Documentation ¶
Index ¶
- func CheckIpInTailnet(ip netip.Addr, tailnet *Tailnet) database.Q[bool]
- func CheckMembership(u *User, tailnet int64) database.Q[bool]
- func CreateRegistrationRequest(id string, nk key.MachinePublic, req tailcfg.RegisterRequest) database.I[database.EmptyResponse, RegistrationRequest]
- func DeleteNode(m *Machine) database.I[database.EmptyResponse, key.MachinePublic]
- func ExpireNode(m *Machine, expiry time.Time) database.I[database.EmptyResponse, key.MachinePublic]
- func FindOrCreateUser(claims UserClaims) database.Q[User]
- func GetMachineByKey(k key.MachinePublic) database.Q[Machine]
- func GetNextNameIndex(tailnet *Tailnet, name string) database.Q[int]
- func ListMachines(t *Tailnet) database.Q[Machine]
- func ListMembers(tailnet int64) database.Q[User]
- func ListTailnets(u *User) database.Q[Tailnet]
- func RegistrationRequestById(id string) database.Q[RegistrationRequest]
- func SanitizeTailnetName(name string) string
- func SaveMachine(m *Machine) database.I[Machine, *Machine]
- func SaveRegistrationRequest(req *RegistrationRequest) database.I[database.EmptyResponse, *RegistrationRequest]
- func TailnetById(id int64) database.Q[Tailnet]
- func UserBySubject(subject string) database.Q[User]
- type ACL
- type Machine
- func (m *Machine) AllowedIPs() []netip.Prefix
- func (m *Machine) AsNode() *tailcfg.Node
- func (m *Machine) CompleteName() string
- func (m *Machine) HostName() string
- func (m *Machine) IP() (v4, v6 netip.Addr)
- func (m *Machine) IsExpired() bool
- func (m *Machine) Tags() []string
- func (m *Machine) User() tacl.User
- type RegistrationRequest
- type Tailnet
- type User
- type UserClaims
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckIpInTailnet ¶
CheckIpInTailnet returns true if the provided ip exists in the given tailnet.
func CheckMembership ¶
CheckMembership returns true is the user is part of the given tailnet
func CreateRegistrationRequest ¶
func CreateRegistrationRequest(id string, nk key.MachinePublic, req tailcfg.RegisterRequest) database.I[database.EmptyResponse, RegistrationRequest]
CreateRegistrationRequest creates a new registration request for node, identified by its noise key, and the given request data passed into /machine/register.
func DeleteNode ¶
func DeleteNode(m *Machine) database.I[database.EmptyResponse, key.MachinePublic]
DeleteNode deletes the given machine record from the database.
func ExpireNode ¶
func ExpireNode(m *Machine, expiry time.Time) database.I[database.EmptyResponse, key.MachinePublic]
ExpireNode update the node's ExpireAt timestamp to the given expiry time.
func FindOrCreateUser ¶
func FindOrCreateUser(claims UserClaims) database.Q[User]
FindOrCreateUser returns a user or create a new one based the provided claims.
UserClaims.Subject is used to uniquely identify a user in the system.
func GetMachineByKey ¶
func GetMachineByKey(k key.MachinePublic) database.Q[Machine]
GetMachineByKey returns the machine identified by its noise key.
func GetNextNameIndex ¶
GetNextNameIndex returns the next index number for use as arbiter to distinguish between machine's with same hostname.
func ListMachines ¶
ListMachines returns a list of all machines that are part of this tailnet
func ListTailnets ¶
ListTailnets return all tailnets where the given user is a member.
func RegistrationRequestById ¶
func RegistrationRequestById(id string) database.Q[RegistrationRequest]
RegistrationRequestById returns the RegistrationRequest identified by the given id.
func SanitizeTailnetName ¶
func SaveMachine ¶
SaveMachine upsert the machine into the database. If an existing machine with the same (noise_key, node_key) pair is found, the record is updated.
Only select few fields are update-able! Most notably, the noise_key and tailnet membership cannot be changed after creation.
func SaveRegistrationRequest ¶
func SaveRegistrationRequest(req *RegistrationRequest) database.I[database.EmptyResponse, *RegistrationRequest]
SaveRegistrationRequest saves the updated registration request.
func TailnetById ¶
TailnetById returns the Tailnet identified by the given id.
Types ¶
type ACL ¶
ACL wraps tacl.ACL to implement encoding.TextUnmarshaler which uses tacl.Parse to parse HuJson formatted policy into ACL struct
func (*ACL) UnmarshalText ¶
type Machine ¶
type Machine struct { ID int `db:"id"` // auto-generated unique machine identifier Name string `db:"name"` // machine's hostname NameIdx int `db:"name_idx"` // arbiter used as suffix to guarantee unique hostname within a given tailnet NoiseKey key.MachinePublic `db:"noise_key"` // machine's public key used when establishing secure Noise channel over /ts2021 NodeKey key.NodePublic `db:"node_key"` // key used for wireguard tunnel and for communication over DERP DiscoKey key.DiscoPublic `db:"disco_key"` // key used for peer-to-peer path discovery Ephemeral bool `db:"ephemeral"` // is the device ephemeral? HostInfo *tailcfg.Hostinfo `db:"host_info,json"` // serialized tailcfg.HostInfo object from either the first registration request or subsequent map requests Endpoints []netip.AddrPort `db:"endpoints,json"` // machine's magicsock UDP ip:port endpoints (can be public and / or private addresses) IPv4 netip.Addr `db:"ipv4"` // assigned IPv4 address for this node CreatedAt time.Time `db:"created_at"` ExpiresAt time.Time `db:"expires_at"` LastSeen *time.Time `db:"last_seen"` TailnetID int `db:"tailnet_id"` Tailnet *Tailnet `db:"tailnet,json"` // the Tailnet this node is part of UserID int `db:"user_id"` Owner *User `db:"user,json"` // user this node belongs to; renamed to prevent conflict with User() // Role of the user for whom this object was fetched. // // This field isn't stored in the tailnet's table and is only added by the ListMachines // query to when JOINed with tailnet_members table for a given user. Role string `db:"role"` }
Machine represents an individual node in the Tailnet. A machine belongs to a User, and it's lifecycle is tied to the Tailnet's and the User's lifecycle.
A node is assigned an IP when it is created. Node is created using information present in tailcfg.RegisterRequest passed to the /machine/register endpoint, and is updated by the node using tailcfg.MapRequest passed into /machine/map endpoint.
For node creation, refer to oidc.AuthComplete handler.
func (*Machine) AllowedIPs ¶
func (*Machine) CompleteName ¶
CompleteName returns the machine's name with optional name_idx suffix applied.
type RegistrationRequest ¶
type RegistrationRequest struct { ID string `db:"id"` // random text id used to identify requests; exposed in callback endpoint NoiseKey key.MachinePublic `db:"noise_key"` // machine's public key used when establishing secure Noise channel over /ts2021 Data tailcfg.RegisterRequest `db:"data,json"` // tailcfg.RegisterRequest object passed to /machine/register Authenticated bool `db:"authenticated"` // is the request authenticated? becomes true after oidc flow completes successfully Error string `db:"error"` // any error that occurs during authentication flow UserID sql.Null[int] `db:"user_id"` User *User `db:"user,json"` // the user who authenticated the request CreatedAt time.Time `db:"created_at"` }
RegistrationRequest represents a node's request to join a tailnet network.
A new request is created when a node first makes the /machine/register request. The request is subsequently accessed and modified by the /oidc endpoints.
For more details on authentication and error propagation, see oidc.AuthComplete and coordinator.MachineRegister
type Tailnet ¶
type Tailnet struct { ID int `db:"id"` // auto-generated unique id of the tailnet Name string `db:"name"` // unique name of the tailnet Acl *ACL `db:"acl"` // this tailnet's access control policy CreatedAt time.Time `db:"created_at"` UpdatedAt time.Time `db:"updated_at"` // Role of the user for whom this object was fetched. // // This field isn't stored in the tailnet's table and is only added by the ListTailnets // query to when JOINed with tailnet_members table for a given user. Role string `db:"role"` }
Tailnet represents an individual tailnet network managed by Wirefire.
type User ¶
type User struct { ID int `db:"id"` // auto-generated, unique id of the user Subject string `db:"sub"` // subject claim extracted from the oidc token Name string `db:"name"` // name claim extracted from the oidc token Claims UserClaims `db:"claims,json"` // standard user claims present in the oidc token CreatedAt time.Time `db:"created_at"` }
User represents an individual user on the system.
A user can be part of 0 or more tailnets and own machines that participate in the tailnet network.
func (User) AsUserProfile ¶
func (u User) AsUserProfile() tailcfg.UserProfile
type UserClaims ¶
type UserClaims struct { Issuer string `json:"iss"` Subject string `json:"sub"` Name string `json:"name"` Email string `json:"email,omitempty"` Picture string `json:"picture,omitempty"` }
UserClaims is a set of standard oidc claims returned by the provider during login step in the oidc token.