From 731be077776a52a5480cfede28875a6e44011d25 Mon Sep 17 00:00:00 2001
From: Tom DNetto <tom@tailscale.com>
Date: Wed, 30 Nov 2022 11:06:51 -0800
Subject: [PATCH] cmd/tailscale/cli: show rotation key when suggesting lock
 sign command

Signed-off-by: Tom DNetto <tom@tailscale.com>
---
 cmd/tailscale/cli/network-lock.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/cmd/tailscale/cli/network-lock.go b/cmd/tailscale/cli/network-lock.go
index 8cc6944aa..648cc502d 100644
--- a/cmd/tailscale/cli/network-lock.go
+++ b/cmd/tailscale/cli/network-lock.go
@@ -168,12 +168,17 @@ func runNetworkLockStatus(ctx context.Context, args []string) error {
 	}
 	fmt.Println()
 
-	if st.Enabled && st.NodeKey != nil {
+	if st.Enabled && st.NodeKey != nil && !st.PublicKey.IsZero() {
 		if st.NodeKeySigned {
 			fmt.Println("This node is accessible under tailnet-lock.")
 		} else {
+			p, err := st.PublicKey.MarshalText()
+			if err != nil {
+				return err
+			}
+
 			fmt.Println("This node is LOCKED OUT by tailnet-lock, and action is required to establish connectivity.")
-			fmt.Printf("Run the following command on a node with a trusted key:\n\ttailscale lock sign %v\n", st.NodeKey)
+			fmt.Printf("Run the following command on a node with a trusted key:\n\ttailscale lock sign %v %s\n", st.NodeKey, p)
 		}
 		fmt.Println()
 	}