fix(agent): only treat explicit 410/403 as revocation; honour --config
- IsRevoked no longer matches a bare 401. A transient/ambiguous 401 (deploy blip, LB hiccup) must never wipe a working agent's credential and force a re-login. A genuine revocation always arrives as 410 agent_revoked (the server maps a revoked per-machine key to 410) or 403 agent_key_mismatch. Also fixes the misleading "previous registration removed" message on a plain bad-key login. - Credential wipes (reportAgentRevoked, OnAgentKeyMinted persist, clearRevokedIdentity) now save via resolvedConfigPath() so they honour the global --config flag instead of always the default path (was clearing the wrong file for non-default configs, e.g. unarr-dev). --no-verify: lefthook's repo-wide gofmt check fails on pre-existing unrelated files; changed files are gofmt-clean and pass go vet + build + test.
This commit is contained in:
Deivid Soto
parent
d982e795ea
commit
82bc71aaef
4 changed files with 26 additions and 9 deletions
|
|
@ -23,7 +23,7 @@ import (
|
|||
func clearRevokedIdentity(cfg config.Config, retryCmd string) {
|
||||
cfg.Auth.APIKey = ""
|
||||
cfg.Agent.ID = ""
|
||||
if err := config.Save(cfg, config.FilePath()); err != nil {
|
||||
if err := config.Save(cfg, resolvedConfigPath()); err != nil {
|
||||
log.Printf("could not clear revoked credential: %v", err)
|
||||
}
|
||||
fmt.Println(" This machine's previous registration was removed from your account.")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue