cmd/tailscale/cli,ipn,ipn/ipnlocal: add AutoExitNode preference for automatic exit node selection

With this change, policy enforcement and exit node resolution can happen in separate steps, since enforcement no longer depends on resolving the suggested exit node. This keeps policy enforcement synchronous (e.g., when switching profiles), while allowing exit node resolution to be asynchronous on netmap updates, link changes, etc. Additionally, the new preference will be used to let GUIs and CLIs switch back to "auto" mode after a manual exit node override, which is necessary for tailscale/corp#29969. Updates tailscale/corp#29969 Updates #16459 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2025-08-14 06:57:31 +00:00 · 2025-07-03 12:21:29 -05:00
parent 0098822981
commit a8055b5f40
8 changed files with 791 additions and 91 deletions
--- a/cmd/tailscale/cli/cli_test.go
+++ b/cmd/tailscale/cli/cli_test.go
@@ -971,6 +971,10 @@ func TestPrefFlagMapping(t *testing.T) {
 			// Used internally by LocalBackend as part of exit node usage toggling.
 			// No CLI flag for this.
 			continue
+		case "AutoExitNode":
+			// TODO(nickkhyl): should be handled by tailscale {set,up} --exit-node.
+			// See tailscale/tailscale#16459.
+			continue
 		}
 		t.Errorf("unexpected new ipn.Pref field %q is not handled by up.go (see addPrefFlagMapping and checkForAccidentalSettingReverts)", prefName)
 	}