lxc/remote: Use TrustToken field if supported by the server

When adding a remote by putting the token in the positional argument (not --token) also check if the server supports the explicit_trust_token extension and send the password using the TrustToken field instead. Signed-off-by: Julian Pelizäus <[email protected]>
canonical · Nov 13, 2024 · 2e261f5 · 2e261f5
1 parent 75aea99
commit 2e261f5
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/lxc/remote.go b/lxc/remote.go
@@ -255,11 +255,19 @@ func (c *cmdRemoteAdd) addRemoteFromToken(addr string, server string, token stri
 		}
 	}
 
+	// Implicitly runs GetServer which updates the servers extensions.
 	d, err := conf.GetInstanceServer(server)
 	if err != nil {
 		return api.StatusErrorf(http.StatusServiceUnavailable, "%s: %w", i18n.G("Unavailable remote server"), err)
 	}
 
+	req := api.CertificatesPost{}
+	if d.HasExtension("explicit_trust_token") {
+		req.TrustToken = token
+	} else {
+		req.Password = token
+	}
+
 	// Add client certificate to trust store. Even if we are already trusted (src.Auth == "trusted"),
 	// we want to send the token to invalidate it. Therefore, we can ignore the conflict error, which
 	// is thrown if we are trying to add a client cert that is already trusted by LXD remote.