TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-05-05 15:11:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/containerboot: use TS_AUTHKEY as the parameter for auth keys

Browse Source 
We still accept the previous TS_AUTH_KEY for backwards compatibility, but the documented option name is the spelling we use everywhere else.

Updates #6321

Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson 2023-01-03 15:17:44 -08:00 committed by Dave Anderson
parent 69c0b7e712
commit 39efba528f
2 changed files with 40 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/containerboot/main.go
View File

@ -12,7 +12,7 @@
// As with most container things, configuration is passed through environment // As with most container things, configuration is passed through environment
// variables. All configuration is optional. // variables. All configuration is optional.
// //
// - TS_AUTH_KEY: the authkey to use for login. // - TS_AUTHKEY: the authkey to use for login.
// - TS_ROUTES: subnet routes to advertise. // - TS_ROUTES: subnet routes to advertise.
// - TS_DEST_IP: proxy all incoming Tailscale traffic to the given // - TS_DEST_IP: proxy all incoming Tailscale traffic to the given
// destination. // destination.
@ -42,7 +42,7 @@
// TS_KUBE_SECRET="" and TS_STATE_DIR=/path/to/storage/dir. The state dir should // TS_KUBE_SECRET="" and TS_STATE_DIR=/path/to/storage/dir. The state dir should
// be persistent storage. // be persistent storage.
// //
// Additionally, if TS_AUTH_KEY is not set and the TS_KUBE_SECRET contains an // Additionally, if TS_AUTHKEY is not set and the TS_KUBE_SECRET contains an
// "authkey" field, that key is used as the tailscale authkey. // "authkey" field, that key is used as the tailscale authkey.
package main package main
@ -73,7 +73,7 @@ func main() {
tailscale.I_Acknowledge_This_API_Is_Unstable = true tailscale.I_Acknowledge_This_API_Is_Unstable = true
cfg := &settings{ cfg := &settings{
AuthKey: defaultEnv("TS_AUTH_KEY", ""), AuthKey: defaultEnvs([]string{"TS_AUTHKEY", "TS_AUTH_KEY"}, ""),
Routes: defaultEnv("TS_ROUTES", ""), Routes: defaultEnv("TS_ROUTES", ""),
ProxyTo: defaultEnv("TS_DEST_IP", ""), ProxyTo: defaultEnv("TS_DEST_IP", ""),
DaemonExtraArgs: defaultEnv("TS_TAILSCALED_EXTRA_ARGS", ""), DaemonExtraArgs: defaultEnv("TS_TAILSCALED_EXTRA_ARGS", ""),
@ -548,6 +548,15 @@ func defaultEnv(name, defVal string) string {
return defVal return defVal
} }
func defaultEnvs(names []string, defVal string) string {
for _, name := range names {
if v, ok := os.LookupEnv(name); ok {
return v
}
}
return defVal
}
// defaultBool returns the boolean value of the given envvar name, or // defaultBool returns the boolean value of the given envvar name, or
// defVal if unset or not a bool. // defVal if unset or not a bool.
func defaultBool(name string, defVal bool) bool { func defaultBool(name string, defVal bool) bool {

36
cmd/containerboot/main_test.go
View File

@ -146,6 +146,24 @@ func TestContainerBoot(t *testing.T) {
{ {
// Userspace mode, ephemeral storage, authkey provided on every run. // Userspace mode, ephemeral storage, authkey provided on every run.
Name: "authkey", Name: "authkey",
Env: map[string]string{
"TS_AUTHKEY": "tskey-key",
},
Phases: []phase{
{
WantCmds: []string{
"/usr/bin/tailscaled --socket=/tmp/tailscaled.sock --state=mem: --statedir=/tmp --tun=userspace-networking",
"/usr/bin/tailscale --socket=/tmp/tailscaled.sock up --accept-dns=false --authkey=tskey-key",
},
},
{
Notify: runningNotify,
},
},
},
{
// Userspace mode, ephemeral storage, authkey provided on every run.
Name: "authkey-old-flag",
Env: map[string]string{ Env: map[string]string{
"TS_AUTH_KEY": "tskey-key", "TS_AUTH_KEY": "tskey-key",
}, },
@ -164,7 +182,7 @@ func TestContainerBoot(t *testing.T) {
{ {
Name: "authkey_disk_state", Name: "authkey_disk_state",
Env: map[string]string{ Env: map[string]string{
"TS_AUTH_KEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
"TS_STATE_DIR": filepath.Join(d, "tmp"), "TS_STATE_DIR": filepath.Join(d, "tmp"),
}, },
Phases: []phase{ Phases: []phase{
@ -182,7 +200,7 @@ func TestContainerBoot(t *testing.T) {
{ {
Name: "routes", Name: "routes",
Env: map[string]string{ Env: map[string]string{
"TS_AUTH_KEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
"TS_ROUTES": "1.2.3.0/24,10.20.30.0/24", "TS_ROUTES": "1.2.3.0/24,10.20.30.0/24",
}, },
Phases: []phase{ Phases: []phase{
@ -204,7 +222,7 @@ func TestContainerBoot(t *testing.T) {
{ {
Name: "routes_kernel_ipv4", Name: "routes_kernel_ipv4",
Env: map[string]string{ Env: map[string]string{
"TS_AUTH_KEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
"TS_ROUTES": "1.2.3.0/24,10.20.30.0/24", "TS_ROUTES": "1.2.3.0/24,10.20.30.0/24",
"TS_USERSPACE": "false", "TS_USERSPACE": "false",
}, },
@ -227,7 +245,7 @@ func TestContainerBoot(t *testing.T) {
{ {
Name: "routes_kernel_ipv6", Name: "routes_kernel_ipv6",
Env: map[string]string{ Env: map[string]string{
"TS_AUTH_KEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
"TS_ROUTES": "::/64,1::/64", "TS_ROUTES": "::/64,1::/64",
"TS_USERSPACE": "false", "TS_USERSPACE": "false",
}, },
@ -250,7 +268,7 @@ func TestContainerBoot(t *testing.T) {
{ {
Name: "routes_kernel_all_families", Name: "routes_kernel_all_families",
Env: map[string]string{ Env: map[string]string{
"TS_AUTH_KEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
"TS_ROUTES": "::/64,1.2.3.0/24", "TS_ROUTES": "::/64,1.2.3.0/24",
"TS_USERSPACE": "false", "TS_USERSPACE": "false",
}, },
@ -273,7 +291,7 @@ func TestContainerBoot(t *testing.T) {
{ {
Name: "proxy", Name: "proxy",
Env: map[string]string{ Env: map[string]string{
"TS_AUTH_KEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
"TS_DEST_IP": "1.2.3.4", "TS_DEST_IP": "1.2.3.4",
"TS_USERSPACE": "false", "TS_USERSPACE": "false",
}, },
@ -295,7 +313,7 @@ func TestContainerBoot(t *testing.T) {
{ {
Name: "authkey_once", Name: "authkey_once",
Env: map[string]string{ Env: map[string]string{
"TS_AUTH_KEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
"TS_AUTH_ONCE": "true", "TS_AUTH_ONCE": "true",
}, },
Phases: []phase{ Phases: []phase{
@ -354,7 +372,7 @@ func TestContainerBoot(t *testing.T) {
// Explicitly set to an empty value, to override the default of "tailscale". // Explicitly set to an empty value, to override the default of "tailscale".
"TS_KUBE_SECRET": "", "TS_KUBE_SECRET": "",
"TS_STATE_DIR": filepath.Join(d, "tmp"), "TS_STATE_DIR": filepath.Join(d, "tmp"),
"TS_AUTH_KEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
}, },
KubeSecret: map[string]string{}, KubeSecret: map[string]string{},
Phases: []phase{ Phases: []phase{
@ -376,7 +394,7 @@ func TestContainerBoot(t *testing.T) {
Env: map[string]string{ Env: map[string]string{
"KUBERNETES_SERVICE_HOST": kube.Host, "KUBERNETES_SERVICE_HOST": kube.Host,
"KUBERNETES_SERVICE_PORT_HTTPS": kube.Port, "KUBERNETES_SERVICE_PORT_HTTPS": kube.Port,
"TS_AUTH_KEY": "tskey-key", "TS_AUTHKEY": "tskey-key",
}, },
KubeSecret: map[string]string{}, KubeSecret: map[string]string{},
KubeDenyPatch: true, KubeDenyPatch: true,