cmd/tailscale/cli: update tailscale down to accept an optional --reason

If specified, the reason is sent via the LocalAPI for auditing purposes. Updates tailscale/corp#26146 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2025-07-31 00:03:47 +00:00 · 2025-01-31 16:12:32 -06:00 · 2025-01-31 16:12:32 -06:00 · 17ca2b7721
commit 17ca2b7721
parent 496347c724
1 changed files with 4 additions and 0 deletions
--- a/cmd/tailscale/cli/down.go
+++ b/cmd/tailscale/cli/down.go
@ -9,6 +9,7 @@ import (
 	"fmt"

 	"github.com/peterbourgon/ff/v3/ffcli"
+	"tailscale.com/client/tailscale/apitype"
 	"tailscale.com/ipn"
 )

@ -23,10 +24,12 @@ var downCmd = &ffcli.Command{

 var downArgs struct {
 	acceptedRisks string
+	reason        string
 }

 func newDownFlagSet() *flag.FlagSet {
 	downf := newFlagSet("down")
+	downf.StringVar(&downArgs.reason, "reason", "", "reason for the disconnect, if required by a policy")
 	registerAcceptRiskFlag(downf, &downArgs.acceptedRisks)
 	return downf
 }
@ -50,6 +53,7 @@ func runDown(ctx context.Context, args []string) error {
 		fmt.Fprintf(Stderr, "Tailscale was already stopped.\n")
 		return nil
 	}
+	ctx = apitype.RequestReasonKey.WithValue(ctx, downArgs.reason)
 	_, err = localClient.EditPrefs(ctx, &ipn.MaskedPrefs{
 		Prefs: ipn.Prefs{
 			WantRunning: false,