controlclient,tailcfg,types: expose MaxKeyDuration via localapi (#10401)

Updates tailscale/corp#16016

Signed-off-by: James Sanderson <jsanderson@tailscale.com>
pull/10750/head
James 'zofrex' Sanderson 11 months ago committed by GitHub
parent d9aeb30281
commit 124dc10261
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1044,7 +1044,7 @@ func (c *Direct) sendMapRequest(ctx context.Context, isStreaming bool, nu Netmap
var resp tailcfg.MapResponse var resp tailcfg.MapResponse
if err := c.decodeMsg(msg, &resp, machinePrivKey); err != nil { if err := c.decodeMsg(msg, &resp, machinePrivKey); err != nil {
vlogf("netmap: decode error: %v") vlogf("netmap: decode error: %v", err)
return err return err
} }
watchdogTimer.Stop() watchdogTimer.Stop()

@ -87,6 +87,7 @@ type mapSession struct {
lastPopBrowserURL string lastPopBrowserURL string
lastTKAInfo *tailcfg.TKAInfo lastTKAInfo *tailcfg.TKAInfo
lastNetmapSummary string // from NetworkMap.VeryConcise lastNetmapSummary string // from NetworkMap.VeryConcise
lastMaxExpiry time.Duration
} }
// newMapSession returns a mostly unconfigured new mapSession. // newMapSession returns a mostly unconfigured new mapSession.
@ -319,6 +320,9 @@ func (ms *mapSession) updateStateFromResponse(resp *tailcfg.MapResponse) {
if resp.TKAInfo != nil { if resp.TKAInfo != nil {
ms.lastTKAInfo = resp.TKAInfo ms.lastTKAInfo = resp.TKAInfo
} }
if resp.MaxKeyDuration > 0 {
ms.lastMaxExpiry = resp.MaxKeyDuration
}
} }
var ( var (
@ -763,6 +767,7 @@ func (ms *mapSession) netmap() *netmap.NetworkMap {
DERPMap: ms.lastDERPMap, DERPMap: ms.lastDERPMap,
ControlHealth: ms.lastHealth, ControlHealth: ms.lastHealth,
TKAEnabled: ms.lastTKAInfo != nil && !ms.lastTKAInfo.Disabled, TKAEnabled: ms.lastTKAInfo != nil && !ms.lastTKAInfo.Disabled,
MaxKeyDuration: ms.lastMaxExpiry,
} }
if ms.lastTKAInfo != nil && ms.lastTKAInfo.Head != "" { if ms.lastTKAInfo != nil && ms.lastTKAInfo.Head != "" {

@ -125,7 +125,8 @@ type CapabilityVersion int
// - 82: 2023-12-01: Client understands NodeAttrLinuxMustUseIPTables, NodeAttrLinuxMustUseNfTables, c2n /netfilter-kind // - 82: 2023-12-01: Client understands NodeAttrLinuxMustUseIPTables, NodeAttrLinuxMustUseNfTables, c2n /netfilter-kind
// - 83: 2023-12-18: Client understands DefaultAutoUpdate // - 83: 2023-12-18: Client understands DefaultAutoUpdate
// - 84: 2024-01-04: Client understands SeamlessKeyRenewal // - 84: 2024-01-04: Client understands SeamlessKeyRenewal
const CurrentCapabilityVersion CapabilityVersion = 84 // - 85: 2024-01-05: Client understands MaxKeyDuration
const CurrentCapabilityVersion CapabilityVersion = 85
type StableID string type StableID string
@ -1886,6 +1887,10 @@ type MapResponse struct {
// auto-update setting doesn't change if the tailnet admin flips the // auto-update setting doesn't change if the tailnet admin flips the
// default after the node registered. // default after the node registered.
DefaultAutoUpdate opt.Bool `json:",omitempty"` DefaultAutoUpdate opt.Bool `json:",omitempty"`
// MaxKeyDuration describes the MaxKeyDuration setting for the tailnet.
// If zero, the value is unchanged.
MaxKeyDuration time.Duration `json:",omitempty"`
} }
// ClientVersion is information about the latest client version that's available // ClientVersion is information about the latest client version that's available

@ -75,6 +75,9 @@ type NetworkMap struct {
DomainAuditLogID string DomainAuditLogID string
UserProfiles map[tailcfg.UserID]tailcfg.UserProfile UserProfiles map[tailcfg.UserID]tailcfg.UserProfile
// MaxKeyDuration describes the MaxKeyDuration setting for the tailnet.
MaxKeyDuration time.Duration
} }
// User returns nm.SelfNode.User if nm.SelfNode is non-nil, otherwise it returns // User returns nm.SelfNode.User if nm.SelfNode is non-nil, otherwise it returns

@ -177,5 +177,6 @@ func mapResponseContainsNonPatchFields(res *tailcfg.MapResponse) bool {
// function is called, so it should never be set anyway. But for // function is called, so it should never be set anyway. But for
// completedness, and for tests, check it too: // completedness, and for tests, check it too:
res.PeersChanged != nil || res.PeersChanged != nil ||
res.DefaultAutoUpdate != "" res.DefaultAutoUpdate != "" ||
res.MaxKeyDuration > 0
} }

@ -32,7 +32,7 @@ func TestMapResponseContainsNonPatchFields(t *testing.T) {
} }
return reflect.ValueOf("foo").Convert(t) return reflect.ValueOf("foo").Convert(t)
case reflect.Int64: case reflect.Int64:
return reflect.ValueOf(int64(1)) return reflect.ValueOf(int64(1)).Convert(t)
case reflect.Slice: case reflect.Slice:
return reflect.MakeSlice(t, 1, 1) return reflect.MakeSlice(t, 1, 1)
case reflect.Ptr: case reflect.Ptr:

Loading…
Cancel
Save