Movatterモバイル変換

[0]ホーム
URL:

tailscale

package
v1.92.2Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest Published: Dec 10, 2025 License:BSD-3-ClauseImports:18Imported by:191

Details

Repository

github.com/tailscale/tailscale

Links

Documentation

Overview

Package tailscale contains a Go client for the Tailscale control plane API.

This package is only intended for internal and transitional use.

Deprecated: the official control plane client is available attailscale.com/client/tailscale/v2.

Index

Constants

This section is empty.

Variables

View Source
var (DeviceAllFields = &DeviceFieldsOpts{}// DeviceDefaultFields specifies that the following fields are returned://   Addresses, NodeID, User, Name, Hostname, ClientVersion, UpdateAvailable,//   OS, Created, LastSeen, KeyExpiryDisabled, Expires, Authorized, IsExternal//   MachineKey, NodeKey, BlocksIncomingConnections.DeviceDefaultFields = &DeviceFieldsOpts{})
View Source
var ErrPeerNotFound =local.ErrPeerNotFound

ErrPeerNotFound is an alias fortailscale.com/client/local.ErrPeerNotFound.

Deprecated: importtailscale.com/client/local instead.

View Source
var I_Acknowledge_This_API_Is_Unstable =false

I_Acknowledge_This_API_Is_Unstable must be set true to use this packagefor now. This package is being replaced bytailscale.com/client/tailscale/v2.

Functions

funcCertPairdeprecatedadded inv1.14.0

func CertPair(ctxcontext.Context, domainstring) (certPEM, keyPEM []byte, errerror)

CertPair is an alias fortailscale.com/client/local.CertPair.

Deprecated: importtailscale.com/client/local instead and uselocal.Client.CertPair.

funcExpandSNINamedeprecatedadded inv1.14.0

func ExpandSNIName(ctxcontext.Context, namestring) (fqdnstring, okbool)

ExpandSNIName is an alias fortailscale.com/client/local.ExpandSNIName.

Deprecated: importtailscale.com/client/local instead and uselocal.Client.ExpandSNIName.

funcGetCertificatedeprecatedadded inv1.14.0

func GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate,error)

GetCertificate is an alias fortailscale.com/client/local.GetCertificate.

Deprecated: importtailscale.com/client/local instead and uselocal.Client.GetCertificate.

funcHandleErrorResponsedeprecatedadded inv1.82.0

func HandleErrorResponse(b []byte, resp *http.Response)error

HandleErrorResponse decodes the error message from the server and returnsanErrResponse from it.

Deprecated: usetailscale.com/client/tailscale/v2 instead.

funcIsAccessDeniedErrordeprecatedadded inv1.14.6

func IsAccessDeniedError(errerror)bool

IsAccessDeniedError is an alias fortailscale.com/client/local.IsAccessDeniedError.

Deprecated: importtailscale.com/client/local instead.

funcIsPreconditionsFailedErrordeprecatedadded inv1.50.0

func IsPreconditionsFailedError(errerror)bool

IsPreconditionsFailedError is an alias fortailscale.com/client/local.IsPreconditionsFailedError.

Deprecated: importtailscale.com/client/local instead.

funcSetVersionMismatchHandlerdeprecatedadded inv1.16.0

func SetVersionMismatchHandler(f func(clientVer, serverVerstring))

SetVersionMismatchHandler is an alias fortailscale.com/client/local.SetVersionMismatchHandler.

Deprecated: importtailscale.com/client/local instead.

funcStatusdeprecatedadded inv1.8.0

func Status(ctxcontext.Context) (*ipnstate.Status,error)

Status is an alias fortailscale.com/client/local.Status.

Deprecated: importtailscale.com/client/local instead.

funcStatusWithoutPeersdeprecatedadded inv1.8.0

func StatusWithoutPeers(ctxcontext.Context) (*ipnstate.Status,error)

StatusWithoutPeers is an alias fortailscale.com/client/local.StatusWithoutPeers.

Deprecated: importtailscale.com/client/local instead.

funcWhoIsdeprecated

func WhoIs(ctxcontext.Context, remoteAddrstring) (*apitype.WhoIsResponse,error)

WhoIs is an alias fortailscale.com/client/local.WhoIs.

Deprecated: importtailscale.com/client/local instead and uselocal.Client.WhoIs.

Types

typeACLadded inv1.26.0

type ACL struct {ACLACLDetailsETagstring// to check with version on server}

ACL contains an ACLDetails and metadata.

typeACLDetailsadded inv1.26.0

type ACLDetails struct {Tests     []ACLTest           `json:"tests,omitempty"`ACLs      []ACLRow            `json:"acls,omitempty"`Groups    map[string][]string `json:"groups,omitempty"`TagOwners map[string][]string `json:"tagowners,omitempty"`Hosts     map[string]string   `json:"hosts,omitempty"`NodeAttrs []NodeAttrGrant     `json:"nodeAttrs,omitempty"`}

ACLDetails contains all the details for an ACL.

typeACLHuJSONadded inv1.26.0

type ACLHuJSON struct {ACLstringWarnings []stringETagstring// to check with version on server}

ACLHuJSON contains the HuJSON string of the ACL and metadata.

typeACLPreviewadded inv1.26.0

type ACLPreview struct {Matches []UserRuleMatch `json:"matches"`Userstring          `json:"user,omitempty"`// Filled if response of PreviewACLForUser or PreviewACLHuJSONForUserIPPortstring          `json:"ipport,omitempty"`// Filled if response of PreviewACLForIPPort or PreviewACLHuJSONForIPPort// Postures is a map of postures and associated rules that apply// to this preview.// For more details about the posture mapping, see://https://tailscale.com/kb/1288/device-posture#posturesPostures map[string][]string `json:"postures,omitempty"`}

ACLPreview is the response type of PreviewACLForUser, PreviewACLForIPPort, PreviewACLHuJSONForUser, and PreviewACLHuJSONForIPPort

typeACLPreviewResponseadded inv1.26.0

type ACLPreviewResponse struct {Matches    []UserRuleMatch `json:"matches"`// ACL rules that match the specified user or ipport.Typestring          `json:"type"`// The request type: currently only "user" or "ipport".PreviewForstring          `json:"previewFor"`// A specific user or ipport.// Postures is a map of postures and associated rules that apply// to this preview.// For more details about the posture mapping, see://https://tailscale.com/kb/1288/device-posture#posturesPostures map[string][]string `json:"postures,omitempty"`}

ACLPreviewResponse is the response type of previewACLPostRequest

typeACLRowadded inv1.26.0

type ACLRow struct {Actionstring   `json:"action,omitempty"`// valid values: "accept"Protostring   `json:"proto,omitempty"`// protocolUsers  []string `json:"users,omitempty"`// old name for srcPorts  []string `json:"ports,omitempty"`// old name for dstSrc    []string `json:"src,omitempty"`Dst    []string `json:"dst,omitempty"`}

ACLRow defines a rule that grants access by a set of users or groups to a setof servers and ports.Only one of Src/Dst or Users/Ports may be specified.

typeACLTestadded inv1.26.0

type ACLTest struct {Srcstring   `json:"src,omitempty"`// sourceUserstring   `json:"user,omitempty"`// old name for sourceProtostring   `json:"proto,omitempty"`// protocolAccept []string `json:"accept,omitempty"`// expected destination ip:port that user can accessDeny   []string `json:"deny,omitempty"`// expected destination ip:port that user cannot accessAllow []string `json:"allow,omitempty"`// old name for accept}

ACLTest defines a test for your ACLs to prevent accidental exposure orrevoking of access to key servers and ports. Only one of Src or User may bespecified, and only one of Allow/Accept may be specified.

typeACLTestErroradded inv1.26.0

type ACLTestError struct {ErrResponseData []ACLTestFailureSummary `json:"data"`}

ACLTestError is ErrResponse but with an extra field to account for ACLTestFailureSummary.

func (ACLTestError)Erroradded inv1.26.0

func (eACLTestError) Error()string

typeACLTestFailureSummaryadded inv1.26.0

type ACLTestFailureSummary struct {// User is the source ("src") value of the ACL test that failed.// The name "user" is a legacy holdover from the original naming and// is kept for compatibility but it may also contain any value// that's valid in a ACL test "src" field.Userstring `json:"user,omitempty"`Errors   []string `json:"errors,omitempty"`Warnings []string `json:"warnings,omitempty"`}

ACLTestFailureSummary specifies a user for which ACL testsfailed and the related user-friendly error messages.

ACLTestFailureSummary specifies the JSON format sent to theJavaScript client to be rendered in the HTML.

typeAPIKeyadded inv1.26.0

type APIKeystring

APIKey is anAuthMethod forNewClient that authenticates requestsusing an authkey.

typeAuthMethodadded inv1.26.0

type AuthMethod interface {// contains filtered or unexported methods}

AuthMethod is the interface for API authentication methods.

Most users will use AuthKey.

typeBugReportOptsdeprecatedadded inv1.32.0

type BugReportOpts =local.BugReportOpts

BugReportOpts is an alias fortailscale.com/client/local.BugReportOpts.

Deprecated: importtailscale.com/client/local instead.

typeClientdeprecatedadded inv1.26.0

type Client struct {// BaseURL optionally specifies an alternate API server to use.// If empty, "https://api.tailscale.com" is used.BaseURLstring// HTTPClient optionally specifies an alternate HTTP client to use.// If nil, [http.DefaultClient] is used.HTTPClient *http.Client// UserAgent optionally specifies an alternate User-Agent headerUserAgentstring// contains filtered or unexported fields}

Client makes API calls to the Tailscale control plane API server.

UseNewClient to instantiate one. Exported fields should be set beforethe client is used and not changed thereafter.

Deprecated: usetailscale.com/client/tailscale/v2 instead.

funcNewClientdeprecatedadded inv1.26.0

func NewClient(tailnetstring, authAuthMethod) *Client

NewClient is a convenience method for instantiating a newClient.

tailnet is the globally unique identifier for a Tailscale network, suchas "example.com" or "user@gmail.com".If httpClient is nil, thenhttp.DefaultClient is used."api.tailscale.com" is set as the BaseURL for the returned clientand can be changed manually by the user.

Deprecated: usetailscale.com/client/tailscale/v2 instead.

func (*Client)ACLadded inv1.26.0

func (c *Client) ACL(ctxcontext.Context) (acl *ACL, errerror)

ACL makes a call to the Tailscale server to get a JSON-parsed version of the ACL.The JSON-parsed version of the ACL contains no comments as proper JSON does not supportcomments.

func (*Client)ACLHuJSONadded inv1.26.0

func (c *Client) ACLHuJSON(ctxcontext.Context) (acl *ACLHuJSON, errerror)

ACLHuJSON makes a call to the Tailscale server to get the ACL HuJSON and returnsit as a string.HuJSON is JSON with a few modifications to make it more human-friendly. The primarychanges are allowing comments and trailing comments. See the following links for more info:https://tailscale.com/s/acl-formathttps://github.com/tailscale/hujson

func (*Client)AuthorizeDeviceadded inv1.26.0

func (c *Client) AuthorizeDevice(ctxcontext.Context, deviceIDstring)error

AuthorizeDevice marks a device as authorized.

func (*Client)BuildTailnetURLadded inv1.82.0

func (c *Client) BuildTailnetURL(pathElements ...any)string

BuildTailnetURL builds a url to http(s)://<apiserver>/api/v2/tailnet/<tailnet>/<slash-separated-pathElements>using the given pathElements. It url escapes each path element, so thecaller doesn't need to worry about that. The last item of pathElements canbe of type url.Values to add a query string to the URL.

For example, BuildTailnetURL(policy, validate) with the default server URL and a tailnet of "example.com"would result inhttps://api.tailscale.com/api/v2/tailnet/example.com/policy/validate.

func (*Client)BuildURLadded inv1.82.0

func (c *Client) BuildURL(pathElements ...any)string

BuildURL builds a url to http(s)://<apiserver>/api/v2/<slash-separated-pathElements>using the given pathElements. It url escapes each path element, so thecaller doesn't need to worry about that. The last item of pathElements canbe of type url.Values to add a query string to the URL.

For example, BuildURL(devices, 5) with the default server URL would result inhttps://api.tailscale.com/api/v2/devices/5.

func (*Client)CreateKeyadded inv1.36.0

func (c *Client) CreateKey(ctxcontext.Context, capsKeyCapabilities) (keySecretstring, keyMeta *Key, _error)

CreateKey creates a new key for the current user. Currently, only auth keyscan be created. It returns the secret key itself, which cannot be retrieved againlater, and the key metadata.

To create a key with a specific expiry, use CreateKeyWithExpiry.

func (*Client)CreateKeyWithExpiryadded inv1.42.0

func (c *Client) CreateKeyWithExpiry(ctxcontext.Context, capsKeyCapabilities, expirytime.Duration) (keySecretstring, keyMeta *Key, _error)

CreateKeyWithExpiry is like CreateKey, but allows specifying a expiration time.

The time is truncated to a whole number of seconds. If zero, that means no expiration.

func (*Client)DNSConfigadded inv1.26.0

func (c *Client) DNSConfig(ctxcontext.Context) (cfg *apitype.DNSConfig, errerror)

DNSConfig retrieves the DNSConfig settings for a domain.

func (*Client)DNSPreferencesadded inv1.26.0

func (c *Client) DNSPreferences(ctxcontext.Context) (dnsResp *DNSPreferences, errerror)

DNSPreferences retrieves the DNS preferences set for a tailnet.

It returns the status of MagicDNS.

func (*Client)DeleteDeviceadded inv1.26.0

func (c *Client) DeleteDevice(ctxcontext.Context, deviceIDstring) (errerror)

DeleteDevice deletes the specified device from the Client's tailnet.NOTE: Only devices that belong to the Client's tailnet can be deleted.Deleting external devices is not supported.

func (*Client)DeleteKeyadded inv1.36.0

func (c *Client) DeleteKey(ctxcontext.Context, idstring)error

DeleteKey deletes the key with the given ID.

func (*Client)Deviceadded inv1.26.0

func (c *Client) Device(ctxcontext.Context, deviceIDstring, fields *DeviceFieldsOpts) (device *Device, errerror)

Device retrieved the details for a specific device.

See the Device structure for the list of fields hidden for an external device.The optional fields parameter specifies which fields of the devices to return; currentlyonly DeviceDefaultFields (equivalent to nil) and DeviceAllFields are supported.Other values are currently undefined.

func (*Client)Devicesadded inv1.26.0

func (c *Client) Devices(ctxcontext.Context, fields *DeviceFieldsOpts) (deviceList []*Device, errerror)

Devices retrieves the list of devices for a tailnet.

See the Device structure for the list of fields hidden for external devices.The optional fields parameter specifies which fields of the devices to return; currentlyonly DeviceDefaultFields (equivalent to nil) and DeviceAllFields are supported.Other values are currently undefined.

func (*Client)Doadded inv1.26.0

func (c *Client) Do(req *http.Request) (*http.Response,error)

Do sends a raw HTTP request, after adding any authentication headers.

func (*Client)Keyadded inv1.36.0

func (c *Client) Key(ctxcontext.Context, idstring) (*Key,error)

Key returns the metadata for the given key ID. Currently, capabilities areonly returned for auth keys, API keys only return general metadata.

func (*Client)Keysadded inv1.36.0

func (c *Client) Keys(ctxcontext.Context) ([]string,error)

Keys returns the list of keys for the current user.

func (*Client)NameServersadded inv1.26.0

func (c *Client) NameServers(ctxcontext.Context) (nameservers []string, errerror)

NameServers retrieves the list of nameservers set for a domain.

func (*Client)PreviewACLForIPPortadded inv1.26.0

func (c *Client) PreviewACLForIPPort(ctxcontext.Context, aclACL, ipportnetip.AddrPort) (res *ACLPreview, errerror)

PreviewACLForIPPort determines what rules match a given ACL for a ipport.The ACL can be a locally modified or clean ACL obtained from server.

Returns ACLPreview on success with matches in a slice. If there are no matches,the call is still successful but Matches will be an empty slice.Returns error if the provided ACL is invalid.

func (*Client)PreviewACLForUseradded inv1.26.0

func (c *Client) PreviewACLForUser(ctxcontext.Context, aclACL, userstring) (res *ACLPreview, errerror)

PreviewACLForUser determines what rules match a given ACL for a user.The ACL can be a locally modified or clean ACL obtained from server.

Returns ACLPreview on success with matches in a slice. If there are no matches,the call is still successful but Matches will be an empty slice.Returns error if the provided ACL is invalid.

func (*Client)PreviewACLHuJSONForIPPortadded inv1.26.0

func (c *Client) PreviewACLHuJSONForIPPort(ctxcontext.Context, aclACLHuJSON, ipportstring) (res *ACLPreview, errerror)

PreviewACLHuJSONForIPPort determines what rules match a given ACL for a ipport.The ACL can be a locally modified or clean ACL obtained from server.

Returns ACLPreview on success with matches in a slice. If there are no matches,the call is still successful but Matches will be an empty slice.Returns error if the provided ACL is invalid.

func (*Client)PreviewACLHuJSONForUseradded inv1.26.0

func (c *Client) PreviewACLHuJSONForUser(ctxcontext.Context, aclACLHuJSON, userstring) (res *ACLPreview, errerror)

PreviewACLHuJSONForUser determines what rules match a given ACL for a user.The ACL can be a locally modified or clean ACL obtained from server.

Returns ACLPreview on success with matches in a slice. If there are no matches,the call is still successful but Matches will be an empty slice.Returns error if the provided ACL is invalid.

func (*Client)Routesadded inv1.26.0

func (c *Client) Routes(ctxcontext.Context, deviceIDstring) (routes *Routes, errerror)

Routes retrieves the list of subnet routes that have been enabled for a device.The routes that are returned are not necessarily advertised by the device,they have only been preapproved.

func (*Client)SearchPathsadded inv1.26.0

func (c *Client) SearchPaths(ctxcontext.Context) (searchpaths []string, errerror)

SearchPaths retrieves the list of searchpaths set for a tailnet.

func (*Client)SetACLadded inv1.26.0

func (c *Client) SetACL(ctxcontext.Context, aclACL, avoidCollisionsbool) (res *ACL, errerror)

SetACL sends a POST request to update the ACL according to the provided ACL object. If`avoidCollisions` is true, it will use the ETag obtained in the GET request in an If-Matchheader to check if the previously obtained ACL was the latest version and that no updateswere missed.

Returns error with status code 412 if mistmached ETag and avoidCollisions is set to true.Returns error if ACL has tests that fail.Returns error if there are other errors with the ACL.

func (*Client)SetACLHuJSONadded inv1.26.0

func (c *Client) SetACLHuJSON(ctxcontext.Context, aclACLHuJSON, avoidCollisionsbool) (res *ACLHuJSON, errerror)

SetACLHuJSON sends a POST request to update the ACL according to the provided ACL object. If`avoidCollisions` is true, it will use the ETag obtained in the GET request in an If-Matchheader to check if the previously obtained ACL was the latest version and that no updateswere missed.

Returns error with status code 412 if mistmached ETag and avoidCollisions is set to true.Returns error if the HuJSON is invalid.Returns error if ACL has tests that fail.Returns error if there are other errors with the ACL.

func (*Client)SetAuthorizedadded inv1.44.0

func (c *Client) SetAuthorized(ctxcontext.Context, deviceIDstring, authorizedbool)error

SetAuthorized marks a device as authorized or not.

func (*Client)SetDNSConfigadded inv1.26.0

func (c *Client) SetDNSConfig(ctxcontext.Context, cfgapitype.DNSConfig) (resp *apitype.DNSConfig, errerror)

func (*Client)SetDNSPreferencesadded inv1.26.0

func (c *Client) SetDNSPreferences(ctxcontext.Context, magicDNSbool) (dnsResp *DNSPreferences, errerror)

SetDNSPreferences sets the DNS preferences for a tailnet.

MagicDNS can only be enabled when there is at least one nameserver provided.When all nameservers are removed, MagicDNS is disabled and will stay disabled,unless explicitly enabled by a user again.

func (*Client)SetNameServersadded inv1.26.0

func (c *Client) SetNameServers(ctxcontext.Context, nameservers []string) (dnsResp *DNSNameServersPostResponse, errerror)

SetNameServers sets the list of nameservers for a tailnet to the list providedby the user.

It returns the new list of nameservers and the MagicDNS status in case it wasaffected by the change. For example, removing all nameservers will turn offMagicDNS.

func (*Client)SetRoutesadded inv1.26.0

func (c *Client) SetRoutes(ctxcontext.Context, deviceIDstring, subnets []netip.Prefix) (routes *Routes, errerror)

SetRoutes updates the list of subnets that are enabled for a device.Subnets must be parsable by net/netip.ParsePrefix.Subnets do not have to be currently advertised by a device, they may be pre-enabled.Returns the updated list of enabled and advertised subnet routes in a *Routes object.

func (*Client)SetSearchPathsadded inv1.26.0

func (c *Client) SetSearchPaths(ctxcontext.Context, searchpaths []string) (newSearchPaths []string, errerror)

SetSearchPaths sets the list of searchpaths for a tailnet.

func (*Client)SetTagsadded inv1.26.0

func (c *Client) SetTags(ctxcontext.Context, deviceIDstring, tags []string)error

SetTags updates the ACL tags on a device.

func (*Client)Tailnetadded inv1.26.0

func (c *Client) Tailnet()string

func (*Client)TailnetDeleteRequestadded inv1.26.0

func (c *Client) TailnetDeleteRequest(ctxcontext.Context, tailnetIDstring) (errerror)

TailnetDeleteRequest handles sending a DELETE request for a tailnet to control.

func (*Client)ValidateACLJSONadded inv1.26.0

func (c *Client) ValidateACLJSON(ctxcontext.Context, source, deststring) (testErr *ACLTestError, errerror)

ValidateACLJSON takes in the given source and destination (in this situation,it is assumed that you are checking whether the source can connect to destination)and creates an ACLTest from that. It then sends the ACLTest to the control api aclvalidate endpoint, where the test is run. It returns a nil ACLTestError pointer ifno test errors occur.

typeClientConnectivityadded inv1.26.0

type ClientConnectivity struct {Endpoints             []string `json:"endpoints"`DERPstring   `json:"derp"`MappingVariesByDestIPopt.Bool `json:"mappingVariesByDestIP"`// DERPLatency is mapped by region name (e.g. "New York City", "Seattle").DERPLatency    map[string]DerpRegion `json:"latency"`ClientSupports map[string]opt.Bool   `json:"clientSupports"`}

typeDNSNameServersadded inv1.26.0

type DNSNameServers struct {DNS []string `json:"dns"`// DNS name servers}

DNSNameServers is returned when retrieving the list of nameservers.It is also the structure provided when setting nameservers.

typeDNSNameServersPostResponseadded inv1.26.0

type DNSNameServersPostResponse struct {DNS      []string `json:"dns"`// DNS name serversMagicDNSbool     `json:"magicDNS"`// whether MagicDNS is active for this tailnet (enabled + has fallback nameservers)}

DNSNameServersPostResponse is returned when setting the list of DNS nameservers.

It includes the MagicDNS status since nameservers changes may affect MagicDNS.

typeDNSPreferencesadded inv1.26.0

type DNSPreferences struct {MagicDNSbool `json:"magicDNS"`// whether MagicDNS is active for this tailnet (enabled + has fallback nameservers)}

DNSPreferences is the preferences set for a given tailnet.

It includes MagicDNS which can be turned on or off. To enable MagicDNS,there must be at least one nameserver. When all nameservers are removed,MagicDNS is disabled.

typeDNSSearchPathsadded inv1.26.0

type DNSSearchPaths struct {SearchPaths []string `json:"searchPaths"`// DNS search paths}

DNSSearchpaths is the list of search paths for a given domain.

typeDerpRegionadded inv1.26.0

type DerpRegion struct {Preferredbool    `json:"preferred,omitempty"`LatencyMillisecondsfloat64 `json:"latencyMs"`}

typeDeviceadded inv1.26.0

type Device struct {// Addresses is a list of the devices's Tailscale IP addresses.// It's currently just 1 element, the 100.x.y.z Tailscale IP.Addresses []string `json:"addresses"`DeviceIDstring   `json:"id"`NodeIDstring   `json:"nodeId"`Userstring   `json:"user"`Namestring   `json:"name"`Hostnamestring   `json:"hostname"`ClientVersionstring   `json:"clientVersion"`// Empty for external devices.UpdateAvailablebool     `json:"updateAvailable"`// Empty for external devices.OSstring   `json:"os"`Tags              []string `json:"tags"`Createdstring   `json:"created"`// Empty for external devices.LastSeenstring   `json:"lastSeen"`KeyExpiryDisabledbool     `json:"keyExpiryDisabled"`Expiresstring   `json:"expires"`Authorizedbool     `json:"authorized"`IsExternalbool     `json:"isExternal"`MachineKeystring   `json:"machineKey"`// Empty for external devices.NodeKeystring   `json:"nodeKey"`// BlocksIncomingConnections is configured via the device's// Tailscale client preferences. This field is only reported// to the API starting with Tailscale 1.3.x clients.BlocksIncomingConnectionsbool `json:"blocksIncomingConnections"`// EnabledRoutes are the previously-approved subnet routes// (e.g. "192.168.4.16/24", "10.5.2.4/32").EnabledRoutes []string `json:"enabledRoutes"`// Empty for external devices.// AdvertisedRoutes are the subnets (both enabled and not enabled)// being requested from the node.AdvertisedRoutes []string `json:"advertisedRoutes"`// Empty for external devices.ClientConnectivity *ClientConnectivity `json:"clientConnectivity"`// PostureIdentity contains extra identifiers collected from the device when// the tailnet has the device posture identification features enabled. If// Tailscale have attempted to collect this from the device but it has not// opted in, PostureIdentity will have Disabled=true.PostureIdentity *DevicePostureIdentity `json:"postureIdentity"`// TailnetLockKey is the tailnet lock public key of the node as a hex string.TailnetLockKeystring `json:"tailnetLockKey,omitempty"`// TailnetLockErr indicates an issue with the tailnet lock node-key signature// on this device. This field is only populated when tailnet lock is enabled.TailnetLockErrstring `json:"tailnetLockError,omitempty"`}

typeDeviceFieldsOptsadded inv1.26.0

type DeviceFieldsOptsDevice

DeviceFieldsOpts determines which fields should be returned in the response.

Please only use DeviceAllFields and DeviceDefaultFields.Other DeviceFieldsOpts are not supported.

TODO: Support other DeviceFieldsOpts.In the future, users should be able to create their own DeviceFieldsOptsas valid arguments by setting the fields they want returned to a "non-nil"value. For example, DeviceFieldsOpts{NodeID: "true"} should only return NodeIDs.

typeDevicePostureIdentityadded inv1.58.0

type DevicePostureIdentity struct {Disabledbool     `json:"disabled,omitempty"`SerialNumbers []string `json:"serialNumbers,omitempty"`}

typeErrResponseadded inv1.26.0

type ErrResponse struct {StatusintMessagestring}

ErrResponse is the HTTP error returned by the Tailscale server.

func (ErrResponse)Erroradded inv1.26.0

func (eErrResponse) Error()string

typeGetDevicesResponseadded inv1.26.0

type GetDevicesResponse struct {Devices []*Device `json:"devices"`}

typeIPNBusWatcherdeprecatedadded inv1.34.0

type IPNBusWatcher =local.IPNBusWatcher

IPNBusWatcher is an alias fortailscale.com/client/local.IPNBusWatcher.

Deprecated: importtailscale.com/client/local instead.

typeKeyadded inv1.36.0

type Key struct {IDstring          `json:"id"`Createdtime.Time       `json:"created"`Expirestime.Time       `json:"expires"`CapabilitiesKeyCapabilities `json:"capabilities"`}

Key represents a Tailscale API or auth key.

typeKeyCapabilitiesadded inv1.36.0

type KeyCapabilities struct {DevicesKeyDeviceCapabilities `json:"devices,omitempty"`}

KeyCapabilities are the capabilities of a Key.

typeKeyDeviceCapabilitiesadded inv1.36.0

type KeyDeviceCapabilities struct {CreateKeyDeviceCreateCapabilities `json:"create"`}

KeyDeviceCapabilities are the device-related capabilities of a Key.

typeKeyDeviceCreateCapabilitiesadded inv1.36.0

type KeyDeviceCreateCapabilities struct {Reusablebool     `json:"reusable"`Ephemeralbool     `json:"ephemeral"`Preauthorizedbool     `json:"preauthorized"`Tags          []string `json:"tags,omitempty"`}

KeyDeviceCreateCapabilities are the device creation capabilities of a Key.

typeLocalClientdeprecatedadded inv1.26.0

type LocalClient =local.Client

LocalClient is an alias fortailscale.com/client/local.Client.

Deprecated: importtailscale.com/client/local instead.

typeNodeAttrGrantadded inv1.70.0

type NodeAttrGrant struct {// Target specifies which nodes the attributes apply to. The nodes can be a// tag (tag:server), user (alice@example.com), group (group:kids), or *.Target []string `json:"target,omitempty"`// Attr are the attributes to set on Target(s).Attr []string `json:"attr,omitempty"`}

NodeAttrGrant defines additional string attributes that apply to specific devices.

typePingOptsdeprecatedadded inv1.48.0

type PingOpts =local.PingOpts

PingOpts is an alias fortailscale.com/client/local.PingOpts.

Deprecated: importtailscale.com/client/local instead.

typeRoutesadded inv1.26.0

type Routes struct {AdvertisedRoutes []netip.Prefix `json:"advertisedRoutes"`EnabledRoutes    []netip.Prefix `json:"enabledRoutes"`}

Routes contains the lists of subnet routes that are currently advertised by a device,as well as the subnets that are enabled to be routed by the device.

typeUserRuleMatchadded inv1.26.0

type UserRuleMatch struct {Users      []string `json:"users"`Ports      []string `json:"ports"`LineNumberint      `json:"lineNumber"`// Via is the list of targets through which Users can access Ports.// Seehttps://tailscale.com/kb/1378/via for more information.Via []string `json:"via,omitempty"`// Postures is a list of posture policies that are// associated with this match. The rules can be looked// up in the ACLPreviewResponse parent struct.// The source of the list is from srcPosture on// an ACL or Grant rule://https://tailscale.com/kb/1288/device-posture#posture-conditionsPostures []string `json:"postures"`}

UserRuleMatch specifies the source users/groups/hosts that a rule targetsand the destination ports that they can access.LineNumber is only useful for requests provided in HuJSON form.While JSON requests will have LineNumber, the value is not useful.

Source Files

View all Source files

Directories

PathSynopsis
module
Package apitype contains types for the Tailscale LocalAPI and control plane API.
Package apitype contains types for the Tailscale LocalAPI and control plane API.
example
servetlscommand
The servetls program shows how to run an HTTPS server using a Tailscale cert via LetsEncrypt.
The servetls program shows how to run an HTTPS server using a Tailscale cert via LetsEncrypt.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f orF : Jump to
y orY : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic.Learn more.
[8]ページ先頭
©2009-2025 Movatter.jp