archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cmd/tailscale: improve error message when signing without a tailnet lock key

Browse Source 
Updates #8568
Signed-off-by: Tom DNetto <tom@tailscale.com>
pull/8483/head
Tom DNetto 1 year ago committed by Tom
parent b0a984dc26
commit 97ee0bc685
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File

11
cmd/tailscale/cli/network-lock.go
Unescape Escape View File

@ -465,7 +465,16 @@ func runNetworkLockSign(ctx context.Context, args []string) error {
} }
} }
return localClient.NetworkLockSign(ctx, nodeKey, []byte(rotationKey.Verifier())) err := localClient.NetworkLockSign(ctx, nodeKey, []byte(rotationKey.Verifier()))
// Provide a better help message for when someone clicks through the signing flow
// on the wrong device.
if err != nil && strings.Contains(err.Error(), "this node is not trusted by network lock") {
fmt.Fprintln(os.Stderr, "Error: Signing is not available on this device because it does not have a trusted tailnet lock key.")
fmt.Fprintln(os.Stderr)
fmt.Fprintln(os.Stderr, "Try again on a signing device instead. Tailnet admins can see signing devices on the admin panel.")
fmt.Fprintln(os.Stderr)
}
return err
} }
var nlDisableCmd = &ffcli.Command{ var nlDisableCmd = &ffcli.Command{

Write Preview
Loading…
Cancel
Save