mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-05-04 19:56:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

tka: clarify that this limit is on disablement *values* not *secrets*

Browse Source 
Values get written into TKA state; secrets don't.

Updates #cleanup

Change-Id: Ief9831dcb1102f584a33b2e71b611b38ca463724
Signed-off-by: Alex Chan <alexc@tailscale.com>
This commit is contained in:
Alex Chan 2026-05-01 13:38:16 +01:00 committed by Alex Chan
parent f15a4f4416
commit 3ced30b0b6
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tka/limits.go
View File

@ -10,8 +10,8 @@ import (
const (
// Upper bound on checkpoint elements, chosen arbitrarily. Intended
// to cap the size of large AUMs.
maxDisablementSecrets = 32
maxKeys = 512
maxDisablementValues = 32
maxKeys = 512
// Max amount of metadata that can be associated with a key, chosen arbitrarily.
// Intended to avoid people abusing TKA as a key-value score.

4
tka/state.go
View File

@ -261,8 +261,8 @@ func (s *State) staticValidateCheckpoint() error {
if len(s.DisablementValues) == 0 {
return errors.New("at least one disablement secret required")
}
if numDS := len(s.DisablementValues); numDS > maxDisablementSecrets {
return fmt.Errorf("too many disablement secrets (%d, max %d)", numDS, maxDisablementSecrets)
if numDS := len(s.DisablementValues); numDS > maxDisablementValues {
return fmt.Errorf("too many disablement values (%d, max %d)", numDS, maxDisablementValues)
}
for i, ds := range s.DisablementValues {
if len(ds) != disablementLength {