tailscale / tailscale-client-go Goto Github PK
View Code? Open in Web Editor NEWA client implementation for the Tailscale HTTP API
License: MIT License
A client implementation for the Tailscale HTTP API
License: MIT License
An error response from the API can contain a data
field with additional context for errors. This is specifically used for tests within ACL files. We should add the data
field as described in the API documentation
Related to https://github.com/davidsbond/terraform-provider-tailscale/issues/73
We should add a SetDeviceKey
method to the client that implements the API call described in the documentation here:
https://github.com/tailscale/tailscale/blob/main/api.md#post-apiv2devicedeviceidkey---update-device-key
This is required to implement https://github.com/davidsbond/terraform-provider-tailscale/issues/78
add the ability to auth against the new oauth endpoints
Constant stream of logs showing up when tailscale
is up
E0420 17:02:18.969343 120985 reflector.go:147] k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *unstructured.Unstructured: failed to list *unstructured.Unstructured: Get "https://100.71.227.32:6443/api/v1/namespaces?fieldSelector=metadata.name%3Dmariadb-operator&resourceVersion=8422293": dial tcp 100.71.227.32:6443: connect: connection refused
W0420 17:03:06.882471 120985 reflector.go:539] k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *unstructured.Unstructured: Get "https://100.71.227.32:6443/api/v1/namespaces?fieldSelector=metadata.name%3Dmariadb-operator&resourceVersion=8422293": dial tcp 100.71.227.32:6443: connect: connection refused
E0420 17:03:06.882687 120985 reflector.go:147] k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *unstructured.Unstructured: failed to list *unstructured.Unstructured: Get "https://100.71.227.32:6443/api/v1/namespaces?fieldSelector=metadata.name%3Dmariadb-operator&resourceVersion=8422293": dial tcp 100.71.227.32:6443: connect: connection refused
W0420 17:03:49.495196 120985 reflector.go:539] k8s.io/[email protected]/tools/cache/reflector.go:229: failed to list *unstructured.Unstructured: Get "https://100.71.227.32:6443/api/v1/namespaces?fieldSelector=metadata.name%3Dmariadb-operator&resourceVersion=8422293": dial tcp 100.71.227.32:6443: connect: connection refused
This cluster/operators have been deleted, so not sure how this is left behind, and if so how shall I delete this?
Doesn't appear in the list of machines/services/apps.
There is a feature that allows to block ACL edits from admin console by specifying special comment in the top of the ACL: https://tailscale.com/kb/1204/gitops-acls/#prevent-others-from-accidentally-modifying-your-tailnet-policy-file
However, there is no way to pass such comment when using Client
's SetACL()
method, because it only accepts ACL
structure. Maybe it could be added via SetACLOption
?
After adding it here it would be nice to add the same feature in https://github.com/tailscale/terraform-provider-tailscale.
Thank you for this lovely project ๐
Would it be possible to add an option to configure the http.Client
set in:
tailscale-client-go/tailscale/client.go
Line 77 in b40c082
This is useful for implementing retries via https://github.com/hashicorp/go-retryablehttp
We are using the Tailscale Terraform provider and recently noticed an issue where a terraform plan
would show planned removals for various null values/empty strings when updating an ACL:
# tailscale_acl.acl will be updated in-place
~ resource "tailscale_acl" "acl" {
~ acl = jsonencode(
~ {
~ acls = [
~ {
- ports = null -> null
- proto = "" -> null
~ src = [
# (1 unchanged element hidden)
"foo",
- "bar",
"foo2",
# (13 unchanged elements hidden)
]
- users = null -> null
# (2 unchanged elements hidden)
},
With the above example we are using the src
and dst
fields in the ACL, and the removal of 'bar' is expected. The fields ports
, proto
and users
don't exist in the ACL associated with our tailnet, and they aren't present in our Terraform configuration either. If we apply a plan like the above we end up with those fields being added to our ACL (with null values in the case of users
and ports
, and an empty string in the case of proto
). This doesn't seem to affect the functionality of the ACL, but it is confusing when reviewing it via the Tailscale console/as part of a Terraform plan.
I think the issue might be that the fields ports
, proto
and users
are optional when getting or setting an ACL via the Tailscale API. When the Terraform provider retrieves the ACL using tailscale-client-go, if those fields are omitted in the API response they get set as null or empty values. I think the fix might be simply adding the omitempty
option to the relevant fields in this struct:
https://github.com/tailscale/tailscale-client-go/blob/main/tailscale/client.go#L243-L250
But I'm not a Go developer, so I thought I'd raise an issue in the first instance instead of raising a PR :)
Hello team,
Would it make sense to add support for the network-flow-logs side of the API? Or perhaps you don't consider that part of the API?
Happy to prepare a PR if you think that'll be useful.
Thank you.
Currently the client only supports getting a single key by ID. I have a usecase for listing all keys, which is not possible using the current client.
Hello,
This is very useful client library, thanks for this and the larger Tailscale product which is truly amazing.
One quick question: Upon comparing the results from this client (via the tailscale api) I'm noticing the LastSeen
field on the Devices
struct seems to be heavily cached or outdated vs what shows in the admin console.
If this is a reasonable request: would it be possible to have the LastSeen
value recent enough so that applications can basically also show a connected
status when the time delta is small enough just like the official TailScale admin console is showing in the LastSeen
column?
As a side note: If I make a change to my tailnet such as to bring a machine online or offline it seems that such an action causes the api data to flush from the cache and I can get a recent LastSeen but then it gets outdated again with no API, tailnet manipulation.
Since the new release 1.7.0, creating an auth key returns a 400 bad request:
json: unknown field "expirySeconds" (400)
Previous version 1.6.0 creates the key successfully.
Similarly to tailscale/terraform-provider-tailscale#142, this repo also needs the github workflow to be changed from master
to main
:
https://github.com/tailscale/tailscale-client-go/blob/main/.github/workflows/ci.yml#L5
package main
import (
"context"
"log"
"os"
"github.com/tailscale/tailscale-client-go/tailscale"
)
func main() {
apiKey := os.Getenv("TAILSCALE_API_KEY")
tailnet := os.Getenv("TAILSCALE_TAILNET")
client, err := tailscale.NewClient(apiKey, tailnet)
if err != nil {
log.Fatalln(err)
}
// List all your devices
devices, err := client.Devices(context.Background())
if err == nil {
fmt.Println("List if tailscale devices")
for _, device := range devices {
fmt.Printf("%+v \n", device)
}
} else {
log.Fatalln("problem in listing tailscale devices: ", err)
}
}
Check For Hostname and name field they are interchanged
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.