api.md: update documentation for the "set ACL" endpoint

This documents the `If-Match: ts-default` header that can be set to only overwrite the default ACL contents, and also briefly mentions a few of the new top-level ACL fields. Updates tailscale/terraform-provider-tailscale#182 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-11-29 04:55:31 +00:00 · 2022-11-28 22:33:51 +00:00 · 2022-11-28 22:33:51 +00:00 · 71c0e8d428
commit 71c0e8d428
parent e1d7d072a3
1 changed files with 5 additions and 0 deletions
--- a/api.md
+++ b/api.md
@ -485,6 +485,8 @@ Returns the updated ACL in JSON or HuJSON according to the `Accept` header on su
 ###### Headers
 `If-Match` - A request header. Set this value to the ETag header provided in an `ACL GET` request to avoid missed updates.

+A special value `ts-default` will ensure that ACL will be set only if current ACL is the default one (created automatically for each tailnet).
+
 `Accept` - Sets the return type of the updated ACL. Response is parsed `JSON` if `application/json` is explicitly named, otherwise HuJSON will be returned.

 ###### POST Body
@ -497,6 +499,9 @@ An ACL policy may contain the following top-level properties:
 * `ACLs` - Access control lists.
 * `TagOwners` - Defines who is allowed to use which tags.
 * `Tests` - Run on ACL updates to check correct functionality of defined ACLs.
+* `AutoApprovers` - Defines which users can advertise routes or exit nodes without further approval.
+* `SSH` - Configures access policy for Tailscale SSH.
+* `NodeAttrs` - Defines which devices can use certain features.

 See https://tailscale.com/kb/1018/acls for more information on those properties.