db2dfaae87
Customer running the connect URL was getting the entire k3s install
transcript scrolled to their terminal — including the base64-encoded
kubeconfig (cluster-admin certs visible in scrollback). Two problems:
1. UX: violates "Tower silent in the background" platform principle.
2. Security: cluster-admin material visible to anyone shoulder-surfing
or screen-sharing.
wrapQuiet() in connect_token.go now wraps bootstrap + trailer:
- all output → /var/log/odoosky-connect.log (operator-readable)
- ONE friendly line to terminal at start ("Connecting…")
- ONE outcome line at end (✓ success / ⚠ failure)
- on non-zero exit: dump last 30 log lines so customer isn't
staring at a silent terminal
Kubeconfig is already tee'd to /tmp/odoosky-kubeconfig.yaml by the
bootstrap, so the trailer reads it from disk — never needs stdout.
2.0 KiB
2.0 KiB