From 9b537f7c974550402b073c181c05be9a0ec46cdd Mon Sep 17 00:00:00 2001 From: Will Norris Date: Wed, 15 Nov 2023 10:30:20 -0800 Subject: [PATCH] ipn: remove the preview-webclient node capability Now that 1.54 has released, and the new web client will be included in 1.56, we can remove the need for the node capability. This means that all 1.55 unstable builds, and then eventually the 1.56 build, will work without setting the node capability. The web client still requires the "webclient" user pref, so this does NOT mean that the web client will be on by default for all devices. Updates tailscale/corp#14335 Signed-off-by: Will Norris --- cmd/tailscale/cli/web.go | 19 +++++++------------ ipn/ipnlocal/local.go | 2 +- tailcfg/tailcfg.go | 1 - 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/cmd/tailscale/cli/web.go b/cmd/tailscale/cli/web.go index 40630efb1..99e68c2fc 100644 --- a/cmd/tailscale/cli/web.go +++ b/cmd/tailscale/cli/web.go @@ -21,7 +21,6 @@ "github.com/peterbourgon/ff/v3/ffcli" "tailscale.com/client/web" "tailscale.com/ipn" - "tailscale.com/tailcfg" "tailscale.com/util/cmpx" ) @@ -85,11 +84,9 @@ func runWeb(ctx context.Context, args []string) error { return fmt.Errorf("too many non-flag arguments: %q", args) } - var hasPreviewCap bool var selfIP netip.Addr st, err := localClient.StatusWithoutPeers(ctx) if err == nil && st.Self != nil && len(st.Self.TailscaleIPs) > 0 { - hasPreviewCap = st.Self.HasCap(tailcfg.CapabilityPreviewWebClient) selfIP = st.Self.TailscaleIPs[0] } @@ -98,14 +95,12 @@ func runWeb(ctx context.Context, args []string) error { if prefs, err := localClient.GetPrefs(ctx); err == nil { existingWebClient = prefs.RunWebClient } - if hasPreviewCap { - cliServerMode = web.LoginServerMode - if !existingWebClient { - // Also start full client in tailscaled. - log.Printf("starting tailscaled web client at %s:%d\n", selfIP.String(), web.ListenPort) - if err := setRunWebClient(ctx, true); err != nil { - return fmt.Errorf("starting web client in tailscaled: %w", err) - } + cliServerMode = web.LoginServerMode + if !existingWebClient { + // Also start full client in tailscaled. + log.Printf("starting tailscaled web client at %s:%d\n", selfIP.String(), web.ListenPort) + if err := setRunWebClient(ctx, true); err != nil { + return fmt.Errorf("starting web client in tailscaled: %w", err) } } @@ -124,7 +119,7 @@ func runWeb(ctx context.Context, args []string) error { case <-ctx.Done(): // Shutdown the server. webServer.Shutdown() - if hasPreviewCap && !webArgs.cgi && !existingWebClient { + if !webArgs.cgi && !existingWebClient { log.Println("stopping tailscaled web client") // When not in cgi mode, shut down the tailscaled // web client on cli termination. diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index b0de68f2c..4ac566fef 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -4249,7 +4249,7 @@ func (b *LocalBackend) ShouldRunSSH() bool { return b.sshAtomicBool.Load() && en func (b *LocalBackend) ShouldRunWebClient() bool { return b.webClientAtomicBool.Load() } func (b *LocalBackend) setWebClientAtomicBoolLocked(nm *netmap.NetworkMap, prefs ipn.PrefsView) { - shouldRun := prefs.Valid() && prefs.RunWebClient() && hasCapability(nm, tailcfg.CapabilityPreviewWebClient) + shouldRun := prefs.Valid() && prefs.RunWebClient() wasRunning := b.webClientAtomicBool.Swap(shouldRun) if wasRunning && !shouldRun { go b.WebClientShutdown() // stop web client diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go index 2f10d0e47..42b6e08d3 100644 --- a/tailcfg/tailcfg.go +++ b/tailcfg/tailcfg.go @@ -2041,7 +2041,6 @@ type Oauth2Token struct { CapabilityDataPlaneAuditLogs NodeCapability = "https://tailscale.com/cap/data-plane-audit-logs" // feature enabled CapabilityDebug NodeCapability = "https://tailscale.com/cap/debug" // exposes debug endpoints over the PeerAPI CapabilityHTTPS NodeCapability = "https" // https cert provisioning enabled on tailnet - CapabilityPreviewWebClient NodeCapability = "preview-webclient" // allows starting web client in tailscaled // CapabilityBindToInterfaceByRoute changes how Darwin nodes create // sockets (in the net/netns package). See that package for more