From f30d85310c450c76c8a7bc724bc2f2599eb7e6ad Mon Sep 17 00:00:00 2001 From: Erisa A Date: Fri, 4 Oct 2024 16:01:48 +0100 Subject: [PATCH] cmd/tailscale/cli: don't print disablement secrets if init fails (#13673) * cmd/tailscale/cli: don't print disablement secrets if init fails Fixes tailscale/corp#11355 Signed-off-by: Erisa A * cmd/tailscale/cli: changes from code review Signed-off-by: Erisa A * cmd/tailscale/cli: small grammar change Signed-off-by: Erisa A --------- Signed-off-by: Erisa A --- cmd/tailscale/cli/network-lock.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cmd/tailscale/cli/network-lock.go b/cmd/tailscale/cli/network-lock.go index 7bea1f724..45f989f10 100644 --- a/cmd/tailscale/cli/network-lock.go +++ b/cmd/tailscale/cli/network-lock.go @@ -151,13 +151,15 @@ func runNetworkLockInit(ctx context.Context, args []string) error { return nil } - fmt.Printf("%d disablement secrets have been generated and are printed below. Take note of them now, they WILL NOT be shown again.\n", nlInitArgs.numDisablements) + var successMsg strings.Builder + + fmt.Fprintf(&successMsg, "%d disablement secrets have been generated and are printed below. Take note of them now, they WILL NOT be shown again.\n", nlInitArgs.numDisablements) for range nlInitArgs.numDisablements { var secret [32]byte if _, err := rand.Read(secret[:]); err != nil { return err } - fmt.Printf("\tdisablement-secret:%X\n", secret[:]) + fmt.Fprintf(&successMsg, "\tdisablement-secret:%X\n", secret[:]) disablementValues = append(disablementValues, tka.DisablementKDF(secret[:])) } @@ -168,7 +170,7 @@ func runNetworkLockInit(ctx context.Context, args []string) error { return err } disablementValues = append(disablementValues, tka.DisablementKDF(supportDisablement)) - fmt.Println("A disablement secret for Tailscale support has been generated and will be transmitted to Tailscale upon initialization.") + fmt.Fprintln(&successMsg, "A disablement secret for Tailscale support has been generated and transmitted to Tailscale.") } // The state returned by NetworkLockInit likely doesn't contain the initialized state, @@ -177,6 +179,7 @@ func runNetworkLockInit(ctx context.Context, args []string) error { return err } + fmt.Print(successMsg.String()) fmt.Println("Initialization complete.") return nil }