cmd/tailscale/cli: update tailscale down to accept an optional --reason

If specified, the reason is sent via the LocalAPI for auditing purposes.

Updates tailscale/corp#26146

Signed-off-by: Nick Khyl <nickk@tailscale.com>
This commit is contained in:
Nick Khyl 2025-01-31 16:12:32 -06:00 committed by Nick Khyl
parent 496347c724
commit 17ca2b7721

View File

@ -9,6 +9,7 @@ import (
"fmt"
"github.com/peterbourgon/ff/v3/ffcli"
"tailscale.com/client/tailscale/apitype"
"tailscale.com/ipn"
)
@ -23,10 +24,12 @@ var downCmd = &ffcli.Command{
var downArgs struct {
acceptedRisks string
reason string
}
func newDownFlagSet() *flag.FlagSet {
downf := newFlagSet("down")
downf.StringVar(&downArgs.reason, "reason", "", "reason for the disconnect, if required by a policy")
registerAcceptRiskFlag(downf, &downArgs.acceptedRisks)
return downf
}
@ -50,6 +53,7 @@ func runDown(ctx context.Context, args []string) error {
fmt.Fprintf(Stderr, "Tailscale was already stopped.\n")
return nil
}
ctx = apitype.RequestReasonKey.WithValue(ctx, downArgs.reason)
_, err = localClient.EditPrefs(ctx, &ipn.MaskedPrefs{
Prefs: ipn.Prefs{
WantRunning: false,