tka: block key addition when the max number of keys is reached

Updates #16607 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2025-10-29 07:09:33 +00:00 · 2025-08-14 14:02:19 +01:00
parent 5402620db8
commit 819db6759c
2 changed files with 49 additions and 0 deletions
--- a/tka/builder.go
+++ b/tka/builder.go
@@ -67,6 +67,11 @@ func (b *UpdateBuilder) AddKey(key Key) error {
 	if _, err := b.state.GetKey(keyID); err == nil {
 		return fmt.Errorf("cannot add key %v: already exists", key)
 	}
+
+	if len(b.state.Keys) >= maxKeys {
+		return fmt.Errorf("cannot add key %v: maximum number of keys reached", key)
+	}
+
 	return b.mkUpdate(AUM{MessageKind: AUMAddKey, Key: &key})
 }