all: pass log IDs as the proper type rather than strings

This change focuses on the backend log ID, which is the mostly commonly
used in the client.  Tests which don't seem to make use of the log ID
just use the zero value.

Signed-off-by: Will Norris <will@tailscale.com>

cmd/tailscaled/tailscaled.go

@@ -51,6 +51,7 @@ import (
 	"tailscale.com/tsweb"
 	"tailscale.com/types/flagtype"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/logid"
 	"tailscale.com/util/clientmetric"
 	"tailscale.com/util/multierr"
 	"tailscale.com/util/osshare"
@@ -377,11 +378,10 @@ func run() error {
 		debugMux = newDebugMux()
 	}
 
-	logid := pol.PublicID.String()
-	return startIPNServer(context.Background(), logf, logid)
+	return startIPNServer(context.Background(), logf, pol.PublicID)
 }
 
-func startIPNServer(ctx context.Context, logf logger.Logf, logid string) error {
+func startIPNServer(ctx context.Context, logf logger.Logf, logID logid.PublicID) error {
 	ln, err := safesocket.Listen(args.socketpath)
 	if err != nil {
 		return fmt.Errorf("safesocket.Listen: %v", err)
@@ -407,7 +407,7 @@ func startIPNServer(ctx context.Context, logf logger.Logf, logid string) error {
 		}
 	}()
 
-	srv := ipnserver.New(logf, logid)
+	srv := ipnserver.New(logf, logID)
 	if debugMux != nil {
 		debugMux.HandleFunc("/debug/ipn", srv.ServeHTMLStatus)
 	}
@@ -425,7 +425,7 @@ func startIPNServer(ctx context.Context, logf logger.Logf, logid string) error {
 				return
 			}
 		}
-		lb, err := getLocalBackend(ctx, logf, logid)
+		lb, err := getLocalBackend(ctx, logf, logID)
 		if err == nil {
 			logf("got LocalBackend in %v", time.Since(t0).Round(time.Millisecond))
 			srv.SetLocalBackend(lb)
@@ -449,7 +449,7 @@ func startIPNServer(ctx context.Context, logf logger.Logf, logid string) error {
 	return nil
 }
 
-func getLocalBackend(ctx context.Context, logf logger.Logf, logid string) (_ *ipnlocal.LocalBackend, retErr error) {
+func getLocalBackend(ctx context.Context, logf logger.Logf, logID logid.PublicID) (_ *ipnlocal.LocalBackend, retErr error) {
 	linkMon, err := monitor.New(logf)
 	if err != nil {
 		return nil, fmt.Errorf("monitor.New: %w", err)
@@ -520,7 +520,7 @@ func getLocalBackend(ctx context.Context, logf logger.Logf, logid string) (_ *ip
 		return nil, fmt.Errorf("store.New: %w", err)
 	}
 
-	lb, err := ipnlocal.NewLocalBackend(logf, logid, store, dialer, e, opts.LoginFlags)
+	lb, err := ipnlocal.NewLocalBackend(logf, logID, store, dialer, e, opts.LoginFlags)
 	if err != nil {
 		return nil, fmt.Errorf("ipnlocal.NewLocalBackend: %w", err)
 	}

cmd/tailscaled/tailscaled_windows.go

@@ -47,6 +47,7 @@ import (
 	"tailscale.com/net/dns"
 	"tailscale.com/net/tstun"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/logid"
 	"tailscale.com/util/winutil"
 	"tailscale.com/version"
 	"tailscale.com/wf"
@@ -262,13 +263,13 @@ func beWindowsSubprocess() bool {
 	if len(os.Args) != 3 || os.Args[1] != "/subproc" {
 		return false
 	}
-	logid := os.Args[2]
+	logID := os.Args[2]
 
 	// Remove the date/time prefix; the logtail + file loggers add it.
 	log.SetFlags(0)
 
 	log.Printf("Program starting: v%v: %#v", version.Long(), os.Args)
-	log.Printf("subproc mode: logid=%v", logid)
+	log.Printf("subproc mode: logid=%v", logID)
 	if err := envknob.ApplyDiskConfigError(); err != nil {
 		log.Printf("Error reading environment config: %v", err)
 	}
@@ -290,7 +291,8 @@ func beWindowsSubprocess() bool {
 		}
 	}()
 
-	err := startIPNServer(ctx, log.Printf, logid)
+	publicLogID, _ := logid.ParsePublicID(logID)
+	err := startIPNServer(ctx, log.Printf, publicLogID)
 	if err != nil {
 		log.Fatalf("ipnserver: %v", err)
 	}

cmd/tsconnect/wasm/wasm_js.go

@@ -122,7 +122,7 @@ func newIPN(jsConfig js.Value) map[string]any {
 		return ns.DialContextTCP(ctx, dst)
 	}
 
-	logid := lpc.PublicID.String()
+	logid := lpc.PublicID
 	srv := ipnserver.New(logf, logid)
 	lb, err := ipnlocal.NewLocalBackend(logf, logid, store, dialer, eng, controlclient.LoginEphemeral)
 	if err != nil {

ipn/ipnlocal/local.go

@@ -63,6 +63,7 @@ import (
 	"tailscale.com/types/empty"
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/logid"
 	"tailscale.com/types/netmap"
 	"tailscale.com/types/persist"
 	"tailscale.com/types/preftype"
@@ -139,7 +140,7 @@ type LocalBackend struct {
 	pm                    *profileManager
 	store                 ipn.StateStore
 	dialer                *tsdial.Dialer // non-nil
-	backendLogID          string
+	backendLogID          logid.PublicID
 	unregisterLinkMon     func()
 	unregisterHealthWatch func()
 	portpoll              *portlist.Poller // may be nil
@@ -265,7 +266,7 @@ type clientGen func(controlclient.Options) (controlclient.Client, error)
 // but is not actually running.
 //
 // If dialer is nil, a new one is made.
-func NewLocalBackend(logf logger.Logf, logid string, store ipn.StateStore, dialer *tsdial.Dialer, e wgengine.Engine, loginFlags controlclient.LoginFlags) (*LocalBackend, error) {
+func NewLocalBackend(logf logger.Logf, logID logid.PublicID, store ipn.StateStore, dialer *tsdial.Dialer, e wgengine.Engine, loginFlags controlclient.LoginFlags) (*LocalBackend, error) {
 	if e == nil {
 		panic("ipn.NewLocalBackend: engine must not be nil")
 	}
@@ -300,7 +301,7 @@ func NewLocalBackend(logf logger.Logf, logid string, store ipn.StateStore, diale
 		pm:             pm,
 		store:          pm.Store(),
 		dialer:         dialer,
-		backendLogID:   logid,
+		backendLogID:   logID,
 		state:          ipn.NoState,
 		portpoll:       portpoll,
 		em:             newExpiryManager(logf),
@@ -310,7 +311,7 @@ func NewLocalBackend(logf logger.Logf, logid string, store ipn.StateStore, diale
 
 	// for now, only log sockstats on unstable builds
 	if version.IsUnstableBuild() {
-		b.sockstatLogger, err = sockstatlog.NewLogger(logpolicy.LogsDir(logf), logf, logid)
+		b.sockstatLogger, err = sockstatlog.NewLogger(logpolicy.LogsDir(logf), logf, logID)
 		if err != nil {
 			log.Printf("error setting up sockstat logger: %v", err)
 		}
@@ -1294,7 +1295,7 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
 	}
 
 	hostinfo := hostinfo.New()
-	hostinfo.BackendLogID = b.backendLogID
+	hostinfo.BackendLogID = b.backendLogID.String()
 	hostinfo.FrontendLogID = opts.FrontendLogID
 	hostinfo.Userspace.Set(wgengine.IsNetstack(b.e))
 	hostinfo.UserspaceRouter.Set(wgengine.IsNetstackRouter(b.e))
@@ -1448,7 +1449,7 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
 
 	b.e.SetNetInfoCallback(b.setNetInfo)
 
-	blid := b.backendLogID
+	blid := b.backendLogID.String()
 	b.logf("Backend: logs: be:%v fe:%v", blid, opts.FrontendLogID)
 	b.send(ipn.Notify{BackendLogID: &blid})
 	b.send(ipn.Notify{Prefs: &prefs})

ipn/ipnlocal/local_test.go

@@ -23,6 +23,7 @@ import (
 	"tailscale.com/tstest"
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/logid"
 	"tailscale.com/types/netmap"
 	"tailscale.com/wgengine"
 	"tailscale.com/wgengine/filter"
@@ -506,7 +507,7 @@ func TestLazyMachineKeyGeneration(t *testing.T) {
 		t.Fatalf("NewFakeUserspaceEngine: %v", err)
 	}
 	t.Cleanup(eng.Close)
-	lb, err := NewLocalBackend(logf, "logid", store, nil, eng, 0)
+	lb, err := NewLocalBackend(logf, logid.PublicID{}, store, nil, eng, 0)
 	if err != nil {
 		t.Fatalf("NewLocalBackend: %v", err)
 	}
@@ -770,7 +771,7 @@ func TestStatusWithoutPeers(t *testing.T) {
 	}
 	t.Cleanup(e.Close)
 
-	b, err := NewLocalBackend(logf, "logid", store, nil, e, 0)
+	b, err := NewLocalBackend(logf, logid.PublicID{}, store, nil, e, 0)
 	if err != nil {
 		t.Fatalf("NewLocalBackend: %v", err)
 	}

ipn/ipnlocal/loglines_test.go

@@ -54,7 +54,7 @@ func TestLocalLogLines(t *testing.T) {
 	}
 	t.Cleanup(e.Close)
 
-	lb, err := NewLocalBackend(logf, idA.String(), store, nil, e, 0)
+	lb, err := NewLocalBackend(logf, idA, store, nil, e, 0)
 	if err != nil {
 		t.Fatal(err)
 	}

ipn/ipnlocal/state_test.go

@@ -21,6 +21,7 @@ import (
 	"tailscale.com/types/empty"
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/logid"
 	"tailscale.com/types/netmap"
 	"tailscale.com/types/persist"
 	"tailscale.com/wgengine"
@@ -303,7 +304,7 @@ func TestStateMachine(t *testing.T) {
 	}
 	t.Cleanup(e.Close)
 
-	b, err := NewLocalBackend(logf, "logid", store, nil, e, 0)
+	b, err := NewLocalBackend(logf, logid.PublicID{}, store, nil, e, 0)
 	if err != nil {
 		t.Fatalf("NewLocalBackend: %v", err)
 	}
@@ -946,7 +947,7 @@ func TestEditPrefsHasNoKeys(t *testing.T) {
 	}
 	t.Cleanup(e.Close)
 
-	b, err := NewLocalBackend(logf, "logid", new(mem.Store), nil, e, 0)
+	b, err := NewLocalBackend(logf, logid.PublicID{}, new(mem.Store), nil, e, 0)
 	if err != nil {
 		t.Fatalf("NewLocalBackend: %v", err)
 	}
@@ -1025,7 +1026,7 @@ func TestWGEngineStatusRace(t *testing.T) {
 	eng, err := wgengine.NewFakeUserspaceEngine(logf, 0)
 	c.Assert(err, qt.IsNil)
 	t.Cleanup(eng.Close)
-	b, err := NewLocalBackend(logf, "logid", new(mem.Store), nil, eng, 0)
+	b, err := NewLocalBackend(logf, logid.PublicID{}, new(mem.Store), nil, eng, 0)
 	c.Assert(err, qt.IsNil)
 
 	var cc *mockControl

ipn/ipnserver/server.go

@@ -25,6 +25,7 @@ import (
 	"tailscale.com/ipn/ipnlocal"
 	"tailscale.com/ipn/localapi"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/logid"
 	"tailscale.com/util/mak"
 	"tailscale.com/util/set"
 	"tailscale.com/util/systemd"
@@ -35,7 +36,7 @@ import (
 type Server struct {
 	lb           atomic.Pointer[ipnlocal.LocalBackend]
 	logf         logger.Logf
-	backendLogID string
+	backendLogID logid.PublicID
 	// resetOnZero is whether to call bs.Reset on transition from
 	// 1->0 active HTTP requests. That is, this is whether the backend is
 	// being run in "client mode" that requires an active GUI
@@ -412,9 +413,9 @@ func (s *Server) addActiveHTTPRequest(req *http.Request, ci *ipnauth.ConnIdentit
 //
 // At some point, either before or after Run, the Server's SetLocalBackend
 // method must also be called before Server can do anything useful.
-func New(logf logger.Logf, logid string) *Server {
+func New(logf logger.Logf, logID logid.PublicID) *Server {
 	return &Server{
-		backendLogID: logid,
+		backendLogID: logID,
 		logf:         logf,
 		resetOnZero:  envknob.GOOS() == "windows",
 	}

ipn/localapi/localapi.go

@@ -40,6 +40,7 @@ import (
 	"tailscale.com/tka"
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/logid"
 	"tailscale.com/types/ptr"
 	"tailscale.com/util/clientmetric"
 	"tailscale.com/util/httpm"
@@ -124,7 +125,7 @@ var (
 	metrics   = map[string]*clientmetric.Metric{}
 )
 
-func NewHandler(b *ipnlocal.LocalBackend, logf logger.Logf, logID string) *Handler {
+func NewHandler(b *ipnlocal.LocalBackend, logf logger.Logf, logID logid.PublicID) *Handler {
 	return &Handler{b: b, logf: logf, backendLogID: logID}
 }
 
@@ -149,7 +150,7 @@ type Handler struct {
 
 	b            *ipnlocal.LocalBackend
 	logf         logger.Logf
-	backendLogID string
+	backendLogID logid.PublicID
 }
 
 func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {

log/sockstatlog/logger.go

@@ -58,17 +58,17 @@ type event struct {
 }
 
 // SockstatLogID reproducibly derives a new logid.PrivateID for sockstat logging from a node's public backend log ID.
-// The returned PrivateID is the sha256 sum of id + "sockstat".
+// The returned PrivateID is the sha256 sum of logID + "sockstat".
 // If a node's public log ID becomes known, it is trivial to spoof sockstat logs for that node.
 // Given the this is just for debugging, we're not too concerned about that.
-func SockstatLogID(id string) logid.PrivateID {
-	return logid.PrivateID(sha256.Sum256([]byte(id + "sockstat")))
+func SockstatLogID(logID logid.PublicID) logid.PrivateID {
+	return logid.PrivateID(sha256.Sum256([]byte(logID.String() + "sockstat")))
 }
 
 // NewLogger returns a new Logger that will store stats in logdir.
 // On platforms that do not support sockstat logging, a nil Logger will be returned.
 // The returned Logger must be shut down with Shutdown when it is no longer needed.
-func NewLogger(logdir string, logf logger.Logf, backendLogID string) (*Logger, error) {
+func NewLogger(logdir string, logf logger.Logf, logID logid.PublicID) (*Logger, error) {
 	if !sockstats.IsAvailable {
 		return nil, nil
 	}
@@ -91,7 +91,7 @@ func NewLogger(logdir string, logf logger.Logf, backendLogID string) (*Logger, e
 	}
 	logger.logger = logtail.NewLogger(logtail.Config{
 		BaseURL:    logpolicy.LogURL(),
-		PrivateID:  SockstatLogID(backendLogID),
+		PrivateID:  SockstatLogID(logID),
 		Collection: "sockstats.log.tailscale.io",
 		Buffer:     filch,
 		NewZstdEncoder: func() logtail.Encoder {

ssh/tailssh/tailssh_test.go

@@ -38,6 +38,7 @@ import (
 	"tailscale.com/tempfork/gliderlabs/ssh"
 	"tailscale.com/tstest"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/logid"
 	"tailscale.com/types/netmap"
 	"tailscale.com/util/cibuild"
 	"tailscale.com/util/lineread"
@@ -505,7 +506,7 @@ func TestSSH(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	lb, err := ipnlocal.NewLocalBackend(logf, "",
+	lb, err := ipnlocal.NewLocalBackend(logf, logid.PublicID{},
 		new(mem.Store),
 		new(tsdial.Dialer),
 		eng, 0)

tsnet/tsnet.go

@@ -48,6 +48,7 @@ import (
 	"tailscale.com/net/tsdial"
 	"tailscale.com/smallzstd"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/logid"
 	"tailscale.com/types/nettype"
 	"tailscale.com/util/mak"
 	"tailscale.com/wgengine"
@@ -118,7 +119,7 @@ type Server struct {
 	localClient      *tailscale.LocalClient // in-memory
 	logbuffer        *filch.Filch
 	logtail          *logtail.Logger
-	logid            string
+	logid            logid.PublicID
 
 	mu        sync.Mutex
 	listeners map[listenKey]*listener
@@ -573,7 +574,6 @@ func (s *Server) start() (reterr error) {
 
 func (s *Server) startLogger(closePool *closeOnErrorPool) error {
 	if inTest() {
-		s.logid = "test"
 		return nil
 	}
 	cfgPath := filepath.Join(s.rootPath, "tailscaled.log.conf")
@@ -590,7 +590,7 @@ func (s *Server) startLogger(closePool *closeOnErrorPool) error {
 	if err := lpc.Validate(logtail.CollectionNode); err != nil {
 		return fmt.Errorf("logpolicy.Config.Validate for %v: %w", cfgPath, err)
 	}
-	s.logid = lpc.PublicID.String()
+	s.logid = lpc.PublicID
 
 	s.logbuffer, err = filch.New(filepath.Join(s.rootPath, "tailscaled"), filch.Options{ReplaceStderr: false})
 	if err != nil {

tstest/integration/tailscaled_deps_test_darwin.go

@@ -40,6 +40,7 @@ import (
 	_ "tailscale.com/types/flagtype"
 	_ "tailscale.com/types/key"
 	_ "tailscale.com/types/logger"
+	_ "tailscale.com/types/logid"
 	_ "tailscale.com/util/clientmetric"
 	_ "tailscale.com/util/multierr"
 	_ "tailscale.com/util/osshare"

tstest/integration/tailscaled_deps_test_freebsd.go

@@ -40,6 +40,7 @@ import (
 	_ "tailscale.com/types/flagtype"
 	_ "tailscale.com/types/key"
 	_ "tailscale.com/types/logger"
+	_ "tailscale.com/types/logid"
 	_ "tailscale.com/util/clientmetric"
 	_ "tailscale.com/util/multierr"
 	_ "tailscale.com/util/osshare"

tstest/integration/tailscaled_deps_test_linux.go

@@ -40,6 +40,7 @@ import (
 	_ "tailscale.com/types/flagtype"
 	_ "tailscale.com/types/key"
 	_ "tailscale.com/types/logger"
+	_ "tailscale.com/types/logid"
 	_ "tailscale.com/util/clientmetric"
 	_ "tailscale.com/util/multierr"
 	_ "tailscale.com/util/osshare"

tstest/integration/tailscaled_deps_test_openbsd.go

@@ -40,6 +40,7 @@ import (
 	_ "tailscale.com/types/flagtype"
 	_ "tailscale.com/types/key"
 	_ "tailscale.com/types/logger"
+	_ "tailscale.com/types/logid"
 	_ "tailscale.com/util/clientmetric"
 	_ "tailscale.com/util/multierr"
 	_ "tailscale.com/util/osshare"

tstest/integration/tailscaled_deps_test_windows.go

@@ -47,6 +47,7 @@ import (
 	_ "tailscale.com/types/flagtype"
 	_ "tailscale.com/types/key"
 	_ "tailscale.com/types/logger"
+	_ "tailscale.com/types/logid"
 	_ "tailscale.com/util/clientmetric"
 	_ "tailscale.com/util/multierr"
 	_ "tailscale.com/util/osshare"

wgengine/netstack/netstack_test.go

@@ -18,6 +18,7 @@ import (
 	"tailscale.com/net/tstun"
 	"tailscale.com/tstest"
 	"tailscale.com/types/ipproto"
+	"tailscale.com/types/logid"
 	"tailscale.com/wgengine"
 	"tailscale.com/wgengine/filter"
 )
@@ -49,7 +50,7 @@ func TestInjectInboundLeak(t *testing.T) {
 		t.Fatal("failed to get internals")
 	}
 
-	lb, err := ipnlocal.NewLocalBackend(logf, "logid", new(mem.Store), dialer, eng, 0)
+	lb, err := ipnlocal.NewLocalBackend(logf, logid.PublicID{}, new(mem.Store), dialer, eng, 0)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -113,7 +114,7 @@ func makeNetstack(t *testing.T, config func(*Impl)) *Impl {
 	}
 	t.Cleanup(func() { ns.Close() })
 
-	lb, err := ipnlocal.NewLocalBackend(logf, "logid", new(mem.Store), dialer, eng, 0)
+	lb, err := ipnlocal.NewLocalBackend(logf, logid.PublicID{}, new(mem.Store), dialer, eng, 0)
 	if err != nil {
 		t.Fatalf("NewLocalBackend: %v", err)
 	}