We should add a SetDeviceKey method to the client that implements the API call described in the documentation here:
https://github.com/tailscale/tailscale/blob/main/api.md#post-apiv2devicedeviceidkey---update-device-key

This is required to implement https://github.com/davidsbond/terraform-provider-tailscale/issues/78

Similarly to tailscale/terraform-provider-tailscale#142, this repo also needs the github workflow to be changed from master to main:

https://github.com/tailscale/tailscale-client-go/blob/main/.github/workflows/ci.yml#L5

There is a feature that allows to block ACL edits from admin console by specifying special comment in the top of the ACL: https://tailscale.com/kb/1204/gitops-acls/#prevent-others-from-accidentally-modifying-your-tailnet-policy-file
However, there is no way to pass such comment when using Client's SetACL() method, because it only accepts ACL structure. Maybe it could be added via SetACLOption?

After adding it here it would be nice to add the same feature in https://github.com/tailscale/terraform-provider-tailscale.

Hello team,

Would it make sense to add support for the network-flow-logs side of the API? Or perhaps you don't consider that part of the API?
Happy to prepare a PR if you think that'll be useful.

Thank you.

Since the new release 1.7.0, creating an auth key returns a 400 bad request:

json: unknown field "expirySeconds" (400)

Previous version 1.6.0 creates the key successfully.

Currently the client only supports getting a single key by ID. I have a usecase for listing all keys, which is not possible using the current client.

Relevant API doc

We are using the Tailscale Terraform provider and recently noticed an issue where a terraform plan would show planned removals for various null values/empty strings when updating an ACL:

# tailscale_acl.acl will be updated in-place
  ~ resource "tailscale_acl" "acl" {
      ~ acl = jsonencode(
          ~ {                                                                                                                            
                ~ acls      = [
                  ~ {
                      - ports  = null -> null
                      - proto  = "" -> null
                      ~ src    = [
                            # (1 unchanged element hidden)
                            "foo",
                          - "bar",
                            "foo2",
                            # (13 unchanged elements hidden)
                        ]
                      - users  = null -> null
                        # (2 unchanged elements hidden)                                                                                                   
		      },

With the above example we are using the src and dst fields in the ACL, and the removal of 'bar' is expected. The fields ports, proto and users don't exist in the ACL associated with our tailnet, and they aren't present in our Terraform configuration either. If we apply a plan like the above we end up with those fields being added to our ACL (with null values in the case of users and ports, and an empty string in the case of proto). This doesn't seem to affect the functionality of the ACL, but it is confusing when reviewing it via the Tailscale console/as part of a Terraform plan.

I think the issue might be that the fields ports, proto and users are optional when getting or setting an ACL via the Tailscale API. When the Terraform provider retrieves the ACL using tailscale-client-go, if those fields are omitted in the API response they get set as null or empty values. I think the fix might be simply adding the omitempty option to the relevant fields in this struct:

https://github.com/tailscale/tailscale-client-go/blob/main/tailscale/client.go#L243-L250

But I'm not a Go developer, so I thought I'd raise an issue in the first instance instead of raising a PR :)

add the ability to auth against the new oauth endpoints

package main

import (
	"context"
	"log"
	"os"

	"github.com/tailscale/tailscale-client-go/tailscale"
)

func main() {
	apiKey := os.Getenv("TAILSCALE_API_KEY")
	tailnet := os.Getenv("TAILSCALE_TAILNET")

	client, err := tailscale.NewClient(apiKey, tailnet)
	if err != nil {
		log.Fatalln(err)
	}

	// List all your devices
	devices, err := client.Devices(context.Background())
	if err == nil {
		fmt.Println("List if tailscale devices")
		for _, device := range devices {
			fmt.Printf("%+v \n", device)
                 }
	} else {
		log.Fatalln("problem in listing tailscale devices: ", err)
	}
}

Check For Hostname and name field they are interchanged

An error response from the API can contain a data field with additional context for errors. This is specifically used for tests within ACL files. We should add the data field as described in the API documentation

Related to https://github.com/davidsbond/terraform-provider-tailscale/issues/73

Constant stream of logs showing up when tailscale is up

E0420 17:02:18.969343  120985 reflector.go:147] k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *unstructured.Unstructured: failed to list *unstructured.Unstructured: Get "https://100.71.227.32:6443/api/v1/namespaces?fieldSelector=metadata.name%3Dmariadb-operator&resourceVersion=8422293": dial tcp 100.71.227.32:6443: connect: connection refused
W0420 17:03:06.882471  120985 reflector.go:539] k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *unstructured.Unstructured: Get "https://100.71.227.32:6443/api/v1/namespaces?fieldSelector=metadata.name%3Dmariadb-operator&resourceVersion=8422293": dial tcp 100.71.227.32:6443: connect: connection refused
E0420 17:03:06.882687  120985 reflector.go:147] k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *unstructured.Unstructured: failed to list *unstructured.Unstructured: Get "https://100.71.227.32:6443/api/v1/namespaces?fieldSelector=metadata.name%3Dmariadb-operator&resourceVersion=8422293": dial tcp 100.71.227.32:6443: connect: connection refused
W0420 17:03:49.495196  120985 reflector.go:539] k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *unstructured.Unstructured: Get "https://100.71.227.32:6443/api/v1/namespaces?fieldSelector=metadata.name%3Dmariadb-operator&resourceVersion=8422293": dial tcp 100.71.227.32:6443: connect: connection refused

This cluster/operators have been deleted, so not sure how this is left behind, and if so how shall I delete this?

Doesn't appear in the list of machines/services/apps.

Hello,

This is very useful client library, thanks for this and the larger Tailscale product which is truly amazing.

One quick question: Upon comparing the results from this client (via the tailscale api) I'm noticing the LastSeen field on the Devices struct seems to be heavily cached or outdated vs what shows in the admin console.

If this is a reasonable request: would it be possible to have the LastSeen value recent enough so that applications can basically also show a connected status when the time delta is small enough just like the official TailScale admin console is showing in the LastSeen column?

As a side note: If I make a change to my tailnet such as to bring a machine online or offline it seems that such an action causes the api data to flush from the cache and I can get a recent LastSeen but then it gets outdated again with no API, tailnet manipulation.

Thank you for this lovely project 👋

Would it be possible to add an option to configure the http.Client set in:

This is useful for implementing retries via https://github.com/hashicorp/go-retryablehttp