archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

api.md: lowercase ACL field names

Browse Source 
Making this match https://tailscale.com/kb/1018/acls

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
pull/6599/head
Anton Tolchanov 2 years ago committed by Anton Tolchanov
parent 71c0e8d428
commit d6dbefaa91
1 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File

68
api.md
Unescape Escape View File

@ -402,20 +402,20 @@ Etag: "e0b2816b418b3f266309d94426ac7668ab3c1fa87798785bf82f1085cc2f6d9c"
// Example/default ACLs for unrestricted connections. // Example/default ACLs for unrestricted connections.
{ {
"Tests": [], "tests": [],
// Declare static groups of users beyond those in the identity service. // Declare static groups of users beyond those in the identity service.
"Groups": { "groups": {
"group:example": [ "group:example": [
"user1@example.com", "user1@example.com",
"user2@example.com" "user2@example.com"
], ],
}, },
// Declare convenient hostname aliases to use in place of IP addresses. // Declare convenient hostname aliases to use in place of IP addresses.
"Hosts": { "hosts": {
"example-host-1": "100.100.100.100", "example-host-1": "100.100.100.100",
}, },
// Access control lists. // Access control lists.
"ACLs": [ "acls": [
// Match absolutely everything. Comment out this section if you want // Match absolutely everything. Comment out this section if you want
// to define specific ACL restrictions. // to define specific ACL restrictions.
{ {
@ -494,14 +494,14 @@ A special value `ts-default` will ensure that ACL will be set only if current AC
The POST body should be a JSON or [HuJSON](https://github.com/tailscale/hujson#hujson---human-json) formatted JSON object. The POST body should be a JSON or [HuJSON](https://github.com/tailscale/hujson#hujson---human-json) formatted JSON object.
An ACL policy may contain the following top-level properties: An ACL policy may contain the following top-level properties:
* `Groups` - Static groups of users which can be used for ACL rules. * `groups` - Static groups of users which can be used for ACL rules.
* `Hosts` - Hostname aliases to use in place of IP addresses or subnets. * `hosts` - Hostname aliases to use in place of IP addresses or subnets.
* `ACLs` - Access control lists. * `acls` - Access control lists.
* `TagOwners` - Defines who is allowed to use which tags. * `tagOwners` - Defines who is allowed to use which tags.
* `Tests` - Run on ACL updates to check correct functionality of defined ACLs. * `tests` - Run on ACL updates to check correct functionality of defined ACLs.
* `AutoApprovers` - Defines which users can advertise routes or exit nodes without further approval. * `autoApprovers` - Defines which users can advertise routes or exit nodes without further approval.
* `SSH` - Configures access policy for Tailscale SSH. * `ssh` - Configures access policy for Tailscale SSH.
* `NodeAttrs` - Defines which devices can use certain features. * `nodeAttrs` - Defines which devices can use certain features.
See https://tailscale.com/kb/1018/acls for more information on those properties. See https://tailscale.com/kb/1018/acls for more information on those properties.
@ -514,22 +514,22 @@ curl 'https://api.tailscale.com/api/v2/tailnet/example.com/acl' \
--data-binary '// Example/default ACLs for unrestricted connections. --data-binary '// Example/default ACLs for unrestricted connections.
{ {
// Declare tests to check functionality of ACL rules. User must be a valid user with registered machines. // Declare tests to check functionality of ACL rules. User must be a valid user with registered machines.
"Tests": [ "tests": [
// {"User": "user1@example.com", "Allow": ["example-host-1:22"], "Deny": ["example-host-2:100"]}, // {"src": "user1@example.com", "accept": ["example-host-1:22"], "deny": ["example-host-2:100"]},
], ],
// Declare static groups of users beyond those in the identity service. // Declare static groups of users beyond those in the identity service.
"Groups": { "groups": {
"group:example": [ "user1@example.com", "user2@example.com" ], "group:example": [ "user1@example.com", "user2@example.com" ],
}, },
// Declare convenient hostname aliases to use in place of IP addresses. // Declare convenient hostname aliases to use in place of IP addresses.
"Hosts": { "hosts": {
"example-host-1": "100.100.100.100", "example-host-1": "100.100.100.100",
}, },
// Access control lists. // Access control lists.
"ACLs": [ "acls": [
// Match absolutely everything. Comment out this section if you want // Match absolutely everything. Comment out this section if you want
// to define specific ACL restrictions. // to define specific ACL restrictions.
{ "Action": "accept", "Users": ["*"], "Ports": ["*:*"] }, { "action": "accept", "users": ["*"], "ports": ["*:*"] },
] ]
}' }'
``` ```
@ -539,22 +539,22 @@ Response:
// Example/default ACLs for unrestricted connections. // Example/default ACLs for unrestricted connections.
{ {
// Declare tests to check functionality of ACL rules. User must be a valid user with registered machines. // Declare tests to check functionality of ACL rules. User must be a valid user with registered machines.
"Tests": [ "tests": [
// {"User": "user1@example.com", "Allow": ["example-host-1:22"], "Deny": ["example-host-2:100"]}, // {"src": "user1@example.com", "accept": ["example-host-1:22"], "deny": ["example-host-2:100"]},
], ],
// Declare static groups of users beyond those in the identity service. // Declare static groups of users beyond those in the identity service.
"Groups": { "groups": {
"group:example": [ "user1@example.com", "user2@example.com" ], "group:example": [ "user1@example.com", "user2@example.com" ],
}, },
// Declare convenient hostname aliases to use in place of IP addresses. // Declare convenient hostname aliases to use in place of IP addresses.
"Hosts": { "hosts": {
"example-host-1": "100.100.100.100", "example-host-1": "100.100.100.100",
}, },
// Access control lists. // Access control lists.
"ACLs": [ "acls": [
// Match absolutely everything. Comment out this section if you want // Match absolutely everything. Comment out this section if you want
// to define specific ACL restrictions. // to define specific ACL restrictions.
{ "Action": "accept", "Users": ["*"], "Ports": ["*:*"] }, { "action": "accept", "users": ["*"], "ports": ["*:*"] },
] ]
} }
``` ```
@ -597,22 +597,22 @@ curl 'https://api.tailscale.com/api/v2/tailnet/example.com/acl/preview?previewFo
--data-binary '// Example/default ACLs for unrestricted connections. --data-binary '// Example/default ACLs for unrestricted connections.
{ {
// Declare tests to check functionality of ACL rules. User must be a valid user with registered machines. // Declare tests to check functionality of ACL rules. User must be a valid user with registered machines.
"Tests": [ "tests": [
// {"User": "user1@example.com", "Allow": ["example-host-1:22"], "Deny": ["example-host-2:100"]}, // {"src": "user1@example.com", "accept": ["example-host-1:22"], "deny": ["example-host-2:100"]},
], ],
// Declare static groups of users beyond those in the identity service. // Declare static groups of users beyond those in the identity service.
"Groups": { "groups": {
"group:example": [ "user1@example.com", "user2@example.com" ], "group:example": [ "user1@example.com", "user2@example.com" ],
}, },
// Declare convenient hostname aliases to use in place of IP addresses. // Declare convenient hostname aliases to use in place of IP addresses.
"Hosts": { "hosts": {
"example-host-1": "100.100.100.100", "example-host-1": "100.100.100.100",
}, },
// Access control lists. // Access control lists.
"ACLs": [ "acls": [
// Match absolutely everything. Comment out this section if you want // Match absolutely everything. Comment out this section if you want
// to define specific ACL restrictions. // to define specific ACL restrictions.
{ "Action": "accept", "Users": ["*"], "Ports": ["*:*"] }, { "action": "accept", "users": ["*"], "ports": ["*:*"] },
] ]
}' }'
``` ```
@ -648,7 +648,7 @@ curl 'https://api.tailscale.com/api/v2/tailnet/example.com/acl/validate' \
-u "tskey-yourapikey123:" \ -u "tskey-yourapikey123:" \
--data-binary ' --data-binary '
[ [
{"User": "user1@example.com", "Allow": ["example-host-1:22"], "Deny": ["example-host-2:100"]} {"src": "user1@example.com", "accept": ["example-host-1:22"], "deny": ["example-host-2:100"]}
]' ]'
``` ```
@ -659,10 +659,10 @@ curl 'https://api.tailscale.com/api/v2/tailnet/example.com/acl/validate' \
-u "tskey-yourapikey123:" \ -u "tskey-yourapikey123:" \
--data-binary ' --data-binary '
{ {
"ACLs": [ "acls": [
{ "Action": "accept", "src": ["100.105.106.107"], "dst": ["1.2.3.4:*"] }, { "action": "accept", "src": ["100.105.106.107"], "dst": ["1.2.3.4:*"] },
], ],
"Tests", [ "tests", [
{"src": "100.105.106.107", "allow": ["1.2.3.4:80"]} {"src": "100.105.106.107", "allow": ["1.2.3.4:80"]}
], ],
}' }'

Write Preview
Loading…
Cancel
Save