appc,ipn/local: support wildcard when matching app-connectors

Updates: ENG-2453
Signed-off-by: Tom DNetto <tom@tailscale.com>

ipn/ipnlocal/local.go

@@ -3313,16 +3313,18 @@ func (b *LocalBackend) reconfigAppConnectorLocked(nm *netmap.NetworkMap, prefs i
 		return
 	}
 
+	// Geometric cost, assumes that the number of advertised tags is small
+	selfHasTag := func(attrTags []string) bool {
+		return nm.SelfNode.Tags().ContainsFunc(func(tag string) bool {
+			return slices.Contains(attrTags, tag)
+		})
+	}
+
 	var domains []string
 	for _, attr := range attrs {
-		// Geometric cost, assumes that the number of advertised tags is small
+		if slices.Contains(attr.Connectors, "*") || selfHasTag(attr.Connectors) {
-		if !nm.SelfNode.Tags().ContainsFunc(func(tag string) bool {
+			domains = append(domains, attr.Domains...)
-			return slices.Contains(attr.Connectors, tag)
-		}) {
-			continue
 		}
-
-		domains = append(domains, attr.Domains...)
 	}
 	slices.Sort(domains)
 	slices.Compact(domains)

types/appctype/appconnector.go

@@ -67,6 +67,7 @@ type AppConnectorAttr struct {
 	// Domains can be of the form: example.com, or *.example.com.
 	Domains []string `json:"domains,omitempty"`
 	// Connectors enumerates the app connectors which service these domains.
-	// These can be any target type supported by Tailscale's ACL language.
+	// These can either be "*" to match any advertising connector, or a
+	// tag of the form tag:<tag-name>.
 	Connectors []string `json:"connectors,omitempty"`
 }