.KeyCapabilities, expiry time.Duration) (string, *tailscale.Key, error)
+	CreateKey(ctx context.Context, caps tailscale.KeyCapabilities) (string, *tailscale.Key, error)
 	DeleteDevice(ctx context.Context, id string) error
 }

@ -596,8 +594,7 @@ func (a *ServiceReconciler) newAuthKey(ctx context.Context, tags []string) (stri
 		},
 	}

-	zeroDuration := time.Duration(0)
-	key, _, err := a.tsClient.CreateKey(ctx, caps, zeroDuration)
+	key, _, err := a.tsClient.CreateKey(ctx, caps)
 	if err != nil {
 		return "", err
 	}