From 71c0e8d4288dfe8b965770e71e395078549eb602 Mon Sep 17 00:00:00 2001
From: Anton Tolchanov <anton@tailscale.com>
Date: Mon, 28 Nov 2022 22:33:51 +0000
Subject: [PATCH] api.md: update documentation for the "set ACL" endpoint

This documents the `If-Match: ts-default` header that can be set to only
overwrite the default ACL contents, and also briefly mentions a few of
the new top-level ACL fields.

Updates tailscale/terraform-provider-tailscale#182

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
---
 api.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/api.md b/api.md
index 28d8e4bab..449a1a94b 100644
--- a/api.md
+++ b/api.md
@@ -485,6 +485,8 @@ Returns the updated ACL in JSON or HuJSON according to the `Accept` header on su
 ###### Headers
 `If-Match` - A request header. Set this value to the ETag header provided in an `ACL GET` request to avoid missed updates.
 
+A special value `ts-default` will ensure that ACL will be set only if current ACL is the default one (created automatically for each tailnet).
+
 `Accept` - Sets the return type of the updated ACL. Response is parsed `JSON` if `application/json` is explicitly named, otherwise HuJSON will be returned.
 
 ###### POST Body
@@ -497,6 +499,9 @@ An ACL policy may contain the following top-level properties:
 * `ACLs` - Access control lists.
 * `TagOwners` - Defines who is allowed to use which tags.
 * `Tests` - Run on ACL updates to check correct functionality of defined ACLs.
+* `AutoApprovers` - Defines which users can advertise routes or exit nodes without further approval.
+* `SSH` - Configures access policy for Tailscale SSH.
+* `NodeAttrs` - Defines which devices can use certain features.
 
 See https://tailscale.com/kb/1018/acls for more information on those properties.