mirrors
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
tailscale/tailcfg
History
Tom DNetto f1ab11e961 ipn/ipnlocal,tailcfg: introduce capability to gate TKA init paths 
Previously, `TAILSCALE_USE_WIP_CODE` was needed to hit a bunch of the TKA paths. With
this change:

 - Enablement codepaths (NetworkLockInit) and initialization codepaths (tkaBootstrapFromGenesisLocked via tkaSyncIfNeeded)
   require either the WIP envknob or CapabilityTailnetLockAlpha.
 - Normal operation codepaths (tkaSyncIfNeeded, tkaFilterNetmapLocked) require TKA to be initialized, or either-or the
   envknob / capability.
 - Auxillary commands (ie: changing tka keys) require TKA to be initialized.

The end result is that it shouldn't be possible to initialize TKA (or subsequently use any of its features) without being
sent the capability or setting the envknob on tailscaled yourself.

I've also pulled out a bunch of unnecessary checks for CanSupportNetworkLock().

Signed-off-by: Tom DNetto <tom@tailscale.com>
 		2022-11-30 13:50:22 -08:00
..
c2ntypes.go ipn/ipnlocal: add c2n method to get SSH username candidates 2022-09-19 10:37:04 -07:00
derpmap.go net/netcheck: deflake (maybe) magicsock's TestNewConn 2022-11-05 22:02:13 -07:00
tailcfg.go ipn/ipnlocal,tailcfg: introduce capability to gate TKA init paths 2022-11-30 13:50:22 -08:00
tailcfg_clone.go tailcfg: add Hostinfo.WireIngress bool 2022-11-15 21:06:18 -08:00
tailcfg_test.go tailcfg: add Hostinfo.WireIngress bool 2022-11-15 21:06:18 -08:00
tailcfg_view.go tailcfg: add Hostinfo.WireIngress bool 2022-11-15 21:06:18 -08:00
tka.go cmd/tailscale,ipn: improve UX of lock init command, cosmetic changes 2022-11-28 10:39:04 -08:00