From 63d6cd942bb8d6a330099b25e6076a3d1d5db323 Mon Sep 17 00:00:00 2001 From: Derek Wang Date: Wed, 31 Mar 2021 10:51:48 -0700 Subject: [PATCH] feat: use crypto/rand to generate event bus token (#1149) Signed-off-by: Derek Wang --- controllers/eventbus/installer/nats.go | 25 ++++++++++++++------- controllers/eventbus/installer/nats_test.go | 7 ++++++ 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/controllers/eventbus/installer/nats.go b/controllers/eventbus/installer/nats.go index 4ed32e0076..de14988c78 100644 --- a/controllers/eventbus/installer/nats.go +++ b/controllers/eventbus/installer/nats.go @@ -2,9 +2,10 @@ package installer import ( "context" + "crypto/rand" "errors" "fmt" - "math/rand" + "math/big" "strconv" "strings" "time" @@ -289,7 +290,12 @@ func (i *natsInstaller) createAuthSecrets(ctx context.Context, strategy v1alpha1 log.Infow("created server auth secret", "serverAuthSecretName", expectedSSecret.Name) return expectedSSecret, nil, nil case v1alpha1.AuthStrategyToken: - token := generateToken(64) + token, err := generateToken(64) + if err != nil { + i.eventBus.Status.MarkDeployFailed("BuildServerAuthSecretFailed", "Failed to generate auth token") + log.Errorw("error generating auth token", zap.Error(err)) + return nil, nil, err + } serverAuthText := fmt.Sprintf(`authorization { token: "%s" }`, token) @@ -859,14 +865,17 @@ func (i *natsInstaller) mergeEventBusLabels(given map[string]string) map[string] } // generate a random string as token with given length -func generateToken(length int) string { +func generateToken(length int) (string, error) { seeds := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" - seededRand := rand.New(rand.NewSource(time.Now().UnixNano())) - b := make([]byte, length) - for i := range b { - b[i] = seeds[seededRand.Intn(len(seeds))] + result := make([]byte, length) + for i := 0; i < length; i++ { + num, err := rand.Int(rand.Reader, big.NewInt(int64(len(seeds)))) + if err != nil { + return "", err + } + result[i] = seeds[num.Int64()] } - return string(b) + return string(result), nil } func serverAuthSecretLabels(given map[string]string) map[string]string { diff --git a/controllers/eventbus/installer/nats_test.go b/controllers/eventbus/installer/nats_test.go index 47ed5355bf..591c29d491 100644 --- a/controllers/eventbus/installer/nats_test.go +++ b/controllers/eventbus/installer/nats_test.go @@ -303,3 +303,10 @@ func TestBuildConfigMap(t *testing.T) { } }) } + +func TestGenerateToken(t *testing.T) { + n := 30 + token, err := generateToken(n) + assert.NoError(t, err) + assert.Equal(t, len(token), n) +}