mirror of
https://github.com/tailscale/tailscale.git
synced 2025-10-05 04:21:01 +02:00
dd615c8fdd
Updates #12614 Change-Id: Ic0eba982aa8468a55c63e1b763345f032a55b4e2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
979 lines
34 KiB
Go
979 lines
34 KiB
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
// Code generated by tailscale/cmd/viewer; DO NOT EDIT.
|
|
|
|
package ipn
|
|
|
|
import (
|
|
jsonv1 "encoding/json"
|
|
"errors"
|
|
"net/netip"
|
|
|
|
jsonv2 "github.com/go-json-experiment/json"
|
|
"github.com/go-json-experiment/json/jsontext"
|
|
"tailscale.com/drive"
|
|
"tailscale.com/tailcfg"
|
|
"tailscale.com/types/opt"
|
|
"tailscale.com/types/persist"
|
|
"tailscale.com/types/preftype"
|
|
"tailscale.com/types/views"
|
|
)
|
|
|
|
//go:generate go run tailscale.com/cmd/cloner -clonefunc=false -type=LoginProfile,Prefs,ServeConfig,ServiceConfig,TCPPortHandler,HTTPHandler,WebServerConfig
|
|
|
|
// View returns a read-only view of LoginProfile.
|
|
func (p *LoginProfile) View() LoginProfileView {
|
|
return LoginProfileView{ж: p}
|
|
}
|
|
|
|
// LoginProfileView provides a read-only view over LoginProfile.
|
|
//
|
|
// Its methods should only be called if `Valid()` returns true.
|
|
type LoginProfileView struct {
|
|
// ж is the underlying mutable value, named with a hard-to-type
|
|
// character that looks pointy like a pointer.
|
|
// It is named distinctively to make you think of how dangerous it is to escape
|
|
// to callers. You must not let callers be able to mutate it.
|
|
ж *LoginProfile
|
|
}
|
|
|
|
// Valid reports whether v's underlying value is non-nil.
|
|
func (v LoginProfileView) Valid() bool { return v.ж != nil }
|
|
|
|
// AsStruct returns a clone of the underlying value which aliases no memory with
|
|
// the original.
|
|
func (v LoginProfileView) AsStruct() *LoginProfile {
|
|
if v.ж == nil {
|
|
return nil
|
|
}
|
|
return v.ж.Clone()
|
|
}
|
|
|
|
// MarshalJSON implements [jsonv1.Marshaler].
|
|
func (v LoginProfileView) MarshalJSON() ([]byte, error) {
|
|
return jsonv1.Marshal(v.ж)
|
|
}
|
|
|
|
// MarshalJSONTo implements [jsonv2.MarshalerTo].
|
|
func (v LoginProfileView) MarshalJSONTo(enc *jsontext.Encoder) error {
|
|
return jsonv2.MarshalEncode(enc, v.ж)
|
|
}
|
|
|
|
// UnmarshalJSON implements [jsonv1.Unmarshaler].
|
|
func (v *LoginProfileView) UnmarshalJSON(b []byte) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
if len(b) == 0 {
|
|
return nil
|
|
}
|
|
var x LoginProfile
|
|
if err := jsonv1.Unmarshal(b, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// UnmarshalJSONFrom implements [jsonv2.UnmarshalerFrom].
|
|
func (v *LoginProfileView) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
var x LoginProfile
|
|
if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// ID is a unique identifier for this profile.
|
|
// It is assigned on creation and never changes.
|
|
// It may seem redundant to have both ID and UserProfile.ID
|
|
// but they are different things. UserProfile.ID may change
|
|
// over time (e.g. if a device is tagged).
|
|
func (v LoginProfileView) ID() ProfileID { return v.ж.ID }
|
|
|
|
// Name is the user-visible name of this profile.
|
|
// It is filled in from the UserProfile.LoginName field.
|
|
func (v LoginProfileView) Name() string { return v.ж.Name }
|
|
|
|
// NetworkProfile is a subset of netmap.NetworkMap that we
|
|
// store to remember information about the tailnet that this
|
|
// profile was logged in with.
|
|
//
|
|
// This field was added on 2023-11-17.
|
|
func (v LoginProfileView) NetworkProfile() NetworkProfile { return v.ж.NetworkProfile }
|
|
|
|
// Key is the StateKey under which the profile is stored.
|
|
// It is assigned once at profile creation time and never changes.
|
|
func (v LoginProfileView) Key() StateKey { return v.ж.Key }
|
|
|
|
// UserProfile is the server provided UserProfile for this profile.
|
|
// This is updated whenever the server provides a new UserProfile.
|
|
func (v LoginProfileView) UserProfile() tailcfg.UserProfile { return v.ж.UserProfile }
|
|
|
|
// NodeID is the NodeID of the node that this profile is logged into.
|
|
// This should be stable across tagging and untagging nodes.
|
|
// It may seem redundant to check against both the UserProfile.UserID
|
|
// and the NodeID. However the NodeID can change if the node is deleted
|
|
// from the admin panel.
|
|
func (v LoginProfileView) NodeID() tailcfg.StableNodeID { return v.ж.NodeID }
|
|
|
|
// LocalUserID is the user ID of the user who created this profile.
|
|
// It is only relevant on Windows where we have a multi-user system.
|
|
// It is assigned once at profile creation time and never changes.
|
|
func (v LoginProfileView) LocalUserID() WindowsUserID { return v.ж.LocalUserID }
|
|
|
|
// ControlURL is the URL of the control server that this profile is logged
|
|
// into.
|
|
func (v LoginProfileView) ControlURL() string { return v.ж.ControlURL }
|
|
|
|
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
|
|
var _LoginProfileViewNeedsRegeneration = LoginProfile(struct {
|
|
ID ProfileID
|
|
Name string
|
|
NetworkProfile NetworkProfile
|
|
Key StateKey
|
|
UserProfile tailcfg.UserProfile
|
|
NodeID tailcfg.StableNodeID
|
|
LocalUserID WindowsUserID
|
|
ControlURL string
|
|
}{})
|
|
|
|
// View returns a read-only view of Prefs.
|
|
func (p *Prefs) View() PrefsView {
|
|
return PrefsView{ж: p}
|
|
}
|
|
|
|
// PrefsView provides a read-only view over Prefs.
|
|
//
|
|
// Its methods should only be called if `Valid()` returns true.
|
|
type PrefsView struct {
|
|
// ж is the underlying mutable value, named with a hard-to-type
|
|
// character that looks pointy like a pointer.
|
|
// It is named distinctively to make you think of how dangerous it is to escape
|
|
// to callers. You must not let callers be able to mutate it.
|
|
ж *Prefs
|
|
}
|
|
|
|
// Valid reports whether v's underlying value is non-nil.
|
|
func (v PrefsView) Valid() bool { return v.ж != nil }
|
|
|
|
// AsStruct returns a clone of the underlying value which aliases no memory with
|
|
// the original.
|
|
func (v PrefsView) AsStruct() *Prefs {
|
|
if v.ж == nil {
|
|
return nil
|
|
}
|
|
return v.ж.Clone()
|
|
}
|
|
|
|
// MarshalJSON implements [jsonv1.Marshaler].
|
|
func (v PrefsView) MarshalJSON() ([]byte, error) {
|
|
return jsonv1.Marshal(v.ж)
|
|
}
|
|
|
|
// MarshalJSONTo implements [jsonv2.MarshalerTo].
|
|
func (v PrefsView) MarshalJSONTo(enc *jsontext.Encoder) error {
|
|
return jsonv2.MarshalEncode(enc, v.ж)
|
|
}
|
|
|
|
// UnmarshalJSON implements [jsonv1.Unmarshaler].
|
|
func (v *PrefsView) UnmarshalJSON(b []byte) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
if len(b) == 0 {
|
|
return nil
|
|
}
|
|
var x Prefs
|
|
if err := jsonv1.Unmarshal(b, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// UnmarshalJSONFrom implements [jsonv2.UnmarshalerFrom].
|
|
func (v *PrefsView) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
var x Prefs
|
|
if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// ControlURL is the URL of the control server to use.
|
|
//
|
|
// If empty, the default for new installs, DefaultControlURL
|
|
// is used. It's set non-empty once the daemon has been started
|
|
// for the first time.
|
|
//
|
|
// TODO(apenwarr): Make it safe to update this with EditPrefs().
|
|
// Right now, you have to pass it in the initial prefs in Start(),
|
|
// which is the only code that actually uses the ControlURL value.
|
|
// It would be more consistent to restart controlclient
|
|
// automatically whenever this variable changes.
|
|
//
|
|
// Meanwhile, you have to provide this as part of
|
|
// Options.LegacyMigrationPrefs or Options.UpdatePrefs when
|
|
// calling Backend.Start().
|
|
func (v PrefsView) ControlURL() string { return v.ж.ControlURL }
|
|
|
|
// RouteAll specifies whether to accept subnets advertised by
|
|
// other nodes on the Tailscale network. Note that this does not
|
|
// include default routes (0.0.0.0/0 and ::/0), those are
|
|
// controlled by ExitNodeID/IP below.
|
|
func (v PrefsView) RouteAll() bool { return v.ж.RouteAll }
|
|
|
|
// ExitNodeID and ExitNodeIP specify the node that should be used
|
|
// as an exit node for internet traffic. At most one of these
|
|
// should be non-zero.
|
|
//
|
|
// The preferred way to express the chosen node is ExitNodeID, but
|
|
// in some cases it's not possible to use that ID (e.g. in the
|
|
// linux CLI, before tailscaled has a netmap). For those
|
|
// situations, we allow specifying the exit node by IP, and
|
|
// ipnlocal.LocalBackend will translate the IP into an ID when the
|
|
// node is found in the netmap.
|
|
//
|
|
// If the selected exit node doesn't exist (e.g. it's not part of
|
|
// the current tailnet), or it doesn't offer exit node services, a
|
|
// blackhole route will be installed on the local system to
|
|
// prevent any traffic escaping to the local network.
|
|
func (v PrefsView) ExitNodeID() tailcfg.StableNodeID { return v.ж.ExitNodeID }
|
|
func (v PrefsView) ExitNodeIP() netip.Addr { return v.ж.ExitNodeIP }
|
|
|
|
// AutoExitNode is an optional expression that specifies whether and how
|
|
// tailscaled should pick an exit node automatically.
|
|
//
|
|
// If specified, tailscaled will use an exit node based on the expression,
|
|
// and will re-evaluate the selection periodically as network conditions,
|
|
// available exit nodes, or policy settings change. A blackhole route will
|
|
// be installed to prevent traffic from escaping to the local network until
|
|
// an exit node is selected. It takes precedence over ExitNodeID and ExitNodeIP.
|
|
//
|
|
// If empty, tailscaled will not automatically select an exit node.
|
|
//
|
|
// If the specified expression is invalid or unsupported by the client,
|
|
// it falls back to the behavior of [AnyExitNode].
|
|
//
|
|
// As of 2025-07-02, the only supported value is [AnyExitNode].
|
|
// It's a string rather than a boolean to allow future extensibility
|
|
// (e.g., AutoExitNode = "mullvad" or AutoExitNode = "geo:us").
|
|
func (v PrefsView) AutoExitNode() ExitNodeExpression { return v.ж.AutoExitNode }
|
|
|
|
// InternalExitNodePrior is the most recently used ExitNodeID in string form. It is set by
|
|
// the backend on transition from exit node on to off and used by the
|
|
// backend.
|
|
//
|
|
// As an Internal field, it can't be set by LocalAPI clients, rather it is set indirectly
|
|
// when the ExitNodeID value is zero'd and via the set-use-exit-node-enabled endpoint.
|
|
func (v PrefsView) InternalExitNodePrior() tailcfg.StableNodeID { return v.ж.InternalExitNodePrior }
|
|
|
|
// ExitNodeAllowLANAccess indicates whether locally accessible subnets should be
|
|
// routed directly or via the exit node.
|
|
func (v PrefsView) ExitNodeAllowLANAccess() bool { return v.ж.ExitNodeAllowLANAccess }
|
|
|
|
// CorpDNS specifies whether to install the Tailscale network's
|
|
// DNS configuration, if it exists.
|
|
func (v PrefsView) CorpDNS() bool { return v.ж.CorpDNS }
|
|
|
|
// RunSSH bool is whether this node should run an SSH
|
|
// server, permitting access to peers according to the
|
|
// policies as configured by the Tailnet's admin(s).
|
|
func (v PrefsView) RunSSH() bool { return v.ж.RunSSH }
|
|
|
|
// RunWebClient bool is whether this node should expose
|
|
// its web client over Tailscale at port 5252,
|
|
// permitting access to peers according to the
|
|
// policies as configured by the Tailnet's admin(s).
|
|
func (v PrefsView) RunWebClient() bool { return v.ж.RunWebClient }
|
|
|
|
// WantRunning indicates whether networking should be active on
|
|
// this node.
|
|
func (v PrefsView) WantRunning() bool { return v.ж.WantRunning }
|
|
|
|
// LoggedOut indicates whether the user intends to be logged out.
|
|
// There are other reasons we may be logged out, including no valid
|
|
// keys.
|
|
// We need to remember this state so that, on next startup, we can
|
|
// generate the "Login" vs "Connect" buttons correctly, without having
|
|
// to contact the server to confirm our nodekey status first.
|
|
func (v PrefsView) LoggedOut() bool { return v.ж.LoggedOut }
|
|
|
|
// ShieldsUp indicates whether to block all incoming connections,
|
|
// regardless of the control-provided packet filter. If false, we
|
|
// use the packet filter as provided. If true, we block incoming
|
|
// connections. This overrides tailcfg.Hostinfo's ShieldsUp.
|
|
func (v PrefsView) ShieldsUp() bool { return v.ж.ShieldsUp }
|
|
|
|
// AdvertiseTags specifies tags that should be applied to this node, for
|
|
// purposes of ACL enforcement. These can be referenced from the ACL policy
|
|
// document. Note that advertising a tag on the client doesn't guarantee
|
|
// that the control server will allow the node to adopt that tag.
|
|
func (v PrefsView) AdvertiseTags() views.Slice[string] { return views.SliceOf(v.ж.AdvertiseTags) }
|
|
|
|
// Hostname is the hostname to use for identifying the node. If
|
|
// not set, os.Hostname is used.
|
|
func (v PrefsView) Hostname() string { return v.ж.Hostname }
|
|
|
|
// NotepadURLs is a debugging setting that opens OAuth URLs in
|
|
// notepad.exe on Windows, rather than loading them in a browser.
|
|
//
|
|
// apenwarr 2020-04-29: Unfortunately this is still needed sometimes.
|
|
// Windows' default browser setting is sometimes screwy and this helps
|
|
// users narrow it down a bit.
|
|
func (v PrefsView) NotepadURLs() bool { return v.ж.NotepadURLs }
|
|
|
|
// ForceDaemon specifies whether a platform that normally
|
|
// operates in "client mode" (that is, requires an active user
|
|
// logged in with the GUI app running) should keep running after the
|
|
// GUI ends and/or the user logs out.
|
|
//
|
|
// The only current applicable platform is Windows. This
|
|
// forced Windows to go into "server mode" where Tailscale is
|
|
// running even with no users logged in. This might also be
|
|
// used for macOS in the future. This setting has no effect
|
|
// for Linux/etc, which always operate in daemon mode.
|
|
func (v PrefsView) ForceDaemon() bool { return v.ж.ForceDaemon }
|
|
|
|
// Egg is a optional debug flag.
|
|
func (v PrefsView) Egg() bool { return v.ж.Egg }
|
|
|
|
// AdvertiseRoutes specifies CIDR prefixes to advertise into the
|
|
// Tailscale network as reachable through the current
|
|
// node.
|
|
func (v PrefsView) AdvertiseRoutes() views.Slice[netip.Prefix] {
|
|
return views.SliceOf(v.ж.AdvertiseRoutes)
|
|
}
|
|
|
|
// AdvertiseServices specifies the list of services that this
|
|
// node can serve as a destination for. Note that an advertised
|
|
// service must still go through the approval process from the
|
|
// control server.
|
|
func (v PrefsView) AdvertiseServices() views.Slice[string] {
|
|
return views.SliceOf(v.ж.AdvertiseServices)
|
|
}
|
|
|
|
// NoSNAT specifies whether to source NAT traffic going to
|
|
// destinations in AdvertiseRoutes. The default is to apply source
|
|
// NAT, which makes the traffic appear to come from the router
|
|
// machine rather than the peer's Tailscale IP.
|
|
//
|
|
// Disabling SNAT requires additional manual configuration in your
|
|
// network to route Tailscale traffic back to the subnet relay
|
|
// machine.
|
|
//
|
|
// Linux-only.
|
|
func (v PrefsView) NoSNAT() bool { return v.ж.NoSNAT }
|
|
|
|
// NoStatefulFiltering specifies whether to apply stateful filtering when
|
|
// advertising routes in AdvertiseRoutes. The default is to not apply
|
|
// stateful filtering.
|
|
//
|
|
// To allow inbound connections from advertised routes, both NoSNAT and
|
|
// NoStatefulFiltering must be true.
|
|
//
|
|
// This is an opt.Bool because it was first added after NoSNAT, with a
|
|
// backfill based on the value of that parameter. The backfill has been
|
|
// removed since then, but the field remains an opt.Bool.
|
|
//
|
|
// Linux-only.
|
|
func (v PrefsView) NoStatefulFiltering() opt.Bool { return v.ж.NoStatefulFiltering }
|
|
|
|
// NetfilterMode specifies how much to manage netfilter rules for
|
|
// Tailscale, if at all.
|
|
func (v PrefsView) NetfilterMode() preftype.NetfilterMode { return v.ж.NetfilterMode }
|
|
|
|
// OperatorUser is the local machine user name who is allowed to
|
|
// operate tailscaled without being root or using sudo.
|
|
func (v PrefsView) OperatorUser() string { return v.ж.OperatorUser }
|
|
|
|
// ProfileName is the desired name of the profile. If empty, then the user's
|
|
// LoginName is used. It is only used for display purposes in the client UI
|
|
// and CLI.
|
|
func (v PrefsView) ProfileName() string { return v.ж.ProfileName }
|
|
|
|
// AutoUpdate sets the auto-update preferences for the node agent. See
|
|
// AutoUpdatePrefs docs for more details.
|
|
func (v PrefsView) AutoUpdate() AutoUpdatePrefs { return v.ж.AutoUpdate }
|
|
|
|
// AppConnector sets the app connector preferences for the node agent. See
|
|
// AppConnectorPrefs docs for more details.
|
|
func (v PrefsView) AppConnector() AppConnectorPrefs { return v.ж.AppConnector }
|
|
|
|
// PostureChecking enables the collection of information used for device
|
|
// posture checks.
|
|
//
|
|
// Note: this should be named ReportPosture, but it was shipped as
|
|
// PostureChecking in some early releases and this JSON field is written to
|
|
// disk, so we just keep its old name. (akin to CorpDNS which is an internal
|
|
// pref name that doesn't match the public interface)
|
|
func (v PrefsView) PostureChecking() bool { return v.ж.PostureChecking }
|
|
|
|
// NetfilterKind specifies what netfilter implementation to use.
|
|
//
|
|
// It can be "iptables", "nftables", or "" to auto-detect.
|
|
//
|
|
// Linux-only.
|
|
func (v PrefsView) NetfilterKind() string { return v.ж.NetfilterKind }
|
|
|
|
// DriveShares are the configured DriveShares, stored in increasing order
|
|
// by name.
|
|
func (v PrefsView) DriveShares() views.SliceView[*drive.Share, drive.ShareView] {
|
|
return views.SliceOfViews[*drive.Share, drive.ShareView](v.ж.DriveShares)
|
|
}
|
|
|
|
// RelayServerPort is the UDP port number for the relay server to bind to,
|
|
// on all interfaces. A non-nil zero value signifies a random unused port
|
|
// should be used. A nil value signifies relay server functionality
|
|
// should be disabled. This field is currently experimental, and therefore
|
|
// no guarantees are made about its current naming and functionality when
|
|
// non-nil/enabled.
|
|
func (v PrefsView) RelayServerPort() views.ValuePointer[int] {
|
|
return views.ValuePointerOf(v.ж.RelayServerPort)
|
|
}
|
|
|
|
// AllowSingleHosts was a legacy field that was always true
|
|
// for the past 4.5 years. It controlled whether Tailscale
|
|
// peers got /32 or /127 routes for each other.
|
|
// As of 2024-05-17 we're starting to ignore it, but to let
|
|
// people still downgrade Tailscale versions and not break
|
|
// all peer-to-peer networking we still write it to disk (as JSON)
|
|
// so it can be loaded back by old versions.
|
|
// TODO(bradfitz): delete this in 2025 sometime. See #12058.
|
|
func (v PrefsView) AllowSingleHosts() marshalAsTrueInJSON { return v.ж.AllowSingleHosts }
|
|
|
|
// The Persist field is named 'Config' in the file for backward
|
|
// compatibility with earlier versions.
|
|
// TODO(apenwarr): We should move this out of here, it's not a pref.
|
|
//
|
|
// We can maybe do that once we're sure which module should persist
|
|
// it (backend or frontend?)
|
|
func (v PrefsView) Persist() persist.PersistView { return v.ж.Persist.View() }
|
|
|
|
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
|
|
var _PrefsViewNeedsRegeneration = Prefs(struct {
|
|
ControlURL string
|
|
RouteAll bool
|
|
ExitNodeID tailcfg.StableNodeID
|
|
ExitNodeIP netip.Addr
|
|
AutoExitNode ExitNodeExpression
|
|
InternalExitNodePrior tailcfg.StableNodeID
|
|
ExitNodeAllowLANAccess bool
|
|
CorpDNS bool
|
|
RunSSH bool
|
|
RunWebClient bool
|
|
WantRunning bool
|
|
LoggedOut bool
|
|
ShieldsUp bool
|
|
AdvertiseTags []string
|
|
Hostname string
|
|
NotepadURLs bool
|
|
ForceDaemon bool
|
|
Egg bool
|
|
AdvertiseRoutes []netip.Prefix
|
|
AdvertiseServices []string
|
|
NoSNAT bool
|
|
NoStatefulFiltering opt.Bool
|
|
NetfilterMode preftype.NetfilterMode
|
|
OperatorUser string
|
|
ProfileName string
|
|
AutoUpdate AutoUpdatePrefs
|
|
AppConnector AppConnectorPrefs
|
|
PostureChecking bool
|
|
NetfilterKind string
|
|
DriveShares []*drive.Share
|
|
RelayServerPort *int
|
|
AllowSingleHosts marshalAsTrueInJSON
|
|
Persist *persist.Persist
|
|
}{})
|
|
|
|
// View returns a read-only view of ServeConfig.
|
|
func (p *ServeConfig) View() ServeConfigView {
|
|
return ServeConfigView{ж: p}
|
|
}
|
|
|
|
// ServeConfigView provides a read-only view over ServeConfig.
|
|
//
|
|
// Its methods should only be called if `Valid()` returns true.
|
|
type ServeConfigView struct {
|
|
// ж is the underlying mutable value, named with a hard-to-type
|
|
// character that looks pointy like a pointer.
|
|
// It is named distinctively to make you think of how dangerous it is to escape
|
|
// to callers. You must not let callers be able to mutate it.
|
|
ж *ServeConfig
|
|
}
|
|
|
|
// Valid reports whether v's underlying value is non-nil.
|
|
func (v ServeConfigView) Valid() bool { return v.ж != nil }
|
|
|
|
// AsStruct returns a clone of the underlying value which aliases no memory with
|
|
// the original.
|
|
func (v ServeConfigView) AsStruct() *ServeConfig {
|
|
if v.ж == nil {
|
|
return nil
|
|
}
|
|
return v.ж.Clone()
|
|
}
|
|
|
|
// MarshalJSON implements [jsonv1.Marshaler].
|
|
func (v ServeConfigView) MarshalJSON() ([]byte, error) {
|
|
return jsonv1.Marshal(v.ж)
|
|
}
|
|
|
|
// MarshalJSONTo implements [jsonv2.MarshalerTo].
|
|
func (v ServeConfigView) MarshalJSONTo(enc *jsontext.Encoder) error {
|
|
return jsonv2.MarshalEncode(enc, v.ж)
|
|
}
|
|
|
|
// UnmarshalJSON implements [jsonv1.Unmarshaler].
|
|
func (v *ServeConfigView) UnmarshalJSON(b []byte) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
if len(b) == 0 {
|
|
return nil
|
|
}
|
|
var x ServeConfig
|
|
if err := jsonv1.Unmarshal(b, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// UnmarshalJSONFrom implements [jsonv2.UnmarshalerFrom].
|
|
func (v *ServeConfigView) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
var x ServeConfig
|
|
if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// TCP are the list of TCP port numbers that tailscaled should handle for
|
|
// the Tailscale IP addresses. (not subnet routers, etc)
|
|
func (v ServeConfigView) TCP() views.MapFn[uint16, *TCPPortHandler, TCPPortHandlerView] {
|
|
return views.MapFnOf(v.ж.TCP, func(t *TCPPortHandler) TCPPortHandlerView {
|
|
return t.View()
|
|
})
|
|
}
|
|
|
|
// Web maps from "$SNI_NAME:$PORT" to a set of HTTP handlers
|
|
// keyed by mount point ("/", "/foo", etc)
|
|
func (v ServeConfigView) Web() views.MapFn[HostPort, *WebServerConfig, WebServerConfigView] {
|
|
return views.MapFnOf(v.ж.Web, func(t *WebServerConfig) WebServerConfigView {
|
|
return t.View()
|
|
})
|
|
}
|
|
|
|
// Services maps from service name (in the form "svc:dns-label") to a ServiceConfig.
|
|
// Which describes the L3, L4, and L7 forwarding information for the service.
|
|
func (v ServeConfigView) Services() views.MapFn[tailcfg.ServiceName, *ServiceConfig, ServiceConfigView] {
|
|
return views.MapFnOf(v.ж.Services, func(t *ServiceConfig) ServiceConfigView {
|
|
return t.View()
|
|
})
|
|
}
|
|
|
|
// AllowFunnel is the set of SNI:port values for which funnel
|
|
// traffic is allowed, from trusted ingress peers.
|
|
func (v ServeConfigView) AllowFunnel() views.Map[HostPort, bool] {
|
|
return views.MapOf(v.ж.AllowFunnel)
|
|
}
|
|
|
|
// Foreground is a map of an IPN Bus session ID to an alternate foreground serve config that's valid for the
|
|
// life of that WatchIPNBus session ID. This allows the config to specify ephemeral configs that are used
|
|
// in the CLI's foreground mode to ensure ungraceful shutdowns of either the client or the LocalBackend does not
|
|
// expose ports that users are not aware of. In practice this contains any serve config set via 'tailscale
|
|
// serve' command run without the '--bg' flag. ServeConfig contained by Foreground is not expected itself to contain
|
|
// another Foreground block.
|
|
func (v ServeConfigView) Foreground() views.MapFn[string, *ServeConfig, ServeConfigView] {
|
|
return views.MapFnOf(v.ж.Foreground, func(t *ServeConfig) ServeConfigView {
|
|
return t.View()
|
|
})
|
|
}
|
|
|
|
// ETag is the checksum of the serve config that's populated
|
|
// by the LocalClient through the HTTP ETag header during a
|
|
// GetServeConfig request and is translated to an If-Match header
|
|
// during a SetServeConfig request.
|
|
func (v ServeConfigView) ETag() string { return v.ж.ETag }
|
|
|
|
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
|
|
var _ServeConfigViewNeedsRegeneration = ServeConfig(struct {
|
|
TCP map[uint16]*TCPPortHandler
|
|
Web map[HostPort]*WebServerConfig
|
|
Services map[tailcfg.ServiceName]*ServiceConfig
|
|
AllowFunnel map[HostPort]bool
|
|
Foreground map[string]*ServeConfig
|
|
ETag string
|
|
}{})
|
|
|
|
// View returns a read-only view of ServiceConfig.
|
|
func (p *ServiceConfig) View() ServiceConfigView {
|
|
return ServiceConfigView{ж: p}
|
|
}
|
|
|
|
// ServiceConfigView provides a read-only view over ServiceConfig.
|
|
//
|
|
// Its methods should only be called if `Valid()` returns true.
|
|
type ServiceConfigView struct {
|
|
// ж is the underlying mutable value, named with a hard-to-type
|
|
// character that looks pointy like a pointer.
|
|
// It is named distinctively to make you think of how dangerous it is to escape
|
|
// to callers. You must not let callers be able to mutate it.
|
|
ж *ServiceConfig
|
|
}
|
|
|
|
// Valid reports whether v's underlying value is non-nil.
|
|
func (v ServiceConfigView) Valid() bool { return v.ж != nil }
|
|
|
|
// AsStruct returns a clone of the underlying value which aliases no memory with
|
|
// the original.
|
|
func (v ServiceConfigView) AsStruct() *ServiceConfig {
|
|
if v.ж == nil {
|
|
return nil
|
|
}
|
|
return v.ж.Clone()
|
|
}
|
|
|
|
// MarshalJSON implements [jsonv1.Marshaler].
|
|
func (v ServiceConfigView) MarshalJSON() ([]byte, error) {
|
|
return jsonv1.Marshal(v.ж)
|
|
}
|
|
|
|
// MarshalJSONTo implements [jsonv2.MarshalerTo].
|
|
func (v ServiceConfigView) MarshalJSONTo(enc *jsontext.Encoder) error {
|
|
return jsonv2.MarshalEncode(enc, v.ж)
|
|
}
|
|
|
|
// UnmarshalJSON implements [jsonv1.Unmarshaler].
|
|
func (v *ServiceConfigView) UnmarshalJSON(b []byte) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
if len(b) == 0 {
|
|
return nil
|
|
}
|
|
var x ServiceConfig
|
|
if err := jsonv1.Unmarshal(b, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// UnmarshalJSONFrom implements [jsonv2.UnmarshalerFrom].
|
|
func (v *ServiceConfigView) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
var x ServiceConfig
|
|
if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// TCP are the list of TCP port numbers that tailscaled should handle for
|
|
// the Tailscale IP addresses. (not subnet routers, etc)
|
|
func (v ServiceConfigView) TCP() views.MapFn[uint16, *TCPPortHandler, TCPPortHandlerView] {
|
|
return views.MapFnOf(v.ж.TCP, func(t *TCPPortHandler) TCPPortHandlerView {
|
|
return t.View()
|
|
})
|
|
}
|
|
|
|
// Web maps from "$SNI_NAME:$PORT" to a set of HTTP handlers
|
|
// keyed by mount point ("/", "/foo", etc)
|
|
func (v ServiceConfigView) Web() views.MapFn[HostPort, *WebServerConfig, WebServerConfigView] {
|
|
return views.MapFnOf(v.ж.Web, func(t *WebServerConfig) WebServerConfigView {
|
|
return t.View()
|
|
})
|
|
}
|
|
|
|
// Tun determines if the service should be using L3 forwarding (Tun mode).
|
|
func (v ServiceConfigView) Tun() bool { return v.ж.Tun }
|
|
|
|
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
|
|
var _ServiceConfigViewNeedsRegeneration = ServiceConfig(struct {
|
|
TCP map[uint16]*TCPPortHandler
|
|
Web map[HostPort]*WebServerConfig
|
|
Tun bool
|
|
}{})
|
|
|
|
// View returns a read-only view of TCPPortHandler.
|
|
func (p *TCPPortHandler) View() TCPPortHandlerView {
|
|
return TCPPortHandlerView{ж: p}
|
|
}
|
|
|
|
// TCPPortHandlerView provides a read-only view over TCPPortHandler.
|
|
//
|
|
// Its methods should only be called if `Valid()` returns true.
|
|
type TCPPortHandlerView struct {
|
|
// ж is the underlying mutable value, named with a hard-to-type
|
|
// character that looks pointy like a pointer.
|
|
// It is named distinctively to make you think of how dangerous it is to escape
|
|
// to callers. You must not let callers be able to mutate it.
|
|
ж *TCPPortHandler
|
|
}
|
|
|
|
// Valid reports whether v's underlying value is non-nil.
|
|
func (v TCPPortHandlerView) Valid() bool { return v.ж != nil }
|
|
|
|
// AsStruct returns a clone of the underlying value which aliases no memory with
|
|
// the original.
|
|
func (v TCPPortHandlerView) AsStruct() *TCPPortHandler {
|
|
if v.ж == nil {
|
|
return nil
|
|
}
|
|
return v.ж.Clone()
|
|
}
|
|
|
|
// MarshalJSON implements [jsonv1.Marshaler].
|
|
func (v TCPPortHandlerView) MarshalJSON() ([]byte, error) {
|
|
return jsonv1.Marshal(v.ж)
|
|
}
|
|
|
|
// MarshalJSONTo implements [jsonv2.MarshalerTo].
|
|
func (v TCPPortHandlerView) MarshalJSONTo(enc *jsontext.Encoder) error {
|
|
return jsonv2.MarshalEncode(enc, v.ж)
|
|
}
|
|
|
|
// UnmarshalJSON implements [jsonv1.Unmarshaler].
|
|
func (v *TCPPortHandlerView) UnmarshalJSON(b []byte) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
if len(b) == 0 {
|
|
return nil
|
|
}
|
|
var x TCPPortHandler
|
|
if err := jsonv1.Unmarshal(b, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// UnmarshalJSONFrom implements [jsonv2.UnmarshalerFrom].
|
|
func (v *TCPPortHandlerView) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
var x TCPPortHandler
|
|
if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// HTTPS, if true, means that tailscaled should handle this connection as an
|
|
// HTTPS request as configured by ServeConfig.Web.
|
|
//
|
|
// It is mutually exclusive with TCPForward.
|
|
func (v TCPPortHandlerView) HTTPS() bool { return v.ж.HTTPS }
|
|
|
|
// HTTP, if true, means that tailscaled should handle this connection as an
|
|
// HTTP request as configured by ServeConfig.Web.
|
|
//
|
|
// It is mutually exclusive with TCPForward.
|
|
func (v TCPPortHandlerView) HTTP() bool { return v.ж.HTTP }
|
|
|
|
// TCPForward is the IP:port to forward TCP connections to.
|
|
// Whether or not TLS is terminated by tailscaled depends on
|
|
// TerminateTLS.
|
|
//
|
|
// It is mutually exclusive with HTTPS.
|
|
func (v TCPPortHandlerView) TCPForward() string { return v.ж.TCPForward }
|
|
|
|
// TerminateTLS, if non-empty, means that tailscaled should terminate the
|
|
// TLS connections before forwarding them to TCPForward, permitting only the
|
|
// SNI name with this value. It is only used if TCPForward is non-empty.
|
|
// (the HTTPS mode uses ServeConfig.Web)
|
|
func (v TCPPortHandlerView) TerminateTLS() string { return v.ж.TerminateTLS }
|
|
|
|
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
|
|
var _TCPPortHandlerViewNeedsRegeneration = TCPPortHandler(struct {
|
|
HTTPS bool
|
|
HTTP bool
|
|
TCPForward string
|
|
TerminateTLS string
|
|
}{})
|
|
|
|
// View returns a read-only view of HTTPHandler.
|
|
func (p *HTTPHandler) View() HTTPHandlerView {
|
|
return HTTPHandlerView{ж: p}
|
|
}
|
|
|
|
// HTTPHandlerView provides a read-only view over HTTPHandler.
|
|
//
|
|
// Its methods should only be called if `Valid()` returns true.
|
|
type HTTPHandlerView struct {
|
|
// ж is the underlying mutable value, named with a hard-to-type
|
|
// character that looks pointy like a pointer.
|
|
// It is named distinctively to make you think of how dangerous it is to escape
|
|
// to callers. You must not let callers be able to mutate it.
|
|
ж *HTTPHandler
|
|
}
|
|
|
|
// Valid reports whether v's underlying value is non-nil.
|
|
func (v HTTPHandlerView) Valid() bool { return v.ж != nil }
|
|
|
|
// AsStruct returns a clone of the underlying value which aliases no memory with
|
|
// the original.
|
|
func (v HTTPHandlerView) AsStruct() *HTTPHandler {
|
|
if v.ж == nil {
|
|
return nil
|
|
}
|
|
return v.ж.Clone()
|
|
}
|
|
|
|
// MarshalJSON implements [jsonv1.Marshaler].
|
|
func (v HTTPHandlerView) MarshalJSON() ([]byte, error) {
|
|
return jsonv1.Marshal(v.ж)
|
|
}
|
|
|
|
// MarshalJSONTo implements [jsonv2.MarshalerTo].
|
|
func (v HTTPHandlerView) MarshalJSONTo(enc *jsontext.Encoder) error {
|
|
return jsonv2.MarshalEncode(enc, v.ж)
|
|
}
|
|
|
|
// UnmarshalJSON implements [jsonv1.Unmarshaler].
|
|
func (v *HTTPHandlerView) UnmarshalJSON(b []byte) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
if len(b) == 0 {
|
|
return nil
|
|
}
|
|
var x HTTPHandler
|
|
if err := jsonv1.Unmarshal(b, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// UnmarshalJSONFrom implements [jsonv2.UnmarshalerFrom].
|
|
func (v *HTTPHandlerView) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
var x HTTPHandler
|
|
if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// absolute path to directory or file to serve
|
|
func (v HTTPHandlerView) Path() string { return v.ж.Path }
|
|
|
|
// http://localhost:3000/, localhost:3030, 3030
|
|
func (v HTTPHandlerView) Proxy() string { return v.ж.Proxy }
|
|
|
|
// plaintext to serve (primarily for testing)
|
|
func (v HTTPHandlerView) Text() string { return v.ж.Text }
|
|
|
|
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
|
|
var _HTTPHandlerViewNeedsRegeneration = HTTPHandler(struct {
|
|
Path string
|
|
Proxy string
|
|
Text string
|
|
}{})
|
|
|
|
// View returns a read-only view of WebServerConfig.
|
|
func (p *WebServerConfig) View() WebServerConfigView {
|
|
return WebServerConfigView{ж: p}
|
|
}
|
|
|
|
// WebServerConfigView provides a read-only view over WebServerConfig.
|
|
//
|
|
// Its methods should only be called if `Valid()` returns true.
|
|
type WebServerConfigView struct {
|
|
// ж is the underlying mutable value, named with a hard-to-type
|
|
// character that looks pointy like a pointer.
|
|
// It is named distinctively to make you think of how dangerous it is to escape
|
|
// to callers. You must not let callers be able to mutate it.
|
|
ж *WebServerConfig
|
|
}
|
|
|
|
// Valid reports whether v's underlying value is non-nil.
|
|
func (v WebServerConfigView) Valid() bool { return v.ж != nil }
|
|
|
|
// AsStruct returns a clone of the underlying value which aliases no memory with
|
|
// the original.
|
|
func (v WebServerConfigView) AsStruct() *WebServerConfig {
|
|
if v.ж == nil {
|
|
return nil
|
|
}
|
|
return v.ж.Clone()
|
|
}
|
|
|
|
// MarshalJSON implements [jsonv1.Marshaler].
|
|
func (v WebServerConfigView) MarshalJSON() ([]byte, error) {
|
|
return jsonv1.Marshal(v.ж)
|
|
}
|
|
|
|
// MarshalJSONTo implements [jsonv2.MarshalerTo].
|
|
func (v WebServerConfigView) MarshalJSONTo(enc *jsontext.Encoder) error {
|
|
return jsonv2.MarshalEncode(enc, v.ж)
|
|
}
|
|
|
|
// UnmarshalJSON implements [jsonv1.Unmarshaler].
|
|
func (v *WebServerConfigView) UnmarshalJSON(b []byte) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
if len(b) == 0 {
|
|
return nil
|
|
}
|
|
var x WebServerConfig
|
|
if err := jsonv1.Unmarshal(b, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// UnmarshalJSONFrom implements [jsonv2.UnmarshalerFrom].
|
|
func (v *WebServerConfigView) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
|
|
if v.ж != nil {
|
|
return errors.New("already initialized")
|
|
}
|
|
var x WebServerConfig
|
|
if err := jsonv2.UnmarshalDecode(dec, &x); err != nil {
|
|
return err
|
|
}
|
|
v.ж = &x
|
|
return nil
|
|
}
|
|
|
|
// mountPoint => handler
|
|
func (v WebServerConfigView) Handlers() views.MapFn[string, *HTTPHandler, HTTPHandlerView] {
|
|
return views.MapFnOf(v.ж.Handlers, func(t *HTTPHandler) HTTPHandlerView {
|
|
return t.View()
|
|
})
|
|
}
|
|
|
|
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
|
|
var _WebServerConfigViewNeedsRegeneration = WebServerConfig(struct {
|
|
Handlers map[string]*HTTPHandler
|
|
}{})
|