tailcfg: read max key duration from node cap map [capver 114]

This will be used by clients to make better decisions on when to warn users about impending key expiry. Updates tailscale/corp#16016 Signed-off-by: James Sanderson <jsanderson@tailscale.com>
2025-02-20 11:58:39 +00:00 · 2025-01-29 21:13:01 +00:00 · 2025-01-29 21:13:01 +00:00 · 717fa68f3a
commit 717fa68f3a
parent 4c3c04a413
1 changed files with 8 additions and 1 deletions
--- a/tailcfg/tailcfg.go
+++ b/tailcfg/tailcfg.go
@ -158,7 +158,8 @@ type CapabilityVersion int
 //   - 111: 2025-01-14: Client supports a peer having Node.HomeDERP (issue #14636)
 //   - 112: 2025-01-14: Client interprets AllowedIPs of nil as meaning same as Addresses
 //   - 113: 2025-01-20: Client communicates to control whether funnel is enabled by sending Hostinfo.IngressEnabled (#14688)
-const CurrentCapabilityVersion CapabilityVersion = 113
+//   - 114: 2025-01-30: NodeAttrMaxKeyDuration CapMap defined, clients might use it (no tailscaled code change) (#14829)
+const CurrentCapabilityVersion CapabilityVersion = 114

 // ID is an integer ID for a user, node, or login allocated by the
 // control plane.
@ -2430,6 +2431,12 @@ const (
 	// If multiple values of this key exist, they should be merged in sequence
 	// (replace conflicting keys).
 	NodeAttrServiceHost NodeCapability = "service-host"
+
+	// NodeAttrMaxKeyDuration represents the MaxKeyDuration setting on the
+	// tailnet. The value of this key in [NodeCapMap] will be only one entry of
+	// type float64 representing the duration in seconds. This cap will be
+	// omitted if the tailnet's MaxKeyDuration is the default.
+	NodeAttrMaxKeyDuration NodeCapability = "tailnet.maxKeyDuration"
 )

 // SetDNSRequest is a request to add a DNS record.