mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
tailcfg: add DNSConfig.CertDomains
Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
parent
082cc1b0a7
commit
cd282ec00f
@ -325,6 +325,7 @@ func (b *LocalBackend) updateStatus(sb *ipnstate.StatusBuilder, extraLocked func
|
||||
s.AuthURL = b.authURLSticky
|
||||
if b.netMap != nil {
|
||||
s.MagicDNSSuffix = b.netMap.MagicDNSSuffix()
|
||||
s.CertDomains = append([]string(nil), b.netMap.DNS.CertDomains...)
|
||||
}
|
||||
})
|
||||
sb.MutateSelfStatus(func(ss *ipnstate.PeerStatus) {
|
||||
|
@ -45,6 +45,13 @@ type Status struct {
|
||||
// has MagicDNS enabled.
|
||||
MagicDNSSuffix string
|
||||
|
||||
// CertDomains are the set of DNS names for which the control
|
||||
// plane server will assist with provisioning TLS
|
||||
// certificates. See SetDNSRequest for dns-01 ACME challenges
|
||||
// for e.g. LetsEncrypt. These names are FQDNs without
|
||||
// trailing periods, and without any "_acme-challenge." prefix.
|
||||
CertDomains []string
|
||||
|
||||
Peer map[key.Public]*PeerStatus
|
||||
User map[tailcfg.UserID]tailcfg.UserProfile
|
||||
}
|
||||
|
@ -43,7 +43,8 @@
|
||||
// 18: 2021-04-19: MapResponse.Node nil means unchanged (all fields now omitempty)
|
||||
// 19: 2021-04-21: MapResponse.Debug.SleepSeconds
|
||||
// 20: 2021-06-11: MapResponse.LastSeen used even less (https://github.com/tailscale/tailscale/issues/2107)
|
||||
const CurrentMapRequestVersion = 20
|
||||
// 21: 2021-06-15: added MapResponse.DNSConfig.CertDomains
|
||||
const CurrentMapRequestVersion = 21
|
||||
|
||||
type StableID string
|
||||
|
||||
@ -873,6 +874,14 @@ type DNSConfig struct {
|
||||
|
||||
// PerDomain is not set by the control server, and does nothing.
|
||||
PerDomain bool `json:",omitempty"`
|
||||
|
||||
// CertDomains are the set of DNS names for which the control
|
||||
// plane server will assist with provisioning TLS
|
||||
// certificates. See SetDNSRequest, which can be used to
|
||||
// answer dns-01 ACME challenges for e.g. LetsEncrypt.
|
||||
// These names are FQDNs without trailing periods, and without
|
||||
// any "_acme-challenge." prefix.
|
||||
CertDomains []string `json:",omitempty"`
|
||||
}
|
||||
|
||||
// PingRequest is a request to send an HTTP request to prove the
|
||||
@ -1197,6 +1206,9 @@ type SetDNSRequest struct {
|
||||
NodeKey NodeKey
|
||||
|
||||
// Name is the domain name for which to create a record.
|
||||
// For ACME DNS-01 challenges, it should be one of the domains
|
||||
// in MapResponse.DNSConfig.CertDomains with the prefix
|
||||
// "_acme-challenge.".
|
||||
Name string
|
||||
|
||||
// Type is the DNS record type. For ACME DNS-01 challenges, it
|
||||
|
@ -204,6 +204,7 @@ func (src *DNSConfig) Clone() *DNSConfig {
|
||||
}
|
||||
dst.Domains = append(src.Domains[:0:0], src.Domains...)
|
||||
dst.Nameservers = append(src.Nameservers[:0:0], src.Nameservers...)
|
||||
dst.CertDomains = append(src.CertDomains[:0:0], src.CertDomains...)
|
||||
return dst
|
||||
}
|
||||
|
||||
@ -217,6 +218,7 @@ func (src *DNSConfig) Clone() *DNSConfig {
|
||||
Proxied bool
|
||||
Nameservers []netaddr.IP
|
||||
PerDomain bool
|
||||
CertDomains []string
|
||||
}{})
|
||||
|
||||
// Clone makes a deep copy of DNSResolver.
|
||||
|
Loading…
Reference in New Issue
Block a user