tailcfg: define a type for NodeCapability

Instead of untyped string, add a type to identify these. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>
2025-08-14 06:57:31 +00:00 · 2023-09-06 10:17:25 -07:00
parent 3d37328af6
commit a61caea911
18 changed files with 100 additions and 90 deletions
--- a/cmd/tailscale/cli/funnel.go
+++ b/cmd/tailscale/cli/funnel.go
@@ -147,7 +147,7 @@ func (e *serveEnv) runFunnel(ctx context.Context, args []string) error {
 //
 // verifyFunnelEnabled may refresh the local state and modify the st input.
 func (e *serveEnv) verifyFunnelEnabled(ctx context.Context, st *ipnstate.Status, port uint16) error {
-	hasFunnelAttrs := func(attrs []string) bool {
+	hasFunnelAttrs := func(attrs []tailcfg.NodeCapability) bool {
 		hasHTTPS := slices.Contains(attrs, tailcfg.CapabilityHTTPS)
 		hasFunnel := slices.Contains(attrs, tailcfg.NodeAttrFunnel)
 		return hasHTTPS && hasFunnel
--- a/cmd/tailscale/cli/serve.go
+++ b/cmd/tailscale/cli/serve.go
@@ -269,7 +269,7 @@ func (e *serveEnv) runServe(ctx context.Context, args []string) error {
 		// on, enableFeatureInteractive will error. For now, we hide that
 		// error and maintain the previous behavior (prior to 2023-08-15)
 		// of letting them edit the serve config before enabling certs.
-		e.enableFeatureInteractive(ctx, "serve", func(caps []string) bool {
+		e.enableFeatureInteractive(ctx, "serve", func(caps []tailcfg.NodeCapability) bool {
 			return slices.Contains(caps, tailcfg.CapabilityHTTPS)
 		})
 	}
@@ -829,7 +829,7 @@ func parseServePort(s string) (uint16, error) {
 //
 // 2023-08-09: The only valid feature values are "serve" and "funnel".
 // This can be moved to some CLI lib when expanded past serve/funnel.
-func (e *serveEnv) enableFeatureInteractive(ctx context.Context, feature string, hasRequiredCapabilities func(caps []string) bool) (err error) {
+func (e *serveEnv) enableFeatureInteractive(ctx context.Context, feature string, hasRequiredCapabilities func(caps []tailcfg.NodeCapability) bool) (err error) {
 	info, err := e.lc.QueryFeature(ctx, feature)
 	if err != nil {
 		return err
--- a/cmd/tailscale/cli/serve_dev.go
+++ b/cmd/tailscale/cli/serve_dev.go
@@ -233,7 +233,7 @@ func (e *serveEnv) runServeCombined(subcmd serveMode) execFunc {
 			// on, enableFeatureInteractive will error. For now, we hide that
 			// error and maintain the previous behavior (prior to 2023-08-15)
 			// of letting them edit the serve config before enabling certs.
-			if err := e.enableFeatureInteractive(ctx, "serve", func(caps []string) bool {
+			if err := e.enableFeatureInteractive(ctx, "serve", func(caps []tailcfg.NodeCapability) bool {
 				return slices.Contains(caps, tailcfg.CapabilityHTTPS)
 			}); err != nil {
 				return fmt.Errorf("error enabling https feature: %w", err)
--- a/cmd/tailscale/cli/serve_test.go
+++ b/cmd/tailscale/cli/serve_test.go
@@ -763,7 +763,7 @@ func TestVerifyFunnelEnabled(t *testing.T) {
 		// queryFeatureResponse is the mock response desired from the
 		// call made to lc.QueryFeature by verifyFunnelEnabled.
 		queryFeatureResponse mockQueryFeatureResponse
-		caps                 []string // optionally set at fakeStatus.Capabilities
+		caps                 []tailcfg.NodeCapability // optionally set at fakeStatus.Capabilities
 		wantErr              string
 		wantPanic            string
 	}{
@@ -780,13 +780,13 @@ func TestVerifyFunnelEnabled(t *testing.T) {
 		{
 			name:                 "fallback-flow-missing-acl-rule",
 			queryFeatureResponse: mockQueryFeatureResponse{resp: nil, err: errors.New("not-allowed")},
-			caps:                 []string{tailcfg.CapabilityHTTPS},
+			caps:                 []tailcfg.NodeCapability{tailcfg.CapabilityHTTPS},
 			wantErr:              `Funnel not available; "funnel" node attribute not set. See https://tailscale.com/s/no-funnel.`,
 		},
 		{
 			name:                 "fallback-flow-enabled",
 			queryFeatureResponse: mockQueryFeatureResponse{resp: nil, err: errors.New("not-allowed")},
-			caps:                 []string{tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel},
+			caps:                 []tailcfg.NodeCapability{tailcfg.CapabilityHTTPS, tailcfg.NodeAttrFunnel},
 			wantErr:              "", // no error, success
 		},
 		{
@@ -858,7 +858,7 @@ var fakeStatus = &ipnstate.Status{
 	BackendState: ipn.Running.String(),
 	Self: &ipnstate.PeerStatus{
 		DNSName:      "foo.test.ts.net",
-		Capabilities: []string{tailcfg.NodeAttrFunnel, tailcfg.CapabilityFunnelPorts + "?ports=443,8443"},
+		Capabilities: []tailcfg.NodeCapability{tailcfg.NodeAttrFunnel, tailcfg.CapabilityFunnelPorts + "?ports=443,8443"},
 	},
 }