cmd/tailscale/cli: don't print disablement secrets if init fails (#13673)

* cmd/tailscale/cli: don't print disablement secrets if init fails

Fixes tailscale/corp#11355

Signed-off-by: Erisa A <erisa@tailscale.com>

* cmd/tailscale/cli: changes from code review

Signed-off-by: Erisa A <erisa@tailscale.com>

* cmd/tailscale/cli: small grammar change

Signed-off-by: Erisa A <erisa@tailscale.com>

---------

Signed-off-by: Erisa A <erisa@tailscale.com>
This commit is contained in:
Erisa A 2024-10-04 16:01:48 +01:00 committed by GitHub
parent e8bb5d1be5
commit f30d85310c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -151,13 +151,15 @@ func runNetworkLockInit(ctx context.Context, args []string) error {
return nil
}
fmt.Printf("%d disablement secrets have been generated and are printed below. Take note of them now, they WILL NOT be shown again.\n", nlInitArgs.numDisablements)
var successMsg strings.Builder
fmt.Fprintf(&successMsg, "%d disablement secrets have been generated and are printed below. Take note of them now, they WILL NOT be shown again.\n", nlInitArgs.numDisablements)
for range nlInitArgs.numDisablements {
var secret [32]byte
if _, err := rand.Read(secret[:]); err != nil {
return err
}
fmt.Printf("\tdisablement-secret:%X\n", secret[:])
fmt.Fprintf(&successMsg, "\tdisablement-secret:%X\n", secret[:])
disablementValues = append(disablementValues, tka.DisablementKDF(secret[:]))
}
@ -168,7 +170,7 @@ func runNetworkLockInit(ctx context.Context, args []string) error {
return err
}
disablementValues = append(disablementValues, tka.DisablementKDF(supportDisablement))
fmt.Println("A disablement secret for Tailscale support has been generated and will be transmitted to Tailscale upon initialization.")
fmt.Fprintln(&successMsg, "A disablement secret for Tailscale support has been generated and transmitted to Tailscale.")
}
// The state returned by NetworkLockInit likely doesn't contain the initialized state,
@ -177,6 +179,7 @@ func runNetworkLockInit(ctx context.Context, args []string) error {
return err
}
fmt.Print(successMsg.String())
fmt.Println("Initialization complete.")
return nil
}