ipn: remove the preview-webclient node capability

Now that 1.54 has released, and the new web client will be included in 1.56, we can remove the need for the node capability. This means that all 1.55 unstable builds, and then eventually the 1.56 build, will work without setting the node capability. The web client still requires the "webclient" user pref, so this does NOT mean that the web client will be on by default for all devices. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>
2024-11-25 19:15:34 +00:00 · 2023-11-15 10:30:20 -08:00 · 2023-11-15 10:30:20 -08:00 · 9b537f7c97
commit 9b537f7c97
parent 303a1e86f5
3 changed files with 8 additions and 14 deletions
--- a/cmd/tailscale/cli/web.go
+++ b/cmd/tailscale/cli/web.go
@ -21,7 +21,6 @@
 	"github.com/peterbourgon/ff/v3/ffcli"
 	"tailscale.com/client/web"
 	"tailscale.com/ipn"
-	"tailscale.com/tailcfg"
 	"tailscale.com/util/cmpx"
 )

@ -85,11 +84,9 @@ func runWeb(ctx context.Context, args []string) error {
 		return fmt.Errorf("too many non-flag arguments: %q", args)
 	}

-	var hasPreviewCap bool
 	var selfIP netip.Addr
 	st, err := localClient.StatusWithoutPeers(ctx)
 	if err == nil && st.Self != nil && len(st.Self.TailscaleIPs) > 0 {
-		hasPreviewCap = st.Self.HasCap(tailcfg.CapabilityPreviewWebClient)
 		selfIP = st.Self.TailscaleIPs[0]
 	}

@ -98,14 +95,12 @@ func runWeb(ctx context.Context, args []string) error {
 	if prefs, err := localClient.GetPrefs(ctx); err == nil {
 		existingWebClient = prefs.RunWebClient
 	}
-	if hasPreviewCap {
-		cliServerMode = web.LoginServerMode
-		if !existingWebClient {
-			// Also start full client in tailscaled.
-			log.Printf("starting tailscaled web client at %s:%d\n", selfIP.String(), web.ListenPort)
-			if err := setRunWebClient(ctx, true); err != nil {
-				return fmt.Errorf("starting web client in tailscaled: %w", err)
-			}
+	cliServerMode = web.LoginServerMode
+	if !existingWebClient {
+		// Also start full client in tailscaled.
+		log.Printf("starting tailscaled web client at %s:%d\n", selfIP.String(), web.ListenPort)
+		if err := setRunWebClient(ctx, true); err != nil {
+			return fmt.Errorf("starting web client in tailscaled: %w", err)
 		}
 	}

@ -124,7 +119,7 @@ func runWeb(ctx context.Context, args []string) error {
 		case <-ctx.Done():
 			// Shutdown the server.
 			webServer.Shutdown()
-			if hasPreviewCap && !webArgs.cgi && !existingWebClient {
+			if !webArgs.cgi && !existingWebClient {
 				log.Println("stopping tailscaled web client")
 				// When not in cgi mode, shut down the tailscaled
 				// web client on cli termination.
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@ -4249,7 +4249,7 @@ func (b *LocalBackend) ShouldRunSSH() bool { return b.sshAtomicBool.Load() && en
 func (b *LocalBackend) ShouldRunWebClient() bool { return b.webClientAtomicBool.Load() }

 func (b *LocalBackend) setWebClientAtomicBoolLocked(nm *netmap.NetworkMap, prefs ipn.PrefsView) {
-	shouldRun := prefs.Valid() && prefs.RunWebClient() && hasCapability(nm, tailcfg.CapabilityPreviewWebClient)
+	shouldRun := prefs.Valid() && prefs.RunWebClient()
 	wasRunning := b.webClientAtomicBool.Swap(shouldRun)
 	if wasRunning && !shouldRun {
 		go b.WebClientShutdown() // stop web client
--- a/tailcfg/tailcfg.go
+++ b/tailcfg/tailcfg.go
@ -2041,7 +2041,6 @@ type Oauth2Token struct {
 	CapabilityDataPlaneAuditLogs NodeCapability = "https://tailscale.com/cap/data-plane-audit-logs" // feature enabled
 	CapabilityDebug              NodeCapability = "https://tailscale.com/cap/debug"                 // exposes debug endpoints over the PeerAPI
 	CapabilityHTTPS              NodeCapability = "https"                                           // https cert provisioning enabled on tailnet
-	CapabilityPreviewWebClient   NodeCapability = "preview-webclient"                               // allows starting web client in tailscaled

 	// CapabilityBindToInterfaceByRoute changes how Darwin nodes create
 	// sockets (in the net/netns package). See that package for more