forked from TrueCloudLab/certificates
Fix ErrAllowTokenReuse comment.
This commit is contained in:
Mariano Cano
parent
9e5762fe06
commit
d4ae267add
1 changed files with 6 additions and 6 deletions
|
|
@ -36,12 +36,12 @@ type Interface interface {
|
|||
// ErrAllowTokenReuse is an error that is returned by provisioners that allows
|
||||
// the reuse of tokens.
|
||||
//
|
||||
// This is for example returned by the Azure provisioner when
|
||||
// DisableTrustOnFirstUse is set to true. For AWS and GCP DisableTrustOnFirst
|
||||
// use means that we allow the re-use of a token coming from a specific
|
||||
// instance, but in these providers we can always get a new token, but because
|
||||
// Azure caches the token for up to 24h we should add a mechanism to allow the
|
||||
// re-use.
|
||||
// This is, for example, returned by the Azure provisioner when
|
||||
// DisableTrustOnFirstUse is set to true. Azure caches tokens for up to 24hr and
|
||||
// has no mechanism for getting a different token - this can be an issue when
|
||||
// rebooting a VM. In contrast, AWS and GCP have facilities for requesting a new
|
||||
// token. Therefore, for the Azure provisioner we are enabling token reuse, with
|
||||
// the understanding that we are not following security best practices
|
||||
var ErrAllowTokenReuse = stderrors.New("allow token reuse")
|
||||
|
||||
// Audiences stores all supported audiences by request type.
|
||||
|
|
|
|||
Loading…
Reference in a new issue