From c87782ba9d677ffc7f488e5297ca22c07ada7767 Mon Sep 17 00:00:00 2001 From: Maisem Ali Date: Mon, 13 Mar 2023 15:22:42 -0700 Subject: [PATCH] cmd/k8s-operator: drop trailing dot in tagged node name Also update tailcfg docs. Updates #5055 Signed-off-by: Maisem Ali --- cmd/k8s-operator/proxy.go | 2 +- tailcfg/tailcfg.go | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/cmd/k8s-operator/proxy.go b/cmd/k8s-operator/proxy.go index 847fdd559..11a71d94f 100644 --- a/cmd/k8s-operator/proxy.go +++ b/cmd/k8s-operator/proxy.go @@ -88,7 +88,7 @@ func runAuthProxy(s *tsnet.Server, rt http.RoundTripper, logf logger.Logf) { if who.Node.IsTagged() { // Use the nodes FQDN as the username, and the nodes tags as the groups. // "Impersonate-Group" requires "Impersonate-User" to be set. - r.Header.Set("Impersonate-User", who.Node.Name) + r.Header.Set("Impersonate-User", strings.TrimSuffix(who.Node.Name, ".")) for _, tag := range who.Node.Tags { r.Header.Add("Impersonate-Group", tag) } diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go index 40c026b51..694c022f0 100644 --- a/tailcfg/tailcfg.go +++ b/tailcfg/tailcfg.go @@ -183,7 +183,12 @@ func (emptyStructJSONSlice) UnmarshalJSON([]byte) error { return nil } type Node struct { ID NodeID StableID StableNodeID - Name string // DNS + + // Name is the FQDN of the node. + // It is also the MagicDNS name for the node. + // It has a trailing dot. + // e.g. "host.tail-scale.ts.net." + Name string // User is the user who created the node. If ACL tags are in // use for the node then it doesn't reflect the ACL identity