appc,ipn/local: support wildcard when matching app-connectors

Updates: ENG-2453
Signed-off-by: Tom DNetto <tom@tailscale.com>

ipn/ipnlocal/local.go

@@ -3313,17 +3313,19 @@ func (b *LocalBackend) reconfigAppConnectorLocked(nm *netmap.NetworkMap, prefs i
 		return
 	}
 
-	var domains []string
-	for _, attr := range attrs {
 	// Geometric cost, assumes that the number of advertised tags is small
-		if !nm.SelfNode.Tags().ContainsFunc(func(tag string) bool {
+	selfHasTag := func(attrTags []string) bool {
-			return slices.Contains(attr.Connectors, tag)
+		return nm.SelfNode.Tags().ContainsFunc(func(tag string) bool {
-		}) {
+			return slices.Contains(attrTags, tag)
-			continue
+		})
 	}
 
+	var domains []string
+	for _, attr := range attrs {
+		if slices.Contains(attr.Connectors, "*") || selfHasTag(attr.Connectors) {
 			domains = append(domains, attr.Domains...)
 		}
+	}
 	slices.Sort(domains)
 	slices.Compact(domains)
 	b.appConnector.UpdateDomains(domains)

types/appctype/appconnector.go

@@ -67,6 +67,7 @@ type AppConnectorAttr struct {
 	// Domains can be of the form: example.com, or *.example.com.
 	Domains []string `json:"domains,omitempty"`
 	// Connectors enumerates the app connectors which service these domains.
-	// These can be any target type supported by Tailscale's ACL language.
+	// These can either be "*" to match any advertising connector, or a
+	// tag of the form tag:<tag-name>.
 	Connectors []string `json:"connectors,omitempty"`
 }