tailscale: support Grants field to ACL #67
Conversation
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
tailscale/client.go
Outdated
| Src []string `json:"src,omitempty" hujson:"Src,omitempty"` | ||
| Dst []string `json:"dst,omitempty" hujson:"Dst,omitempty"` | ||
| IP []string `json:"ip,omitempty" hujson:"IP,omitempty"` | ||
| App map[string][]GrantApp `json:"app,omitempty" hujson:"App,omitempty"` |
There was a problem hiding this comment.
Optional: App is of type tailcfg.PeerCapMap (with tailcfg package from the main tailscale OSS repo)
tailscale/client.go
Outdated
| App map[string][]GrantApp `json:"app,omitempty" hujson:"App,omitempty"` | ||
| } | ||
|
|
||
| GrantApp map[string][]string |
There was a problem hiding this comment.
If you do decide to keep defining the type here instead of using PeerCapMap: Be aware that GrantApp is any JSON-encodeable value, not just map[string][]string.
There was a problem hiding this comment.
It isn't quite any value, I believe we rule out arrays.
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
|
@twitchyliquid64 Use |
|
@twitchyliquid64 @creachadair gentle ping |
|
@twitchyliquid64 @creachadair sorry, gentle ping again |
|
Hey, quick question: are you doing this to get grants support in Terraform, or do you have a different use case for this client? Longer term we'd like to avoid having to maintain a copy of the policy schema here, especially for beta features (like grants) that we might still want to make some backwards incompatible changes to. The alternative we discussed is supporting passing policy as a hujson blob to the API without re-serializing it. If your end goal is to use this in Terraform, would that be a viable alternative? |
|
We have removed usage of local schema in the Terraform provider in tailscale/terraform-provider-tailscale#332, and you should be able to use the |
Support https://tailscale.com/kb/1324/acl-grants.