mirror of
https://github.com/tailscale/tailscale.git
synced 2025-04-23 09:21:41 +00:00
cmd/tailscale: add -webclient flag to up and set
Initially, only expose this flag on dev and unstable builds. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>
This commit is contained in:
Will Norris
Will Norris
parent
f937cb6794
commit
fdbe511c41
@ -905,6 +905,7 @@ func TestUpdatePrefs(t *testing.T) {
|
|||||||
OperatorUserSet: true,
|
OperatorUserSet: true,
|
||||||
RouteAllSet: true,
|
RouteAllSet: true,
|
||||||
RunSSHSet: true,
|
RunSSHSet: true,
|
||||||
|
RunWebClientSet: true,
|
||||||
ShieldsUpSet: true,
|
ShieldsUpSet: true,
|
||||||
WantRunningSet: true,
|
WantRunningSet: true,
|
||||||
},
|
},
|
||||||
|
|||||||
@ -42,6 +42,7 @@ type setArgsT struct {
|
|||||||
exitNodeAllowLANAccess bool
|
exitNodeAllowLANAccess bool
|
||||||
shieldsUp bool
|
shieldsUp bool
|
||||||
runSSH bool
|
runSSH bool
|
||||||
|
runWebClient bool
|
||||||
hostname string
|
hostname string
|
||||||
advertiseRoutes string
|
advertiseRoutes string
|
||||||
advertiseDefaultRoute bool
|
advertiseDefaultRoute bool
|
||||||
@ -73,6 +74,11 @@ func newSetFlagSet(goos string, setArgs *setArgsT) *flag.FlagSet {
|
|||||||
setf.BoolVar(&setArgs.updateApply, "auto-update", false, "automatically update to the latest available version")
|
setf.BoolVar(&setArgs.updateApply, "auto-update", false, "automatically update to the latest available version")
|
||||||
setf.BoolVar(&setArgs.postureChecking, "posture-checking", false, "HIDDEN: allow management plane to gather device posture information")
|
setf.BoolVar(&setArgs.postureChecking, "posture-checking", false, "HIDDEN: allow management plane to gather device posture information")
|
||||||
|
|
||||||
|
// TODO(tailscale/corp#14335): during development only expose -webclient on dev and unstable builds
|
||||||
|
if version.GetMeta().IsDev || version.IsUnstableBuild() {
|
||||||
|
setf.BoolVar(&setArgs.runWebClient, "webclient", false, "run a web client, permitting access per tailnet admin's declared policy")
|
||||||
|
}
|
||||||
|
|
||||||
if safesocket.GOOSUsesPeerCreds(goos) {
|
if safesocket.GOOSUsesPeerCreds(goos) {
|
||||||
setf.StringVar(&setArgs.opUser, "operator", "", "Unix username to allow to operate on tailscaled without sudo")
|
setf.StringVar(&setArgs.opUser, "operator", "", "Unix username to allow to operate on tailscaled without sudo")
|
||||||
}
|
}
|
||||||
@ -108,6 +114,7 @@ func runSet(ctx context.Context, args []string) (retErr error) {
|
|||||||
ExitNodeAllowLANAccess: setArgs.exitNodeAllowLANAccess,
|
ExitNodeAllowLANAccess: setArgs.exitNodeAllowLANAccess,
|
||||||
ShieldsUp: setArgs.shieldsUp,
|
ShieldsUp: setArgs.shieldsUp,
|
||||||
RunSSH: setArgs.runSSH,
|
RunSSH: setArgs.runSSH,
|
||||||
|
RunWebClient: setArgs.runWebClient,
|
||||||
Hostname: setArgs.hostname,
|
Hostname: setArgs.hostname,
|
||||||
OperatorUser: setArgs.opUser,
|
OperatorUser: setArgs.opUser,
|
||||||
ForceDaemon: setArgs.forceDaemon,
|
ForceDaemon: setArgs.forceDaemon,
|
||||||
|
|||||||
@ -116,6 +116,11 @@ func newUpFlagSet(goos string, upArgs *upArgsT, cmd string) *flag.FlagSet {
|
|||||||
upf.BoolVar(&upArgs.advertiseConnector, "advertise-connector", false, "advertise this node as an app connector")
|
upf.BoolVar(&upArgs.advertiseConnector, "advertise-connector", false, "advertise this node as an app connector")
|
||||||
upf.BoolVar(&upArgs.advertiseDefaultRoute, "advertise-exit-node", false, "offer to be an exit node for internet traffic for the tailnet")
|
upf.BoolVar(&upArgs.advertiseDefaultRoute, "advertise-exit-node", false, "offer to be an exit node for internet traffic for the tailnet")
|
||||||
|
|
||||||
|
// TODO(tailscale/corp#14335): during development only expose -webclient on dev and unstable builds
|
||||||
|
if version.GetMeta().IsDev || version.IsUnstableBuild() {
|
||||||
|
upf.BoolVar(&upArgs.runWebClient, "webclient", false, "run a web client, permitting access per tailnet admin's declared policy")
|
||||||
|
}
|
||||||
|
|
||||||
if safesocket.GOOSUsesPeerCreds(goos) {
|
if safesocket.GOOSUsesPeerCreds(goos) {
|
||||||
upf.StringVar(&upArgs.opUser, "operator", "", "Unix username to allow to operate on tailscaled without sudo")
|
upf.StringVar(&upArgs.opUser, "operator", "", "Unix username to allow to operate on tailscaled without sudo")
|
||||||
}
|
}
|
||||||
@ -161,6 +166,7 @@ type upArgsT struct {
|
|||||||
exitNodeAllowLANAccess bool
|
exitNodeAllowLANAccess bool
|
||||||
shieldsUp bool
|
shieldsUp bool
|
||||||
runSSH bool
|
runSSH bool
|
||||||
|
runWebClient bool
|
||||||
forceReauth bool
|
forceReauth bool
|
||||||
forceDaemon bool
|
forceDaemon bool
|
||||||
advertiseRoutes string
|
advertiseRoutes string
|
||||||
@ -279,6 +285,7 @@ func prefsFromUpArgs(upArgs upArgsT, warnf logger.Logf, st *ipnstate.Status, goo
|
|||||||
prefs.AllowSingleHosts = upArgs.singleRoutes
|
prefs.AllowSingleHosts = upArgs.singleRoutes
|
||||||
prefs.ShieldsUp = upArgs.shieldsUp
|
prefs.ShieldsUp = upArgs.shieldsUp
|
||||||
prefs.RunSSH = upArgs.runSSH
|
prefs.RunSSH = upArgs.runSSH
|
||||||
|
prefs.RunWebClient = upArgs.runWebClient
|
||||||
prefs.AdvertiseRoutes = routes
|
prefs.AdvertiseRoutes = routes
|
||||||
prefs.AdvertiseTags = tags
|
prefs.AdvertiseTags = tags
|
||||||
prefs.Hostname = upArgs.hostname
|
prefs.Hostname = upArgs.hostname
|
||||||
@ -730,6 +737,7 @@ func init() {
|
|||||||
addPrefFlagMapping("unattended", "ForceDaemon")
|
addPrefFlagMapping("unattended", "ForceDaemon")
|
||||||
addPrefFlagMapping("operator", "OperatorUser")
|
addPrefFlagMapping("operator", "OperatorUser")
|
||||||
addPrefFlagMapping("ssh", "RunSSH")
|
addPrefFlagMapping("ssh", "RunSSH")
|
||||||
|
addPrefFlagMapping("webclient", "RunWebClient")
|
||||||
addPrefFlagMapping("nickname", "ProfileName")
|
addPrefFlagMapping("nickname", "ProfileName")
|
||||||
addPrefFlagMapping("update-check", "AutoUpdate")
|
addPrefFlagMapping("update-check", "AutoUpdate")
|
||||||
addPrefFlagMapping("auto-update", "AutoUpdate")
|
addPrefFlagMapping("auto-update", "AutoUpdate")
|
||||||
@ -938,6 +946,8 @@ func prefsToFlags(env upCheckEnv, prefs *ipn.Prefs) (flagVal map[string]any) {
|
|||||||
panic(fmt.Sprintf("unhandled flag %q", f.Name))
|
panic(fmt.Sprintf("unhandled flag %q", f.Name))
|
||||||
case "ssh":
|
case "ssh":
|
||||||
set(prefs.RunSSH)
|
set(prefs.RunSSH)
|
||||||
|
case "webclient":
|
||||||
|
set(prefs.RunWebClient)
|
||||||
case "login-server":
|
case "login-server":
|
||||||
set(prefs.ControlURL)
|
set(prefs.ControlURL)
|
||||||
case "accept-routes":
|
case "accept-routes":
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user