Commit Graph

7656 Commits

Author SHA1 Message Date
Sonia Appasamy
5e125750bc client/web: center and fix height of header
Centers login pill with Tailscale icon, and fixes height of login
pill.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-12-01 16:05:36 -08:00
OSS Updater
f13255d54d go.mod: update web-client-prebuilt module
Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>
2023-12-01 17:32:44 -05:00
Sonia Appasamy
7a4ba609d9 client/web: show features based on platform support
Hiding/disabling UI features when not available on the running
client.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-12-01 17:01:13 -05:00
Sonia Appasamy
7d61b827e8 client/web: adjust colors and some UI margins
Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-12-01 15:41:57 -05:00
Sonia Appasamy
b155c7a091 client/web: move postcss config into package.json
A little cleanup.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-12-01 12:21:49 -05:00
Aaron Klotz
db39a43f06 util/winutil: add support for restarting Windows processes in specific sessions
This PR is all about adding functionality that will enable the installer's
upgrade sequence to terminate processes belonging to the previous version,
and then subsequently restart instances belonging to the new version within
the session(s) corresponding to the processes that were killed.

There are multiple parts to this:

* We add support for the Restart Manager APIs, which allow us to query the
  OS for a list of processes locking specific files;
* We add the RestartableProcess and RestartableProcesses types that query
  additional information about the running processes that will allow us
  to correctly restart them in the future. These types also provide the
  ability to terminate the processes.
* We add the StartProcessInSession family of APIs that permit us to create
  new processes within specific sessions. This is needed in order to
  properly attach a new GUI process to the same RDP session and desktop that
  its previously-terminated counterpart would have been running in.
* I tweaked the winutil token APIs again.
* A lot of this stuff is pretty hard to test without a very elaborate
  harness, but I added a unit test for the most complicated part (though it
  requires LocalSystem to run).

Updates https://github.com/tailscale/corp/issues/13998

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-11-30 14:04:27 -08:00
Andrew Lytvynov
59d1077e28
clientupdate: cleanup tailscale binary copies on Windows (#10433)
When updating on Windows, we make a copy of the tailscale.exe file in a
temp directory to perform the update, because the original tailscale.exe
gets deleted during the update.

This can eat up disk space if a machine is stuck doing repeated failed
update attempts. Clean up old copies explicitly before making a new one,
same as we do with MSIs.

Updates #10082

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-11-30 12:22:29 -08:00
Marwan Sulaiman
b819f66eb1 tsweb: propagate RequestID via context and entire request
The recent addition of RequestID was only populated if the
HTTP Request had returned an error. This meant that the underlying
handler has no access to this request id and any logs it may have
emitted were impossible to correlate to that request id. Therefore,
this PR adds a middleware to generate request ids and pass them
through the request context. The tsweb.StdHandler automatically
populates this request id if the middleware is being used. Finally,
inner handlers can use the context to retrieve that same request id
and use it so that all logs and events can be correlated.

Updates #2549

Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
2023-11-30 15:00:29 -05:00
Juergen Knaack
c27aa9e7ff net/dns: fix darwin dns resolver files
putting each nameserver on one line in /etc/resolver/<domain>

fixes: #10134
Signed-off-by: Juergen Knaack <jk@jk-1.de>
2023-11-29 19:25:31 -08:00
Sonia Appasamy
cbd0b60743 client/web: remove ControlAdminURL override
Was setting this for testing, snuck into the merged version.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-11-29 18:34:12 -05:00
Sonia Appasamy
bcc9b44cb1 client/web: hide admin panel links for non-tailscale control servers
Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-11-29 16:51:46 -05:00
Claire Wang
8af503b0c5
syspolicy: add exit node related policies (#10172)
Adds policy keys ExitNodeID and ExitNodeIP.
Uses the policy keys to determine the exit node in preferences.
Fixes tailscale/corp#15683

Signed-off-by: Claire Wang <claire@tailscale.com>
2023-11-29 16:48:25 -05:00
Sonia Appasamy
ecd1ccb917 client/web: add subnet routes view
Add UI view for mutating the node's advertised subnet routes.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-11-29 15:09:07 -05:00
Sonia Appasamy
7aa981ba49 client/web: remove duplicate WhoIs call
Fixes a TODO in web.authorizeRequest.

`getSession` calls `WhoIs` already. Call `getSession` earlier in
`authorizeRequest` so we can avoid the duplicate `WhoIs` check on
the same request.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-11-29 14:46:57 -05:00
Sonia Appasamy
bc4e303846 ipn/ipnstate: add AllowedIPs to PeerStatus
Adds AllowedIPs to PeerStatus, allowing for easier lookup of the
routes allowed to be routed to a node. Will be using the AllowedIPs
of the self node from the web client interface to display approval
status of advertised routes.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-11-29 14:35:30 -05:00
Andrew Lytvynov
ac4b416c5b
cmd/tailscale,ipn/ipnlocal: pass available update as health message (#10420)
To be consistent with the formatting of other warnings, pass available
update health message instead of handling ClientVersion in he CLI.

Fixes #10312

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-11-29 09:55:39 -08:00
Will Norris
26db9775f8
client/web: skip check mode for non-tailscale.com control servers (#10413)
client/web: skip check mode for non-tailscale.com control servers

Only enforce check mode if the control server URL ends in
".tailscale.com".  This allows the web client to be used with headscale
(or other) control servers while we work with the project to add check
mode support (tracked in juanfont/headscale#1623).

Updates #10261

Co-authored-by: Sonia Appasamy <sonia@tailscale.com>
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
Signed-off-by: Will Norris <will@tailscale.com>
2023-11-29 08:44:48 -08:00
Sonia Appasamy
ab0e25beaa client/web: fix Vite dev server build error
6e30c9d1f added eslint to the web client. As a part of that change,
the existing yarn.lock file was removed and yarn install run to build
with a clean yarn dependencies set with latest versions. This caused
a change in the "vite-plugin-rewrite-all" package that fails at build
time with our existing vite config. This is a known bug with some
suggested fixes:
https://vitejs.dev/guide/troubleshooting.html#this-package-is-esm-only

Rather than editing our package.json type, this commit reverts back
the yarn.lock file to it's contents at the commit just before 6e30c9d1f
and then only runs yarn install to add the new eslint packages, rather
than installing the latest versions of all packages.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-11-29 10:54:05 -05:00
Tom DNetto
8a660a6513 ipn/ipnlocal: update hostinfo when app connector state is toggled
Updates: https://github.com/tailscale/corp/issues/16041
Signed-off-by: Tom DNetto <tom@tailscale.com>
2023-11-28 16:08:13 -08:00
Sonia Appasamy
6e30c9d1fe client/web: add eslint
Add eslint to require stricter typescript rules, particularly around
required hook dependencies. This commit also updates any files that
were now throwing errors with eslint.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-11-28 17:06:33 -05:00
Andrew Lytvynov
5a9e935597
clientupdate: implement update for Unraid (#10344)
Use the [`plugin`
CLI](https://forums.unraid.net/topic/72240-solved-is-there-a-way-to-installuninstall-plugins-from-script/#comment-676870)
to fetch and apply the update.

Updates https://github.com/tailscale/tailscale/issues/10184

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-11-28 13:28:30 -08:00
Jordan Whited
5e861c3871
wgengine/netstack: disable RACK on Windows (#10402)
Updates #9707

Signed-off-by: Jordan Whited <jordan@tailscale.com>
2023-11-28 12:12:32 -08:00
Sonia Appasamy
5f40b8a0bc scripts/check_license_headers: enforce license on ts/tsx files
Enforcing inclusion of our OSS license at the top of .ts and .tsx
files. Also updates any relevant files in the repo that were
previously missing the license comment. An additional `@license`
comment is added to client/web/src/index.tsx to preserve the
license in generated Javascript.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-11-28 13:57:09 -05:00
Jenny Zhang
09b4914916 tka: clarify field comment
Updates #cleanup
Signed-off-by: Jenny Zhang <jz@tailscale.com>
2023-11-27 18:35:33 -05:00
Denton Gentry
67f3b2a525 tsnet: add CapturePcap method for debugging
Application code can call the tsnet s.CapturePcap(filename) method
to write all packets, sent and received, to a pcap file. The cleartext
packets are written, outside the Wireguard tunnel. This is expected
to be useful for debugging.

Updates https://github.com/tailscale/tailscale/issues/9707

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2023-11-27 12:46:28 -08:00
Sonia Appasamy
b247435d66 client/web: scroll exit node dropdown to top on search
When search input changes, reset the scroll to the top of the
dropdown list.

Updates #10261

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
2023-11-27 12:43:10 -05:00
Jenny Zhang
d5d84f1a68 cmd/tailscale: also warn about IP forwarding if using CLI set
We warn users about IP forwarding being disabled when using
`--avertise-routes` in `tailscale up`, this adds the same warnings
to `tailscale set`.

Updates tailscale/corp#9968
Signed-off-by: Jenny Zhang <jz@tailscale.com>
2023-11-24 16:27:52 -05:00
Irbe Krumina
18ceb4e1f6
cmd/{containerboot,k8s-operator}: allow users to define tailnet egress target by FQDN (#10360)
* cmd/containerboot: proxy traffic to tailnet target defined by FQDN

Add a new Service annotation tailscale.com/tailnet-fqdn that
users can use to specify a tailnet target for which
an egress proxy should be deployed in the cluster.

Updates tailscale/tailscale#10280

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2023-11-24 16:24:48 +00:00
David Anderson
2a01df97b8 flake.nix: use vendorHash instead of vendorSha256
vendorSha256 is getting retired, and throws warning in builds.

Updates #cleanup

Signed-off-by: David Anderson <danderson@tailscale.com>
2023-11-23 20:32:54 -08:00
Flakes Updater
6b395f6385 go.mod.sri: update SRI hash for go.mod changes
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
2023-11-23 20:16:43 -08:00
Charlotte Brandhorst-Satzkorn
9e63bf5fd6 words: crikey! what a beauty of a list
If I have to add a tail, or a scale, mate, I will add it.

Updates tailscale/corp#14698

Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
2023-11-22 21:17:05 -08:00
Tom DNetto
611e0a5bcc appc,ipn/local: support wildcard when matching app-connectors
Updates: ENG-2453
Signed-off-by: Tom DNetto <tom@tailscale.com>
2023-11-22 14:47:44 -08:00
Jordan Whited
1af7f5b549
wgengine/magicsock: fix typo in Conn.handlePingLocked() (#10365)
Updates #cleanup

Signed-off-by: Jordan Whited <jordan@tailscale.com>
2023-11-22 14:33:12 -08:00
Andrew Dunham
5aa7687b21 util/httpm: don't run test if .git doesn't exist
Updates #9635

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I9089200f9327605036c88fc12834acece0c11694
2023-11-22 12:09:59 -05:00
Claire Wang
afacf2e368
containerboot: Add TS_ACCEPT_ROUTES (#10176)
Fixes tailscale/corp#15596

Signed-off-by: Claire Wang <claire@tailscale.com>
2023-11-22 11:45:44 -05:00
Gabriel Martinez
128d3ad1a9
cmd/k8s-operator: helm chart add missing keys (#10296)
* cmd/k8s-operator: add missing keys to Helm values file

Updates  #10182

Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt>
2023-11-22 11:02:54 +00:00
Jordan Whited
e1d0d26686
go.mod: bump wireguard-go (#10352)
This pulls in tailscale/wireguard-go@8cc8b8b and
tailscale/wireguard-go@cc193a0, which improve throughput and latency
under load.

Updates tailscale/corp#11061

Signed-off-by: Jordan Whited <jordan@tailscale.com>
2023-11-21 11:21:39 -08:00
Cole Helbling
a8647b3c37
flake: fixup version embedding (#9997)
It looks like `gitCommitStamp` is the new "entrypoint" for setting this
information.

Fixes #9996.

Signed-off-by: Cole Helbling <cole.helbling@determinate.systems>
2023-11-21 12:49:34 -05:00
Percy Wegmann
17501ea31a ci: report test coverage to coveralls.io
This records test coverage for the amd64 no race tests and uploads the
results to coveralls.io.

Updates #cleanup

Signed-off-by: Ox Cart <ox.to.a.cart@gmail.com>
2023-11-21 09:08:37 -06:00
Irbe Krumina
66471710f8
cmd/k8s-operator: truncate long StatefulSet name prefixes (#10343)
Kubernetes can generate StatefulSet names that are too long and result in invalid Pod revision hash label values.
Calculate whether a StatefulSet name generated for a Service or Ingress
will be too long and if so, truncate it.

Updates tailscale/tailscale#10284

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2023-11-21 10:20:37 +00:00
Andrew Lytvynov
2c1f14d9e6
util/set: implement json.Marshaler/Unmarshaler (#10308)
Marshal as a JSON list instead of a map. Because set elements are
`comparable` and not `cmp.Ordered`, we cannot easily sort the items
before marshaling.

Updates #cleanup

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-11-20 08:00:31 -08:00
Irbe Krumina
dd8bc9ba03
cmd/k8s-operator: log user/group impersonated by apiserver proxy (#10334)
Updates tailscale/tailscale#10127

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2023-11-20 15:41:18 +00:00
Irbe Krumina
4f80f403be
cmd/k8s-operator: fix chart syntax error (#10333)
Updates #9222

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2023-11-20 10:39:14 +00:00
License Updater
2fa219440b licenses: update android licenses
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
2023-11-18 16:39:05 -08:00
David Anderson
f867392970 cmd/tailscale/cli: add debug function to print the netmap
It's possible to do this with a combination of watch-ipn and jq, but looking
at the netmap while debugging is quite common, so it's nice to have a one-shot
command to get it.

Updates #cleanup

Signed-off-by: David Anderson <danderson@tailscale.com>
2023-11-18 15:04:36 -08:00
David Anderson
fd22145b52 cmd/tailscale/cli: make 'debug watch-ipn' play nice with jq
jq doens't like non-json output in the json stream, and works more happily
when the input stream EOFs at some point. Move non-json words to stderr, and
add a parameter to stop watching and exit after some number of objects.

Updates #cleanup

Signed-off-by: David Anderson <danderson@tailscale.com>
2023-11-18 14:34:59 -08:00
Ryan Petris
c4855fe0ea Fix Empty Resolver Set
Config.singleResolverSet returns true if all routes have the same resolvers,
even if the routes have no resolvers. If none of the routes have a specific
resolver, the default should be used instead. Therefore, check for more than
0 instead of nil.

Signed-off-by: Ryan Petris <ryan@petris.net>
2023-11-18 14:22:26 -08:00
Uri Gorelik
b88929edf8 Fix potential goroutine leak in syncs/watchdog.go
Depending on how the preemption will occur, in some scenarios sendc
would have blocked indefinitely even after cancelling the context.

Fixes #10315

Signed-off-by: Uri Gorelik <uri.gore@gmail.com>
2023-11-18 10:37:29 -08:00
Flakes Updater
e7cad78b00 go.mod.sri: update SRI hash for go.mod changes
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
2023-11-17 18:55:53 -08:00
OSS Updater
fc8488fac0 go.mod: update web-client-prebuilt module
Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>
2023-11-17 18:48:20 -08:00