mirror of
https://github.com/tailscale/tailscale.git
synced 2025-10-27 11:41:14 +00:00
tsnet,internal/client/tailscale: resolve OAuth into authkeys in tsnet (#17191)
* tsnet,internal/client/tailscale: resolve OAuth into authkeys in tsnet Updates #8403. * internal/client/tailscale: omit OAuth library via build tag Updates #12614. Signed-off-by: Naman Sood <mail@nsood.in>
This commit is contained in:
Naman Sood
@@ -213,6 +213,7 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
|
||||
tailscale.com/appc from tailscale.com/ipn/ipnlocal
|
||||
💣 tailscale.com/atomicfile from tailscale.com/ipn+
|
||||
tailscale.com/client/local from tailscale.com/client/web+
|
||||
tailscale.com/client/tailscale from tailscale.com/internal/client/tailscale
|
||||
tailscale.com/client/tailscale/apitype from tailscale.com/client/local+
|
||||
LDW tailscale.com/client/web from tailscale.com/ipn/ipnlocal
|
||||
tailscale.com/clientupdate from tailscale.com/client/web+
|
||||
@@ -235,12 +236,15 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
|
||||
tailscale.com/envknob/featureknob from tailscale.com/client/web+
|
||||
tailscale.com/feature from tailscale.com/ipn/ipnext+
|
||||
tailscale.com/feature/buildfeatures from tailscale.com/wgengine/magicsock+
|
||||
tailscale.com/feature/condregister/oauthkey from tailscale.com/tsnet
|
||||
tailscale.com/feature/condregister/portmapper from tailscale.com/tsnet
|
||||
tailscale.com/feature/oauthkey from tailscale.com/feature/condregister/oauthkey
|
||||
tailscale.com/feature/portmapper from tailscale.com/feature/condregister/portmapper
|
||||
tailscale.com/feature/syspolicy from tailscale.com/logpolicy
|
||||
tailscale.com/health from tailscale.com/control/controlclient+
|
||||
tailscale.com/health/healthmsg from tailscale.com/ipn/ipnlocal+
|
||||
tailscale.com/hostinfo from tailscale.com/client/web+
|
||||
tailscale.com/internal/client/tailscale from tailscale.com/tsnet+
|
||||
tailscale.com/internal/noiseconn from tailscale.com/control/controlclient
|
||||
tailscale.com/ipn from tailscale.com/client/local+
|
||||
tailscale.com/ipn/conffile from tailscale.com/ipn/ipnlocal+
|
||||
@@ -450,6 +454,9 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
|
||||
golang.org/x/net/ipv6 from github.com/prometheus-community/pro-bing+
|
||||
LDW golang.org/x/net/proxy from tailscale.com/net/netns
|
||||
DI golang.org/x/net/route from tailscale.com/net/netmon+
|
||||
golang.org/x/oauth2 from golang.org/x/oauth2/clientcredentials
|
||||
golang.org/x/oauth2/clientcredentials from tailscale.com/feature/oauthkey
|
||||
golang.org/x/oauth2/internal from golang.org/x/oauth2+
|
||||
golang.org/x/sync/errgroup from github.com/mdlayher/socket+
|
||||
golang.org/x/sys/cpu from github.com/tailscale/certstore+
|
||||
LDAI golang.org/x/sys/unix from github.com/google/nftables+
|
||||
|
||||
@@ -29,9 +29,11 @@ import (
|
||||
"tailscale.com/client/local"
|
||||
"tailscale.com/control/controlclient"
|
||||
"tailscale.com/envknob"
|
||||
_ "tailscale.com/feature/condregister/oauthkey"
|
||||
_ "tailscale.com/feature/condregister/portmapper"
|
||||
"tailscale.com/health"
|
||||
"tailscale.com/hostinfo"
|
||||
"tailscale.com/internal/client/tailscale"
|
||||
"tailscale.com/ipn"
|
||||
"tailscale.com/ipn/ipnauth"
|
||||
"tailscale.com/ipn/ipnlocal"
|
||||
@@ -680,6 +682,14 @@ func (s *Server) start() (reterr error) {
|
||||
prefs.RunWebClient = s.RunWebClient
|
||||
prefs.AdvertiseTags = s.AdvertiseTags
|
||||
authKey := s.getAuthKey()
|
||||
// Try to use an OAuth secret to generate an auth key if that functionality
|
||||
// is available.
|
||||
if f, ok := tailscale.HookResolveAuthKey.GetOk(); ok {
|
||||
authKey, err = f(s.shutdownCtx, s.getAuthKey(), prefs.AdvertiseTags)
|
||||
if err != nil {
|
||||
return fmt.Errorf("resolving auth key: %w", err)
|
||||
}
|
||||
}
|
||||
err = lb.Start(ipn.Options{
|
||||
UpdatePrefs: prefs,
|
||||
AuthKey: authKey,
|
||||
|
||||
Reference in New Issue
Block a user