tailcfg: add caps and SSH action for SSH hauling

Add capabilities and an SSH action for SSH session hauling.

Updates #7069

Signed-off-by: Kris Brandow <kris@tailscale.com>
This commit is contained in:
Kris Brandow 2023-01-25 16:42:04 -05:00 committed by Kris Brandow
parent 6f992909f0
commit d5cb016cef

View File

@ -1747,6 +1747,9 @@ type Oauth2Token struct {
CapabilityWakeOnLAN = "https://tailscale.com/cap/wake-on-lan" CapabilityWakeOnLAN = "https://tailscale.com/cap/wake-on-lan"
// CapabilityIngress grants the ability for a peer to send ingress traffic. // CapabilityIngress grants the ability for a peer to send ingress traffic.
CapabilityIngress = "https://tailscale.com/cap/ingress" CapabilityIngress = "https://tailscale.com/cap/ingress"
// CapabilitySSHSessionHaul grants the ability to receive SSH session logs
// from a peer.
CapabilitySSHSessionHaul = "https://tailscale.com/cap/ssh-session-haul"
// Funnel warning capabilities used for reporting errors to the user. // Funnel warning capabilities used for reporting errors to the user.
@ -1767,6 +1770,8 @@ type Oauth2Token struct {
const ( const (
// NodeAttrFunnel grants the ability for a node to host ingress traffic. // NodeAttrFunnel grants the ability for a node to host ingress traffic.
NodeAttrFunnel = "funnel" NodeAttrFunnel = "funnel"
// NodeAttrSSHAggregator grants the ability for a node to collect SSH sessions.
NodeAttrSSHAggregator = "ssh-aggregator"
) )
// SetDNSRequest is a request to add a DNS record. // SetDNSRequest is a request to add a DNS record.
@ -1940,6 +1945,10 @@ type SSHAction struct {
// AllowLocalPortForwarding, if true, allows accepted connections // AllowLocalPortForwarding, if true, allows accepted connections
// to use local port forwarding if requested. // to use local port forwarding if requested.
AllowLocalPortForwarding bool `json:"allowLocalPortForwarding,omitempty"` AllowLocalPortForwarding bool `json:"allowLocalPortForwarding,omitempty"`
// SessionHaulTargetNode, if non-empty, is the Stable ID of a peer to
// stream this SSH session's logs to.
SessionHaulTargetNode StableNodeID `json:"sessionHaulTargetNode,omitempty"`
} }
// OverTLSPublicKeyResponse is the JSON response to /key?v=<n> // OverTLSPublicKeyResponse is the JSON response to /key?v=<n>