ipn/{conffile,ipnlocal}: start booting tailscaled from a config file w/ auth key

Updates #1412 Change-Id: Icd880035a31df59797b8379f4af19da5c4c453e2 Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-12-05 04:11:59 +00:00 · 2023-10-16 12:15:03 -07:00
parent 6ca8650c7b
commit 1fc3573446
7 changed files with 126 additions and 10 deletions
--- a/tstest/integration/testcontrol/testcontrol.go
+++ b/tstest/integration/testcontrol/testcontrol.go
@@ -33,6 +33,7 @@ import (
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
 	"tailscale.com/types/ptr"
+	"tailscale.com/util/must"
 	"tailscale.com/util/rands"
 	"tailscale.com/util/set"
 )
@@ -45,6 +46,7 @@ type Server struct {
 	Logf           logger.Logf      // nil means to use the log package
 	DERPMap        *tailcfg.DERPMap // nil means to use prod DERP map
 	RequireAuth    bool
+	RequireAuthKey string // required authkey for all nodes
 	Verbose        bool
 	DNSConfig      *tailcfg.DNSConfig // nil means no DNS config
 	MagicDNSDomain string
@@ -538,6 +540,14 @@ func (s *Server) serveRegister(w http.ResponseWriter, r *http.Request, mkey key.
 		j, _ := json.MarshalIndent(req, "", "\t")
 		log.Printf("Got %T: %s", req, j)
 	}
+	if s.RequireAuthKey != "" && req.Auth.AuthKey != s.RequireAuthKey {
+		res := must.Get(s.encode(mkey, false, tailcfg.RegisterResponse{
+			Error: "invalid authkey",
+		}))
+		w.WriteHeader(200)
+		w.Write(res)
+		return
+	}

 	// If this is a followup request, wait until interactive followup URL visit complete.
 	if req.Followup != "" {