cmd/tailscale: add -webclient flag to up and set

Initially, only expose this flag on dev and unstable builds.

Updates tailscale/corp#14335

Signed-off-by: Will Norris <will@tailscale.com>
pull/10171/head
Will Norris 1 year ago committed by Will Norris
parent f937cb6794
commit fdbe511c41

@ -905,6 +905,7 @@ func TestUpdatePrefs(t *testing.T) {
OperatorUserSet: true, OperatorUserSet: true,
RouteAllSet: true, RouteAllSet: true,
RunSSHSet: true, RunSSHSet: true,
RunWebClientSet: true,
ShieldsUpSet: true, ShieldsUpSet: true,
WantRunningSet: true, WantRunningSet: true,
}, },

@ -42,6 +42,7 @@ type setArgsT struct {
exitNodeAllowLANAccess bool exitNodeAllowLANAccess bool
shieldsUp bool shieldsUp bool
runSSH bool runSSH bool
runWebClient bool
hostname string hostname string
advertiseRoutes string advertiseRoutes string
advertiseDefaultRoute bool advertiseDefaultRoute bool
@ -73,6 +74,11 @@ func newSetFlagSet(goos string, setArgs *setArgsT) *flag.FlagSet {
setf.BoolVar(&setArgs.updateApply, "auto-update", false, "automatically update to the latest available version") setf.BoolVar(&setArgs.updateApply, "auto-update", false, "automatically update to the latest available version")
setf.BoolVar(&setArgs.postureChecking, "posture-checking", false, "HIDDEN: allow management plane to gather device posture information") setf.BoolVar(&setArgs.postureChecking, "posture-checking", false, "HIDDEN: allow management plane to gather device posture information")
// TODO(tailscale/corp#14335): during development only expose -webclient on dev and unstable builds
if version.GetMeta().IsDev || version.IsUnstableBuild() {
setf.BoolVar(&setArgs.runWebClient, "webclient", false, "run a web client, permitting access per tailnet admin's declared policy")
}
if safesocket.GOOSUsesPeerCreds(goos) { if safesocket.GOOSUsesPeerCreds(goos) {
setf.StringVar(&setArgs.opUser, "operator", "", "Unix username to allow to operate on tailscaled without sudo") setf.StringVar(&setArgs.opUser, "operator", "", "Unix username to allow to operate on tailscaled without sudo")
} }
@ -108,6 +114,7 @@ func runSet(ctx context.Context, args []string) (retErr error) {
ExitNodeAllowLANAccess: setArgs.exitNodeAllowLANAccess, ExitNodeAllowLANAccess: setArgs.exitNodeAllowLANAccess,
ShieldsUp: setArgs.shieldsUp, ShieldsUp: setArgs.shieldsUp,
RunSSH: setArgs.runSSH, RunSSH: setArgs.runSSH,
RunWebClient: setArgs.runWebClient,
Hostname: setArgs.hostname, Hostname: setArgs.hostname,
OperatorUser: setArgs.opUser, OperatorUser: setArgs.opUser,
ForceDaemon: setArgs.forceDaemon, ForceDaemon: setArgs.forceDaemon,

@ -116,6 +116,11 @@ func newUpFlagSet(goos string, upArgs *upArgsT, cmd string) *flag.FlagSet {
upf.BoolVar(&upArgs.advertiseConnector, "advertise-connector", false, "advertise this node as an app connector") upf.BoolVar(&upArgs.advertiseConnector, "advertise-connector", false, "advertise this node as an app connector")
upf.BoolVar(&upArgs.advertiseDefaultRoute, "advertise-exit-node", false, "offer to be an exit node for internet traffic for the tailnet") upf.BoolVar(&upArgs.advertiseDefaultRoute, "advertise-exit-node", false, "offer to be an exit node for internet traffic for the tailnet")
// TODO(tailscale/corp#14335): during development only expose -webclient on dev and unstable builds
if version.GetMeta().IsDev || version.IsUnstableBuild() {
upf.BoolVar(&upArgs.runWebClient, "webclient", false, "run a web client, permitting access per tailnet admin's declared policy")
}
if safesocket.GOOSUsesPeerCreds(goos) { if safesocket.GOOSUsesPeerCreds(goos) {
upf.StringVar(&upArgs.opUser, "operator", "", "Unix username to allow to operate on tailscaled without sudo") upf.StringVar(&upArgs.opUser, "operator", "", "Unix username to allow to operate on tailscaled without sudo")
} }
@ -161,6 +166,7 @@ type upArgsT struct {
exitNodeAllowLANAccess bool exitNodeAllowLANAccess bool
shieldsUp bool shieldsUp bool
runSSH bool runSSH bool
runWebClient bool
forceReauth bool forceReauth bool
forceDaemon bool forceDaemon bool
advertiseRoutes string advertiseRoutes string
@ -279,6 +285,7 @@ func prefsFromUpArgs(upArgs upArgsT, warnf logger.Logf, st *ipnstate.Status, goo
prefs.AllowSingleHosts = upArgs.singleRoutes prefs.AllowSingleHosts = upArgs.singleRoutes
prefs.ShieldsUp = upArgs.shieldsUp prefs.ShieldsUp = upArgs.shieldsUp
prefs.RunSSH = upArgs.runSSH prefs.RunSSH = upArgs.runSSH
prefs.RunWebClient = upArgs.runWebClient
prefs.AdvertiseRoutes = routes prefs.AdvertiseRoutes = routes
prefs.AdvertiseTags = tags prefs.AdvertiseTags = tags
prefs.Hostname = upArgs.hostname prefs.Hostname = upArgs.hostname
@ -730,6 +737,7 @@ func init() {
addPrefFlagMapping("unattended", "ForceDaemon") addPrefFlagMapping("unattended", "ForceDaemon")
addPrefFlagMapping("operator", "OperatorUser") addPrefFlagMapping("operator", "OperatorUser")
addPrefFlagMapping("ssh", "RunSSH") addPrefFlagMapping("ssh", "RunSSH")
addPrefFlagMapping("webclient", "RunWebClient")
addPrefFlagMapping("nickname", "ProfileName") addPrefFlagMapping("nickname", "ProfileName")
addPrefFlagMapping("update-check", "AutoUpdate") addPrefFlagMapping("update-check", "AutoUpdate")
addPrefFlagMapping("auto-update", "AutoUpdate") addPrefFlagMapping("auto-update", "AutoUpdate")
@ -938,6 +946,8 @@ func prefsToFlags(env upCheckEnv, prefs *ipn.Prefs) (flagVal map[string]any) {
panic(fmt.Sprintf("unhandled flag %q", f.Name)) panic(fmt.Sprintf("unhandled flag %q", f.Name))
case "ssh": case "ssh":
set(prefs.RunSSH) set(prefs.RunSSH)
case "webclient":
set(prefs.RunWebClient)
case "login-server": case "login-server":
set(prefs.ControlURL) set(prefs.ControlURL)
case "accept-routes": case "accept-routes":

Loading…
Cancel
Save