From 124dc10261eaa62cbb52ed3c7c17f48a32a0e69d Mon Sep 17 00:00:00 2001 From: James 'zofrex' Sanderson Date: Fri, 5 Jan 2024 13:06:12 +0100 Subject: [PATCH] controlclient,tailcfg,types: expose MaxKeyDuration via localapi (#10401) Updates tailscale/corp#16016 Signed-off-by: James Sanderson --- control/controlclient/direct.go | 2 +- control/controlclient/map.go | 5 +++++ tailcfg/tailcfg.go | 7 ++++++- types/netmap/netmap.go | 3 +++ types/netmap/nodemut.go | 3 ++- types/netmap/nodemut_test.go | 2 +- 6 files changed, 18 insertions(+), 4 deletions(-) diff --git a/control/controlclient/direct.go b/control/controlclient/direct.go index 743ab70b6..20f51da4e 100644 --- a/control/controlclient/direct.go +++ b/control/controlclient/direct.go @@ -1044,7 +1044,7 @@ func (c *Direct) sendMapRequest(ctx context.Context, isStreaming bool, nu Netmap var resp tailcfg.MapResponse if err := c.decodeMsg(msg, &resp, machinePrivKey); err != nil { - vlogf("netmap: decode error: %v") + vlogf("netmap: decode error: %v", err) return err } watchdogTimer.Stop() diff --git a/control/controlclient/map.go b/control/controlclient/map.go index 8797ed0bb..609e8ea0c 100644 --- a/control/controlclient/map.go +++ b/control/controlclient/map.go @@ -87,6 +87,7 @@ type mapSession struct { lastPopBrowserURL string lastTKAInfo *tailcfg.TKAInfo lastNetmapSummary string // from NetworkMap.VeryConcise + lastMaxExpiry time.Duration } // newMapSession returns a mostly unconfigured new mapSession. @@ -319,6 +320,9 @@ func (ms *mapSession) updateStateFromResponse(resp *tailcfg.MapResponse) { if resp.TKAInfo != nil { ms.lastTKAInfo = resp.TKAInfo } + if resp.MaxKeyDuration > 0 { + ms.lastMaxExpiry = resp.MaxKeyDuration + } } var ( @@ -763,6 +767,7 @@ func (ms *mapSession) netmap() *netmap.NetworkMap { DERPMap: ms.lastDERPMap, ControlHealth: ms.lastHealth, TKAEnabled: ms.lastTKAInfo != nil && !ms.lastTKAInfo.Disabled, + MaxKeyDuration: ms.lastMaxExpiry, } if ms.lastTKAInfo != nil && ms.lastTKAInfo.Head != "" { diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go index bbcfd86aa..0168e9b68 100644 --- a/tailcfg/tailcfg.go +++ b/tailcfg/tailcfg.go @@ -125,7 +125,8 @@ type CapabilityVersion int // - 82: 2023-12-01: Client understands NodeAttrLinuxMustUseIPTables, NodeAttrLinuxMustUseNfTables, c2n /netfilter-kind // - 83: 2023-12-18: Client understands DefaultAutoUpdate // - 84: 2024-01-04: Client understands SeamlessKeyRenewal -const CurrentCapabilityVersion CapabilityVersion = 84 +// - 85: 2024-01-05: Client understands MaxKeyDuration +const CurrentCapabilityVersion CapabilityVersion = 85 type StableID string @@ -1886,6 +1887,10 @@ type MapResponse struct { // auto-update setting doesn't change if the tailnet admin flips the // default after the node registered. DefaultAutoUpdate opt.Bool `json:",omitempty"` + + // MaxKeyDuration describes the MaxKeyDuration setting for the tailnet. + // If zero, the value is unchanged. + MaxKeyDuration time.Duration `json:",omitempty"` } // ClientVersion is information about the latest client version that's available diff --git a/types/netmap/netmap.go b/types/netmap/netmap.go index dcfc9604a..693701bb5 100644 --- a/types/netmap/netmap.go +++ b/types/netmap/netmap.go @@ -75,6 +75,9 @@ type NetworkMap struct { DomainAuditLogID string UserProfiles map[tailcfg.UserID]tailcfg.UserProfile + + // MaxKeyDuration describes the MaxKeyDuration setting for the tailnet. + MaxKeyDuration time.Duration } // User returns nm.SelfNode.User if nm.SelfNode is non-nil, otherwise it returns diff --git a/types/netmap/nodemut.go b/types/netmap/nodemut.go index 69f37a162..1cc2a8a67 100644 --- a/types/netmap/nodemut.go +++ b/types/netmap/nodemut.go @@ -177,5 +177,6 @@ func mapResponseContainsNonPatchFields(res *tailcfg.MapResponse) bool { // function is called, so it should never be set anyway. But for // completedness, and for tests, check it too: res.PeersChanged != nil || - res.DefaultAutoUpdate != "" + res.DefaultAutoUpdate != "" || + res.MaxKeyDuration > 0 } diff --git a/types/netmap/nodemut_test.go b/types/netmap/nodemut_test.go index f691588f2..ce20286aa 100644 --- a/types/netmap/nodemut_test.go +++ b/types/netmap/nodemut_test.go @@ -32,7 +32,7 @@ func TestMapResponseContainsNonPatchFields(t *testing.T) { } return reflect.ValueOf("foo").Convert(t) case reflect.Int64: - return reflect.ValueOf(int64(1)) + return reflect.ValueOf(int64(1)).Convert(t) case reflect.Slice: return reflect.MakeSlice(t, 1, 1) case reflect.Ptr: