ipn: replace web client debug flag with node capability
Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>
This commit is contained in:
parent
bd488e4ff8
commit
66c7af3dd3
|
@ -570,9 +570,7 @@ func getLocalBackend(ctx context.Context, logf logger.Logf, logID logid.PublicID
|
||||||
if root := lb.TailscaleVarRoot(); root != "" {
|
if root := lb.TailscaleVarRoot(); root != "" {
|
||||||
dnsfallback.SetCachePath(filepath.Join(root, "derpmap.cached.json"), logf)
|
dnsfallback.SetCachePath(filepath.Join(root, "derpmap.cached.json"), logf)
|
||||||
}
|
}
|
||||||
if envknob.Bool("TS_DEBUG_WEB_UI") {
|
lb.SetWebLocalClient(&tailscale.LocalClient{Socket: args.socketpath, UseSocketOnly: args.socketpath != ""})
|
||||||
lb.SetWebLocalClient(&tailscale.LocalClient{Socket: args.socketpath, UseSocketOnly: args.socketpath != ""})
|
|
||||||
}
|
|
||||||
configureTaildrop(logf, lb)
|
configureTaildrop(logf, lb)
|
||||||
if err := ns.Start(lb); err != nil {
|
if err := ns.Start(lb); err != nil {
|
||||||
log.Fatalf("failed to start netstack: %v", err)
|
log.Fatalf("failed to start netstack: %v", err)
|
||||||
|
|
|
@ -2920,11 +2920,6 @@ func (b *LocalBackend) EditPrefs(mp *ipn.MaskedPrefs) (ipn.PrefsView, error) {
|
||||||
b.logf("EditPrefs requests SSH, but disabled by envknob; returning error")
|
b.logf("EditPrefs requests SSH, but disabled by envknob; returning error")
|
||||||
return ipn.PrefsView{}, errors.New("Tailscale SSH server administratively disabled.")
|
return ipn.PrefsView{}, errors.New("Tailscale SSH server administratively disabled.")
|
||||||
}
|
}
|
||||||
if p1.RunWebClient && !envknob.Bool("TS_DEBUG_WEB_UI") {
|
|
||||||
b.mu.Unlock()
|
|
||||||
b.logf("EditPrefs requests web client, but disabled by envknob; returning error")
|
|
||||||
return ipn.PrefsView{}, errors.New("web ui flag not set")
|
|
||||||
}
|
|
||||||
if p1.View().Equals(p0) {
|
if p1.View().Equals(p0) {
|
||||||
b.mu.Unlock()
|
b.mu.Unlock()
|
||||||
return stripKeysFromPrefs(p0), nil
|
return stripKeysFromPrefs(p0), nil
|
||||||
|
@ -4161,7 +4156,7 @@ func (b *LocalBackend) ResetForClientDisconnect() {
|
||||||
func (b *LocalBackend) ShouldRunSSH() bool { return b.sshAtomicBool.Load() && envknob.CanSSHD() }
|
func (b *LocalBackend) ShouldRunSSH() bool { return b.sshAtomicBool.Load() && envknob.CanSSHD() }
|
||||||
|
|
||||||
func (b *LocalBackend) ShouldRunWebClient() bool {
|
func (b *LocalBackend) ShouldRunWebClient() bool {
|
||||||
return b.webclientAtomicBool.Load() && envknob.Bool("TS_DEBUG_WEB_UI")
|
return b.webclientAtomicBool.Load() && hasCapability(b.netMap, tailcfg.CapabilityPreviewWebClient)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ShouldHandleViaIP reports whether ip is an IPv6 address in the
|
// ShouldHandleViaIP reports whether ip is an IPv6 address in the
|
||||||
|
|
|
@ -13,8 +13,8 @@ import (
|
||||||
|
|
||||||
"tailscale.com/client/tailscale"
|
"tailscale.com/client/tailscale"
|
||||||
"tailscale.com/client/web"
|
"tailscale.com/client/web"
|
||||||
"tailscale.com/envknob"
|
|
||||||
"tailscale.com/net/netutil"
|
"tailscale.com/net/netutil"
|
||||||
|
"tailscale.com/tailcfg"
|
||||||
)
|
)
|
||||||
|
|
||||||
// webClient holds state for the web interface for managing
|
// webClient holds state for the web interface for managing
|
||||||
|
@ -41,8 +41,8 @@ func (b *LocalBackend) SetWebLocalClient(lc *tailscale.LocalClient) {
|
||||||
// tailscaled instance.
|
// tailscaled instance.
|
||||||
// If the web interface is already running, WebClientInit is a no-op.
|
// If the web interface is already running, WebClientInit is a no-op.
|
||||||
func (b *LocalBackend) WebClientInit() (err error) {
|
func (b *LocalBackend) WebClientInit() (err error) {
|
||||||
if !envknob.Bool("TS_DEBUG_WEB_UI") {
|
if !hasCapability(b.netMap, tailcfg.CapabilityPreviewWebClient) {
|
||||||
return errors.New("web ui flag unset")
|
return errors.New("web client not enabled for this device")
|
||||||
}
|
}
|
||||||
|
|
||||||
b.mu.Lock()
|
b.mu.Lock()
|
||||||
|
|
|
@ -2040,6 +2040,7 @@ const (
|
||||||
CapabilityDataPlaneAuditLogs NodeCapability = "https://tailscale.com/cap/data-plane-audit-logs" // feature enabled
|
CapabilityDataPlaneAuditLogs NodeCapability = "https://tailscale.com/cap/data-plane-audit-logs" // feature enabled
|
||||||
CapabilityDebug NodeCapability = "https://tailscale.com/cap/debug" // exposes debug endpoints over the PeerAPI
|
CapabilityDebug NodeCapability = "https://tailscale.com/cap/debug" // exposes debug endpoints over the PeerAPI
|
||||||
CapabilityHTTPS NodeCapability = "https" // https cert provisioning enabled on tailnet
|
CapabilityHTTPS NodeCapability = "https" // https cert provisioning enabled on tailnet
|
||||||
|
CapabilityPreviewWebClient NodeCapability = "preview-webclient" // allows starting web client in tailscaled
|
||||||
|
|
||||||
// CapabilityBindToInterfaceByRoute changes how Darwin nodes create
|
// CapabilityBindToInterfaceByRoute changes how Darwin nodes create
|
||||||
// sockets (in the net/netns package). See that package for more
|
// sockets (in the net/netns package). See that package for more
|
||||||
|
|
Loading…
Reference in New Issue