From 1a64166073adb0ab3adb8f3e8394f2db3cbdd656 Mon Sep 17 00:00:00 2001 From: Sonia Appasamy Date: Tue, 15 Aug 2023 10:49:22 -0400 Subject: [PATCH] cli/serve: add interactive flow for enabling HTTPS certs When trying to use serve with https, send users through https cert provisioning enablement before editing the ServeConfig. Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy --- cmd/tailscale/cli/serve.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/cmd/tailscale/cli/serve.go b/cmd/tailscale/cli/serve.go index 8979a90ed..c83228a0d 100644 --- a/cmd/tailscale/cli/serve.go +++ b/cmd/tailscale/cli/serve.go @@ -23,6 +23,7 @@ import ( "strings" "github.com/peterbourgon/ff/v3/ffcli" + "golang.org/x/exp/slices" "tailscale.com/client/tailscale" "tailscale.com/ipn" "tailscale.com/ipn/ipnstate" @@ -233,6 +234,21 @@ func (e *serveEnv) runServe(ctx context.Context, args []string) error { return flag.ErrHelp } + if srcType == "https" && !turnOff { + // Running serve with https requires that the tailnet has enabled + // https cert provisioning. Send users through an interactive flow + // to enable this if not already done. + // + // TODO(sonia,tailscale/corp#10577): The interactive feature flow + // is behind a control flag. If the tailnet doesn't have the flag + // on, enableFeatureInteractive will error. For now, we hide that + // error and maintain the previous behavior (prior to 2023-08-15) + // of letting them edit the serve config before enabling certs. + e.enableFeatureInteractive(ctx, "serve", func(caps []string) bool { + return slices.Contains(caps, tailcfg.CapabilityHTTPS) + }) + } + srcPort, err := parseServePort(srcPortStr) if err != nil { return fmt.Errorf("invalid port %q: %w", srcPortStr, err)