tailcfg,all: add and use Node.IsTagged()

Signed-off-by: Maisem Ali <maisem@tailscale.com>

cmd/nginx-auth/nginx-auth.go

@@ -56,7 +56,7 @@ func main() {
 			return
 		}
 
-		if len(info.Node.Tags) != 0 {
+		if info.Node.IsTagged() {
 			w.WriteHeader(http.StatusForbidden)
 			log.Printf("node %s is tagged", info.Node.Hostinfo.Hostname())
 			return

cmd/proxy-to-grafana/proxy-to-grafana.go

@@ -147,7 +147,7 @@ func getTailscaleUser(ctx context.Context, localClient *tailscale.LocalClient, i
 	if err != nil {
 		return nil, fmt.Errorf("failed to identify remote host: %w", err)
 	}
-	if len(whois.Node.Tags) != 0 {
+	if whois.Node.IsTagged() {
 		return nil, fmt.Errorf("tagged nodes are not users")
 	}
 	if whois.UserProfile == nil || whois.UserProfile.LoginName == "" {

ssh/tailssh/incubator.go

@@ -102,7 +102,7 @@ func (ss *sshSession) newIncubatorCommand() (cmd *exec.Cmd) {
 	ci := ss.conn.info
 	gids := strings.Join(ss.conn.userGroupIDs, ",")
 	remoteUser := ci.uprof.LoginName
-	if len(ci.node.Tags) > 0 {
+	if ci.node.IsTagged() {
 		remoteUser = strings.Join(ci.node.Tags, ",")
 	}
 

tailcfg/tailcfg.go

@@ -313,6 +313,11 @@ func (n *Node) DisplayNames(forOwner bool) (name, hostIfDifferent string) {
 	return n.ComputedName, ""
 }
 
+// IsTagged reports whether the node has any tags.
+func (n *Node) IsTagged() bool {
+	return len(n.Tags) > 0
+}
+
 // InitDisplayNames computes and populates n's display name
 // fields: n.ComputedName, n.computedHostIfDifferent, and
 // n.ComputedNameWithHost.