appc,ipn/local: support wildcard when matching app-connectors

Updates: ENG-2453 Signed-off-by: Tom DNetto <tom@tailscale.com>
6 months ago · 611e0a5bcc
parent 1af7f5b549
commit 611e0a5bcc
2 changed files with 11 additions and 8 deletions
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@ -3313,16 +3313,18 @@ func (b *LocalBackend) reconfigAppConnectorLocked(nm *netmap.NetworkMap, prefs i
 		return
 	}

+	// Geometric cost, assumes that the number of advertised tags is small
+	selfHasTag := func(attrTags []string) bool {
+		return nm.SelfNode.Tags().ContainsFunc(func(tag string) bool {
+			return slices.Contains(attrTags, tag)
+		})
+	}
+
 	var domains []string
 	for _, attr := range attrs {
-		// Geometric cost, assumes that the number of advertised tags is small
-		if !nm.SelfNode.Tags().ContainsFunc(func(tag string) bool {
-			return slices.Contains(attr.Connectors, tag)
-		}) {
-			continue
+		if slices.Contains(attr.Connectors, "*") || selfHasTag(attr.Connectors) {
+			domains = append(domains, attr.Domains...)
 		}
-
-		domains = append(domains, attr.Domains...)
 	}
 	slices.Sort(domains)
 	slices.Compact(domains)
--- a/types/appctype/appconnector.go
+++ b/types/appctype/appconnector.go
@ -67,6 +67,7 @@ type AppConnectorAttr struct {
 	// Domains can be of the form: example.com, or *.example.com.
 	Domains []string `json:"domains,omitempty"`
 	// Connectors enumerates the app connectors which service these domains.
-	// These can be any target type supported by Tailscale's ACL language.
+	// These can either be "*" to match any advertising connector, or a
+	// tag of the form tag:<tag-name>.
 	Connectors []string `json:"connectors,omitempty"`
 }