README
¶
tailscale.com/client/tailscale/v2
The official client implementation for the Tailscale HTTP API. For more details, please see API documentation.
Example (Using API Key)
package main
import (
"context"
"os"
"tailscale.com/client/tailscale/v2"
)
func main() {
client := &tailscale.Client{
Tailnet: os.Getenv("TAILSCALE_TAILNET"),
APIKey: os.Getenv("TAILSCALE_API_KEY"),
}
devices, err := client.Devices().List(context.Background())
}
Example (Using OAuth)
package main
import (
"context"
"os"
"tailscale.com/client/tailscale/v2"
)
func main() {
client := &tailscale.Client{
Tailnet: os.Getenv("TAILSCALE_TAILNET"),
Auth: &tailscale.OAuth{
ClientID: os.Getenv("TAILSCALE_OAUTH_CLIENT_ID"),
ClientSecret: os.Getenv("TAILSCALE_OAUTH_CLIENT_SECRET"),
Scopes: []string{"all:write"},
},
}
devices, err := client.Devices().List(context.Background())
}
Example (Using Identity Federation)
package main
import (
"context"
"os"
"tailscale.com/client/tailscale/v2"
)
func main() {
client := &tailscale.Client{
Tailnet: os.Getenv("TAILSCALE_TAILNET"),
Auth: &tailscale.IdentityFederation{
ClientID: os.Getenv("TAILSCALE_OAUTH_CLIENT_ID"),
IDTokenFunc: func() (string, error) {
return os.Getenv("IDENTITY_TOKEN"), nil
},
},
}
devices, err := client.Devices().List(context.Background())
}
Example (Using Your Own Authentication Mechanism)
package main
import (
"context"
"os"
"tailscale.com/client/tailscale/v2"
)
type MyAuth struct {...}
func (a *MyAuth) HTTPClient(orig *http.Client, baseURL string) *http.Client {
// build an HTTP client that adds authentication to outgoing requests
// see tailscale.OAuth for an example.
}
func main() {
client := &tailscale.Client{
Tailnet: os.Getenv("TAILSCALE_TAILNET"),
Auth: &MyAuth{...},
}
devices, err := client.Devices().List(context.Background())
}
Releasing
Pushing a tag of the format vX.Y.Z will trigger the release workflow which uses
goreleaser to build and sign artifacts and generate a
GitHub release.
Documentation
¶
Overview ¶
Package tailscale contains a basic implementation of a client for the Tailscale HTTP API.
Documentation is at https://tailscale.com/api
Index ¶
- func IsNotFound(err error) bool
- func PointerTo[T any](value T) *T
- type ACL
- type ACLAttrConfig
- type ACLAutoApprovers
- type ACLDERPMap
- type ACLDERPNode
- type ACLDERPRegion
- type ACLEntry
- type ACLSSH
- type ACLTest
- type APIError
- type APIErrorData
- type AWSExternalID
- type Auth
- type Client
- func (c *Client) Contacts() *ContactsResource
- func (c *Client) DNS() *DNSResource
- func (c *Client) DevicePosture() *DevicePostureResource
- func (c *Client) Devices() *DevicesResource
- func (c *Client) Keys() *KeysResource
- func (c *Client) Logging() *LoggingResource
- func (c *Client) PolicyFile() *PolicyFileResource
- func (c *Client) Services() *ServicesResource
- func (c *Client) TailnetSettings() *TailnetSettingsResource
- func (c *Client) Users() *UsersResource
- func (c *Client) VIPServices() *ServicesResource
- func (c *Client) Webhooks() *WebhooksResource
- type ClientConnectivity
- type ClientSupports
- type CompressionFormat
- type Contact
- type ContactType
- type Contacts
- type ContactsResource
- type CreateFederatedIdentityRequest
- type CreateKeyRequest
- type CreateOAuthClientRequest
- type CreatePostureIntegrationRequest
- type CreateWebhookRequest
- type DERPRegion
- type DNSConfiguration
- type DNSConfigurationPreferences
- type DNSConfigurationResolver
- type DNSPreferences
- type DNSResource
- func (dr *DNSResource) Configuration(ctx context.Context) (*DNSConfiguration, error)
- func (dr *DNSResource) Nameservers(ctx context.Context) ([]string, error)
- func (dr *DNSResource) Preferences(ctx context.Context) (*DNSPreferences, error)
- func (dr *DNSResource) SearchPaths(ctx context.Context) ([]string, error)
- func (dr *DNSResource) SetConfiguration(ctx context.Context, configuration DNSConfiguration) error
- func (dr *DNSResource) SetNameservers(ctx context.Context, dns []string) error
- func (dr *DNSResource) SetPreferences(ctx context.Context, preferences DNSPreferences) error
- func (dr *DNSResource) SetSearchPaths(ctx context.Context, searchPaths []string) error
- func (dr *DNSResource) SetSplitDNS(ctx context.Context, request SplitDNSRequest) error
- func (dr *DNSResource) SplitDNS(ctx context.Context) (SplitDNSResponse, error)
- func (dr *DNSResource) UpdateSplitDNS(ctx context.Context, request SplitDNSRequest) (SplitDNSResponse, error)
- type Device
- type DeviceKey
- type DevicePostureAttributeRequest
- type DevicePostureAttributes
- type DevicePostureResource
- func (pr *DevicePostureResource) CreateIntegration(ctx context.Context, intg CreatePostureIntegrationRequest) (*PostureIntegration, error)
- func (pr *DevicePostureResource) DeleteIntegration(ctx context.Context, id string) error
- func (pr *DevicePostureResource) GetIntegration(ctx context.Context, id string) (*PostureIntegration, error)
- func (pr *DevicePostureResource) ListIntegrations(ctx context.Context) ([]PostureIntegration, error)
- func (pr *DevicePostureResource) UpdateIntegration(ctx context.Context, id string, intg UpdatePostureIntegrationRequest) (*PostureIntegration, error)
- type DeviceRoutes
- type DevicesResource
- func (dr *DevicesResource) Delete(ctx context.Context, deviceID string) error
- func (dr *DevicesResource) DeletePostureAttribute(ctx context.Context, deviceID, attributeKey string) error
- func (dr *DevicesResource) Get(ctx context.Context, deviceID string) (*Device, error)
- func (dr *DevicesResource) GetPostureAttributes(ctx context.Context, deviceID string) (*DevicePostureAttributes, error)
- func (dr *DevicesResource) GetWithAllFields(ctx context.Context, deviceID string) (*Device, error)
- func (dr *DevicesResource) List(ctx context.Context, opts ...ListDevicesOptions) ([]Device, error)
- func (dr *DevicesResource) ListWithAllFields(ctx context.Context) ([]Device, error)deprecated
- func (dr *DevicesResource) SetAuthorized(ctx context.Context, deviceID string, authorized bool) error
- func (dr *DevicesResource) SetIPv4Address(ctx context.Context, deviceID string, ipv4Address string) error
- func (dr *DevicesResource) SetKey(ctx context.Context, deviceID string, key DeviceKey) error
- func (dr *DevicesResource) SetName(ctx context.Context, deviceID, name string) error
- func (dr *DevicesResource) SetPostureAttribute(ctx context.Context, deviceID, attributeKey string, ...) error
- func (dr *DevicesResource) SetSubnetRoutes(ctx context.Context, deviceID string, routes []string) error
- func (dr *DevicesResource) SetTags(ctx context.Context, deviceID string, tags []string) error
- func (dr *DevicesResource) SubnetRoutes(ctx context.Context, deviceID string) (*DeviceRoutes, error)
- type Distro
- type Grant
- type IdentityFederation
- type IncludeFields
- type Key
- type KeyCapabilities
- type KeysResource
- func (kr *KeysResource) Create(ctx context.Context, ckr CreateKeyRequest) (*Key, error)
- func (kr *KeysResource) CreateAuthKey(ctx context.Context, ckr CreateKeyRequest) (*Key, error)
- func (kr *KeysResource) CreateFederatedIdentity(ctx context.Context, ckr CreateFederatedIdentityRequest) (*Key, error)
- func (kr *KeysResource) CreateOAuthClient(ctx context.Context, ckr CreateOAuthClientRequest) (*Key, error)
- func (kr *KeysResource) Delete(ctx context.Context, id string) error
- func (kr *KeysResource) Get(ctx context.Context, id string) (*Key, error)
- func (kr *KeysResource) List(ctx context.Context, all bool) ([]Key, error)
- func (kr *KeysResource) SetFederatedIdentity(ctx context.Context, id string, skr SetFederatedIdentityRequest) (*Key, error)
- func (kr *KeysResource) SetOAuthClient(ctx context.Context, id string, skr SetOAuthClientRequest) (*Key, error)
- type ListDevicesOptions
- type LogType
- type LoggingResource
- func (lr *LoggingResource) CreateOrGetAwsExternalId(ctx context.Context, reusable bool) (*AWSExternalID, error)
- func (lr *LoggingResource) DeleteLogstreamConfiguration(ctx context.Context, logType LogType) error
- func (lr *LoggingResource) GetNetworkFlowLogs(ctx context.Context, params NetworkFlowLogsRequest, ...) error
- func (lr *LoggingResource) LogstreamConfiguration(ctx context.Context, logType LogType) (*LogstreamConfiguration, error)
- func (lr *LoggingResource) SetLogstreamConfiguration(ctx context.Context, logType LogType, request SetLogstreamConfigurationRequest) error
- func (lr *LoggingResource) ValidateAWSTrustPolicy(ctx context.Context, awsExternalID string, roleARN string) error
- type LogstreamConfiguration
- type LogstreamEndpointType
- type NetworkFlowLog
- type NetworkFlowLogHandler
- type NetworkFlowLogsRequest
- type NodeAttrGrant
- type NodeAttrGrantApp
- type OAuth
- type OAuthConfig
- type PolicyFileResource
- func (pr *PolicyFileResource) Get(ctx context.Context) (*ACL, error)
- func (pr *PolicyFileResource) Raw(ctx context.Context) (*RawACL, error)
- func (pr *PolicyFileResource) Set(ctx context.Context, acl any, etag string) error
- func (pr *PolicyFileResource) SetAndGet(ctx context.Context, acl ACL, etag string) (*ACL, error)
- func (pr *PolicyFileResource) Validate(ctx context.Context, acl any) error
- type PostureIntegration
- type PostureIntegrationProvider
- type RawACL
- type RoleAllowedToJoinExternalTailnets
- type S3AuthenticationType
- type SSHCheckPeriod
- type Service
- type ServiceApproval
- type ServiceHost
- type ServicesResource
- func (sr *ServicesResource) CreateOrUpdate(ctx context.Context, svc Service) error
- func (sr *ServicesResource) Delete(ctx context.Context, name string) error
- func (sr *ServicesResource) Get(ctx context.Context, name string) (*Service, error)
- func (sr *ServicesResource) GetDeviceApproval(ctx context.Context, serviceName, deviceID string) (*ServiceApproval, error)
- func (sr *ServicesResource) List(ctx context.Context) ([]Service, error)
- func (sr *ServicesResource) ListHosts(ctx context.Context, serviceName string) ([]ServiceHost, error)
- func (sr *ServicesResource) UpdateDeviceApproval(ctx context.Context, serviceName, deviceID string, approved bool) (*ServiceApproval, error)
- func (sr *ServicesResource) Upsert(ctx context.Context, serviceName string, svc Service) (*Service, error)
- type SetFederatedIdentityRequest
- type SetLogstreamConfigurationRequest
- type SetOAuthClientRequest
- type SplitDNSRequest
- type SplitDNSResponse
- type TailnetSettings
- type TailnetSettingsResource
- type Time
- type TrafficStats
- type UpdateContactRequest
- type UpdatePostureIntegrationRequest
- type UpdateTailnetSettingsRequest
- type User
- type UserRole
- type UserStatus
- type UserType
- type UsersResource
- type VIPService
- type VIPServiceApproval
- type VIPServicesResource
- type Webhook
- type WebhookProviderType
- type WebhookSubscriptionType
- type WebhooksResource
- func (wr *WebhooksResource) Create(ctx context.Context, request CreateWebhookRequest) (*Webhook, error)
- func (wr *WebhooksResource) Delete(ctx context.Context, endpointID string) error
- func (wr *WebhooksResource) Get(ctx context.Context, endpointID string) (*Webhook, error)
- func (wr *WebhooksResource) List(ctx context.Context) ([]Webhook, error)
- func (wr *WebhooksResource) RotateSecret(ctx context.Context, endpointID string) (*Webhook, error)
- func (wr *WebhooksResource) Test(ctx context.Context, endpointID string) error
- func (wr *WebhooksResource) Update(ctx context.Context, endpointID string, ...) (*Webhook, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsNotFound ¶
IsNotFound returns true if the provided error implementation is an APIError with a status of 404.
Types ¶
type ACL ¶
type ACL struct {
ACLs []ACLEntry `json:"acls,omitempty" hujson:"ACLs,omitempty"`
AutoApprovers *ACLAutoApprovers `json:"autoApprovers,omitempty" hujson:"AutoApprovers,omitempty"`
Groups map[string][]string `json:"groups,omitempty" hujson:"Groups,omitempty"`
Hosts map[string]string `json:"hosts,omitempty" hujson:"Hosts,omitempty"`
TagOwners map[string][]string `json:"tagOwners,omitempty" hujson:"TagOwners,omitempty"`
DERPMap *ACLDERPMap `json:"derpMap,omitempty" hujson:"DerpMap,omitempty"`
Tests []ACLTest `json:"tests,omitempty" hujson:"Tests,omitempty"`
SSH []ACLSSH `json:"ssh,omitempty" hujson:"SSH,omitempty"`
NodeAttrs []NodeAttrGrant `json:"nodeAttrs,omitempty" hujson:"NodeAttrs,omitempty"`
DisableIPv4 bool `json:"disableIPv4,omitempty" hujson:"DisableIPv4,omitempty"`
OneCGNATRoute string `json:"oneCGNATRoute,omitempty" hujson:"OneCGNATRoute,omitempty"`
RandomizeClientPort bool `json:"randomizeClientPort,omitempty" hujson:"RandomizeClientPort,omitempty"`
Grants []Grant `json:"grants,omitempty" hujson:"Grants,omitempty"`
IPSets map[string][]string `json:"ipsets,omitempty" hujson:"IPSets,omitempty"`
Postures map[string][]string `json:"postures,omitempty" hujson:"Postures,omitempty"`
DefaultSourcePosture []string `json:"defaultSrcPosture,omitempty" hujson:"DefaultSrcPosture,omitempty"`
// AttrConfig maps attribute names to their configuration for custom device attributes.
AttrConfig map[string]ACLAttrConfig `json:"attrConfig,omitempty" hujson:"AttrConfig,omitempty"`
// ETag is the etag corresponding to this version of the ACL
ETag string `json:"-"`
}
ACL contains the schema for a tailnet policy file. More details: https://tailscale.com/kb/1018/acls/
type ACLAttrConfig ¶
type ACLAttrConfig struct {
// Type can be one of "string", "bool", or "number".
Type string `json:"type,omitempty" hujson:"Type,omitempty"`
// AllowSetByNode indicates if nodes can set this attribute via LocalAPI.
AllowSetByNode bool `json:"allowSetByNode,omitempty" hujson:"AllowSetByNode,omitempty"`
// BroadcastToPeers is a list of destinations which should receive this attribute value, e.g. ["tag:admin"].
BroadcastToPeers []string `json:"broadcastToPeers,omitempty" hujson:"BroadcastToPeers,omitempty"`
}
ACLAttrConfig represents configuration for a custom device attribute.
type ACLAutoApprovers ¶
type ACLDERPMap ¶
type ACLDERPMap struct {
Regions map[int]*ACLDERPRegion `json:"regions" hujson:"Regions"`
OmitDefaultRegions bool `json:"omitDefaultRegions,omitempty" hujson:"OmitDefaultRegions,omitempty"`
}
type ACLDERPNode ¶
type ACLDERPNode struct {
Name string `json:"name" hujson:"Name"`
RegionID int `json:"regionID" hujson:"RegionID"`
HostName string `json:"hostName" hujson:"HostName"`
CertName string `json:"certName,omitempty" hujson:"CertName,omitempty"`
IPv4 string `json:"ipv4,omitempty" hujson:"IPv4,omitempty"`
IPv6 string `json:"ipv6,omitempty" hujson:"IPv6,omitempty"`
STUNPort int `json:"stunPort,omitempty" hujson:"STUNPort,omitempty"`
STUNOnly bool `json:"stunOnly,omitempty" hujson:"STUNOnly,omitempty"`
DERPPort int `json:"derpPort,omitempty" hujson:"DERPPort,omitempty"`
}
type ACLDERPRegion ¶
type ACLDERPRegion struct {
RegionID int `json:"regionID" hujson:"RegionID"`
RegionCode string `json:"regionCode" hujson:"RegionCode"`
RegionName string `json:"regionName" hujson:"RegionName"`
Avoid bool `json:"avoid,omitempty" hujson:"Avoid,omitempty"`
Nodes []*ACLDERPNode `json:"nodes" hujson:"Nodes"`
}
type ACLEntry ¶
type ACLEntry struct {
Action string `json:"action,omitempty" hujson:"Action,omitempty"`
Ports []string `json:"ports,omitempty" hujson:"Ports,omitempty"`
Users []string `json:"users,omitempty" hujson:"Users,omitempty"`
Source []string `json:"src,omitempty" hujson:"Src,omitempty"`
Destination []string `json:"dst,omitempty" hujson:"Dst,omitempty"`
Protocol string `json:"proto,omitempty" hujson:"Proto,omitempty"`
SourcePosture []string `json:"srcPosture,omitempty" hujson:"SrcPosture,omitempty"`
}
type ACLSSH ¶
type ACLSSH struct {
Action string `json:"action,omitempty" hujson:"Action,omitempty"`
Users []string `json:"users,omitempty" hujson:"Users,omitempty"`
Source []string `json:"src,omitempty" hujson:"Src,omitempty"`
Destination []string `json:"dst,omitempty" hujson:"Dst,omitempty"`
CheckPeriod SSHCheckPeriod `json:"checkPeriod,omitempty" hujson:"CheckPeriod,omitempty"`
Recorder []string `json:"recorder,omitempty" hujson:"Recorder,omitempty"`
EnforceRecorder bool `json:"enforceRecorder,omitempty" hujson:"EnforceRecorder,omitempty"`
}
type ACLTest ¶
type ACLTest struct {
User string `json:"user,omitempty" hujson:"User,omitempty"`
Allow []string `json:"allow,omitempty" hujson:"Allow,omitempty"`
Deny []string `json:"deny,omitempty" hujson:"Deny,omitempty"`
Source string `json:"src,omitempty" hujson:"Src,omitempty"`
Accept []string `json:"accept,omitempty" hujson:"Accept,omitempty"`
SrcPostureAttrs map[string]any `json:"srcPostureAttrs,omitempty" hujson:"SrcPostureAttrs,omitempty"`
}
type APIError ¶
type APIError struct {
Message string `json:"message"`
Data []APIErrorData `json:"data"`
Status int `json:"status"`
}
APIError type describes an error as returned by the Tailscale API.
type APIErrorData ¶
APIErrorData type describes elements of the data field within errors returned by the Tailscale API.
type AWSExternalID ¶
type AWSExternalID struct {
ExternalID string `json:"externalId,omitempty"`
TailscaleAWSAccountID string `json:"tailscaleAwsAccountId,omitempty"`
}
AWSExternalID represents an AWS External ID that Tailscale can use to stream logs from a particular Tailscale AWS account to a LogstreamS3Endpoint that uses S3RoleARNAuthentication.
type Auth ¶
type Auth interface {
// HTTPClient builds an http.Client that uses orig as a starting point and
// adds its own authentication to outgoing requests. baseURL is the base URL
// of the API server to which we will be authenticating.
HTTPClient(orig *http.Client, baseURL string) *http.Client
}
Auth is a pluggable mechanism for authenticating requests.
type Client ¶
type Client struct {
// BaseURL is the base URL for accessing the Tailscale API server. Defaults to https://api.tailscale.com.
BaseURL *url.URL
// UserAgent configures the User-Agent HTTP header for requests. Defaults to "tailscale-client-go".
UserAgent string
// APIKey allows specifying an APIKey to use for authentication.
// To use OAuth Client credentials, specify OAuth in the Auth field instead.
// To use Identity Federation, specify IdentityFederation in the Auth field instead.
APIKey string
// Auth specifies a mechanism for adding authentication to outgoing requests.
// If provided, APIKey is ignored.
Auth Auth
// Tailnet allows specifying a specific tailnet by name, to which this Client will connect by default.
// If Tailnet is left blank, the client will connect to default tailnet based on the client's credential,
// using the "-" (dash) default tailnet path.
Tailnet string
// HTTP is the [http.Client] to use for requests to the API server.
// If not specified, a new [http.Client] with a Timeout of 1 minute will be used.
HTTP *http.Client
// contains filtered or unexported fields
}
Client is used to perform actions against the Tailscale API.
func (*Client) Contacts ¶
func (c *Client) Contacts() *ContactsResource
Contacts() provides access to https://tailscale.com/api#tag/contacts.
func (*Client) DNS ¶
func (c *Client) DNS() *DNSResource
DNS provides access to https://tailscale.com/api#tag/dns.
func (*Client) DevicePosture ¶
func (c *Client) DevicePosture() *DevicePostureResource
DevicePosture provides access to https://tailscale.com/api#tag/deviceposture.
func (*Client) Devices ¶
func (c *Client) Devices() *DevicesResource
Devices provides access to https://tailscale.com/api#tag/devices.
func (*Client) Keys ¶
func (c *Client) Keys() *KeysResource
Keys provides access to https://tailscale.com/api#tag/keys.
func (*Client) Logging ¶
func (c *Client) Logging() *LoggingResource
Logging provides access to https://tailscale.com/api#tag/logging.
func (*Client) PolicyFile ¶
func (c *Client) PolicyFile() *PolicyFileResource
PolicyFile provides access to https://tailscale.com/api#tag/policyfile.
func (*Client) Services ¶
func (c *Client) Services() *ServicesResource
Services provides access to https://tailscale.com/api#tag/services.
func (*Client) TailnetSettings ¶
func (c *Client) TailnetSettings() *TailnetSettingsResource
TailnetSettings provides access to https://tailscale.com/api#tag/tailnetsettings.
func (*Client) Users ¶
func (c *Client) Users() *UsersResource
Users provides access to https://tailscale.com/api#tag/users.
func (*Client) VIPServices ¶
func (c *Client) VIPServices() *ServicesResource
VIPServices provides access to https://tailscale.com/api#tag/services. Deprecated: use Client.Services instead.
func (*Client) Webhooks ¶
func (c *Client) Webhooks() *WebhooksResource
Webhooks provides access to https://tailscale.com/api#tag/webhooks.
type ClientConnectivity ¶
type ClientConnectivity struct {
Endpoints []string `json:"endpoints"`
DERP string `json:"derp"`
MappingVariesByDestIP bool `json:"mappingVariesByDestIP"`
// DERPLatency is mapped by region name (e.g. "New York City", "Seattle").
DERPLatency map[string]DERPRegion `json:"latency"`
ClientSupports ClientSupports `json:"clientSupports"`
}
type ClientSupports ¶
type CompressionFormat ¶
type CompressionFormat string
CompressionFormat specifies what kind of compression to use on logs.
const ( CompressionFormatNone CompressionFormat = "none" CompressionFormatZstd CompressionFormat = "zstd" CompressionFormatGzip CompressionFormat = "gzip" )
type Contact ¶
type Contact struct {
Email string `json:"email"`
// FallbackEmail is the email used when Email has not been verified.
FallbackEmail string `json:"fallbackEmail,omitempty"`
// NeedsVerification is true if Email needs to be verified.
NeedsVerification bool `json:"needsVerification"`
}
Contact type defines the structure of an individual contact for the tailnet.
type ContactType ¶
type ContactType string
ContactType defines the type of contact.
const ( ContactAccount ContactType = "account" ContactSupport ContactType = "support" ContactSecurity ContactType = "security" )
type Contacts ¶
type Contacts struct {
Account Contact `json:"account"`
Support Contact `json:"support"`
Security Contact `json:"security"`
}
Contacts type defines the object returned when retrieving contacts.
type ContactsResource ¶
type ContactsResource struct {
*Client
}
ContactsResource provides access to https://tailscale.com/api#tag/contacts.
func (*ContactsResource) Get ¶
func (cr *ContactsResource) Get(ctx context.Context) (*Contacts, error)
Get retieves the Contacts for the tailnet.
func (*ContactsResource) Update ¶
func (cr *ContactsResource) Update(ctx context.Context, contactType ContactType, contact UpdateContactRequest) error
Update updates the email for the specified ContactType within the tailnet. If the email address changes, the system will send a verification email to confirm the change.
type CreateFederatedIdentityRequest ¶
type CreateFederatedIdentityRequest struct {
Scopes []string `json:"scopes"`
Tags []string `json:"tags"`
Audience string `json:"audience"`
Issuer string `json:"issuer"`
Subject string `json:"subject"`
CustomClaimRules map[string]string `json:"customClaimRules"`
Description string `json:"description"`
}
CreateFederatedIdentityRequest describes the definition of a federated identity to create.
type CreateKeyRequest ¶
type CreateKeyRequest struct {
Capabilities KeyCapabilities `json:"capabilities"`
ExpirySeconds int64 `json:"expirySeconds"`
Description string `json:"description"`
}
CreateKeyRequest describes the definition of an authentication key to create.
type CreateOAuthClientRequest ¶
type CreateOAuthClientRequest struct {
Scopes []string `json:"scopes"`
Tags []string `json:"tags"`
Description string `json:"description"`
}
CreateOAuthClientRequest describes the definition of an OAuth client to create.
type CreatePostureIntegrationRequest ¶
type CreatePostureIntegrationRequest struct {
Provider PostureIntegrationProvider `json:"provider,omitempty"`
CloudID string `json:"cloudId,omitempty"`
ClientID string `json:"clientId,omitempty"`
TenantID string `json:"tenantId,omitempty"`
ClientSecret string `json:"clientSecret,omitempty"`
}
CreatePostureIntegrationRequest is a request to create a posture integration.
type CreateWebhookRequest ¶
type CreateWebhookRequest struct {
EndpointURL string `json:"endpointUrl"`
ProviderType WebhookProviderType `json:"providerType"`
Subscriptions []WebhookSubscriptionType `json:"subscriptions"`
}
CreateWebhookRequest type describes the configuration for creating a Webhook.
type DERPRegion ¶
type DNSConfiguration ¶
type DNSConfiguration struct {
Nameservers []DNSConfigurationResolver `json:"nameservers,omitempty"`
SplitDNS map[string][]DNSConfigurationResolver `json:"splitDNS,omitempty"`
SearchPaths []string `json:"searchPaths,omitempty"`
Preferences DNSConfigurationPreferences `json:"preferences,omitempty"`
}
type DNSPreferences ¶
type DNSPreferences struct {
MagicDNS bool `json:"magicDNS"`
}
type DNSResource ¶
type DNSResource struct {
*Client
}
DNSResource provides access to https://tailscale.com/api#tag/dns.
func (*DNSResource) Configuration ¶
func (dr *DNSResource) Configuration(ctx context.Context) (*DNSConfiguration, error)
Configuration retrieves the tailnet's complete DNS configuration. WARNING - this is currently in alpha and subject to change.
func (*DNSResource) Nameservers ¶
func (dr *DNSResource) Nameservers(ctx context.Context) ([]string, error)
Nameservers lists the DNS nameservers for the tailnet
func (*DNSResource) Preferences ¶
func (dr *DNSResource) Preferences(ctx context.Context) (*DNSPreferences, error)
Preferences retrieves the DNS preferences that are currently set for the given tailnet.
func (*DNSResource) SearchPaths ¶
func (dr *DNSResource) SearchPaths(ctx context.Context) ([]string, error)
SearchPaths retrieves the list of search paths that is currently set for the given tailnet.
func (*DNSResource) SetConfiguration ¶
func (dr *DNSResource) SetConfiguration(ctx context.Context, configuration DNSConfiguration) error
SetConfiguration sets the tailnet's complete DNS configuration. WARNING - this is currently in alpha and subject to change.
func (*DNSResource) SetNameservers ¶
func (dr *DNSResource) SetNameservers(ctx context.Context, dns []string) error
SetNameservers replaces the list of DNS nameservers for the given tailnet with the list supplied by the user. Note that changing the list of DNS nameservers may also affect the status of MagicDNS (if MagicDNS is on).
func (*DNSResource) SetPreferences ¶
func (dr *DNSResource) SetPreferences(ctx context.Context, preferences DNSPreferences) error
SetPreferences replaces the DNS preferences for the tailnet, specifically, the MagicDNS setting. Note that MagicDNS is dependent on DNS servers.
func (*DNSResource) SetSearchPaths ¶
func (dr *DNSResource) SetSearchPaths(ctx context.Context, searchPaths []string) error
SetSearchPaths replaces the list of search paths with the list supplied by the user and returns an error otherwise.
func (*DNSResource) SetSplitDNS ¶
func (dr *DNSResource) SetSplitDNS(ctx context.Context, request SplitDNSRequest) error
SetSplitDNS sets the split DNS settings for the tailnet using the provided SplitDNSRequest object. This is a PUT operation that fully replaces the underlying data structure.
Passing in an empty SplitDNSRequest will unset all split DNS mappings for the tailnet.
func (*DNSResource) SplitDNS ¶
func (dr *DNSResource) SplitDNS(ctx context.Context) (SplitDNSResponse, error)
SplitDNS retrieves the split DNS configuration for the tailnet.
func (*DNSResource) UpdateSplitDNS ¶
func (dr *DNSResource) UpdateSplitDNS(ctx context.Context, request SplitDNSRequest) (SplitDNSResponse, error)
UpdateSplitDNS updates the split DNS settings for the tailnet using the provided SplitDNSRequest object. This is a PATCH operation that performs partial updates of the underlying data structure.
Mapping a domain to a nil slice in the request will unset the nameservers associated with that domain. Values provided for domains will overwrite the current value associated with the domain. Domains not included in the request will remain unchanged.
type Device ¶
type Device struct {
Addresses []string `json:"addresses"`
Name string `json:"name"`
ID string `json:"id"` // The legacy identifier for a device. Use NodeId instead.
NodeID string `json:"nodeId"` // The preferred identifier for a device.
Authorized bool `json:"authorized"`
User string `json:"user"`
Tags []string `json:"tags"`
KeyExpiryDisabled bool `json:"keyExpiryDisabled"`
BlocksIncomingConnections bool `json:"blocksIncomingConnections"`
ClientVersion string `json:"clientVersion"`
Created Time `json:"created"`
Expires Time `json:"expires"`
Hostname string `json:"hostname"`
IsEphemeral bool `json:"isEphemeral"`
IsExternal bool `json:"isExternal"`
ConnectedToControl bool `json:"connectedToControl"`
LastSeen *Time `json:"lastSeen"` // Will be nil if ConnectedToControl is true.
MachineKey string `json:"machineKey"`
NodeKey string `json:"nodeKey"`
OS string `json:"os"`
TailnetLockError string `json:"tailnetLockError"`
TailnetLockKey string `json:"tailnetLockKey"`
UpdateAvailable bool `json:"updateAvailable"`
// The below are only included in listings when querying `all` fields.
SSHEnabled bool `json:"sshEnabled"`
AdvertisedRoutes []string `json:"AdvertisedRoutes"`
EnabledRoutes []string `json:"enabledRoutes"`
ClientConnectivity *ClientConnectivity `json:"clientConnectivity"`
Distro *Distro `json:"distro"`
}
type DeviceKey ¶
type DeviceKey struct {
KeyExpiryDisabled bool `json:"keyExpiryDisabled"` // Whether or not this device's key will ever expire.
}
DeviceKey type represents the properties of the key of an individual device within the tailnet.
type DevicePostureAttributes ¶
type DevicePostureResource ¶
type DevicePostureResource struct {
*Client
}
DevicePostureResource provides access to https://tailscale.com/api#tag/deviceposture.
func (*DevicePostureResource) CreateIntegration ¶
func (pr *DevicePostureResource) CreateIntegration(ctx context.Context, intg CreatePostureIntegrationRequest) (*PostureIntegration, error)
CreateIntegration creates a new posture integration, returning the resulting PostureIntegration.
func (*DevicePostureResource) DeleteIntegration ¶
func (pr *DevicePostureResource) DeleteIntegration(ctx context.Context, id string) error
DeleteIntegration deletes the posture integration identified by id.
func (*DevicePostureResource) GetIntegration ¶
func (pr *DevicePostureResource) GetIntegration(ctx context.Context, id string) (*PostureIntegration, error)
GetIntegration gets the posture integration identified by id.
func (*DevicePostureResource) ListIntegrations ¶
func (pr *DevicePostureResource) ListIntegrations(ctx context.Context) ([]PostureIntegration, error)
List lists every configured PostureIntegration.
func (*DevicePostureResource) UpdateIntegration ¶
func (pr *DevicePostureResource) UpdateIntegration(ctx context.Context, id string, intg UpdatePostureIntegrationRequest) (*PostureIntegration, error)
UpdateIntegration updates the existing posture integration identified by id, returning the resulting PostureIntegration.
type DeviceRoutes ¶
type DevicesResource ¶
type DevicesResource struct {
*Client
}
DevicesResource provides access to https://tailscale.com/api#tag/devices.
func (*DevicesResource) Delete ¶
func (dr *DevicesResource) Delete(ctx context.Context, deviceID string) error
Delete deletes the device identified by deviceID.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) DeletePostureAttribute ¶
func (dr *DevicesResource) DeletePostureAttribute(ctx context.Context, deviceID, attributeKey string) error
DeletePostureAttribute deletes the posture attribute of the device identified by deviceID.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) Get ¶
Get gets the Device identified by `deviceID`.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) GetPostureAttributes ¶
func (dr *DevicesResource) GetPostureAttributes(ctx context.Context, deviceID string) (*DevicePostureAttributes, error)
GetPostureAttributes retrieves the posture attributes of the device identified by deviceID.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) GetWithAllFields ¶
GetWithAllFields gets the Device identified by `deviceID`. All fields will be populated.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) List ¶
func (dr *DevicesResource) List(ctx context.Context, opts ...ListDevicesOptions) ([]Device, error)
List lists devices in the tailnet with the specified options. If no options are specified, it defaults to IncludeFieldsDefault, which omits EnabledRoutes, AdvertisedRoutes, and ClientConnectivity.
To include all fields, pass the WithFields option with IncludeFieldsAll.
func (*DevicesResource) ListWithAllFields
deprecated
func (*DevicesResource) SetAuthorized ¶
func (dr *DevicesResource) SetAuthorized(ctx context.Context, deviceID string, authorized bool) error
SetAuthorized marks the specified device as authorized or not.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) SetIPv4Address ¶
func (dr *DevicesResource) SetIPv4Address(ctx context.Context, deviceID string, ipv4Address string) error
SetDeviceIPv4Address sets the Tailscale IPv4 address of the device.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) SetKey ¶
SetKey updates the properties of a device's key.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) SetName ¶
func (dr *DevicesResource) SetName(ctx context.Context, deviceID, name string) error
SetName updates the name of the device identified by deviceID.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) SetPostureAttribute ¶
func (dr *DevicesResource) SetPostureAttribute(ctx context.Context, deviceID, attributeKey string, request DevicePostureAttributeRequest) error
SetPostureAttribute sets the posture attribute of the device identified by deviceID.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) SetSubnetRoutes ¶
func (dr *DevicesResource) SetSubnetRoutes(ctx context.Context, deviceID string, routes []string) error
SetSubnetRoutes sets which subnet routes are enabled to be routed by a device by replacing the existing list of subnet routes with the supplied routes. Routes can be enabled without a device advertising them (e.g. for preauth).
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) SetTags ¶
SetTags updates the tags of the device identified by deviceID.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
func (*DevicesResource) SubnetRoutes ¶
func (dr *DevicesResource) SubnetRoutes(ctx context.Context, deviceID string) (*DeviceRoutes, error)
SubnetRoutes Retrieves the list of subnet routes that a device is advertising, as well as those that are enabled for it. Enabled routes are not necessarily advertised (e.g. for pre-enabling), and likewise, advertised routes are not necessarily enabled.
Using the device `NodeID` is preferred, but its numeric `ID` value can also be used.
type Grant ¶
type Grant struct {
Source []string `json:"src,omitempty" hujson:"Src,omitempty"`
Destination []string `json:"dst,omitempty" hujson:"Dst,omitempty"`
IP []string `json:"ip,omitempty" hujson:"IP,omitempty"`
App map[string][]map[string]any `json:"app,omitempty" hujson:"App,omitempty"`
SrcPosture []string `json:"srcPosture,omitempty" hujson:"SrcPosture,omitempty"`
Via []string `json:"via,omitempty" hujson:"Via,omitempty"`
}
type IdentityFederation ¶
type IdentityFederation struct {
// ClientID is the ID of the Tailscale OAuth client.
ClientID string
// IDTokenFunc returns an identity token from the IdP to exchange for a Tailscale API token.
// The client calls this function to obtain a fresh ID token and reauthenticate when the API token
// and cached ID token have expired. For static tokens, return the token directly. If a static token
// expires, the client cannot automatically refresh the API token; the consumer is responsible to create a new client
// with a fresh ID token.
IDTokenFunc func() (string, error)
}
IdentityFederation configures identity federation authentication.
func (*IdentityFederation) HTTPClient ¶
HTTPClient implements the Auth interface.
type IncludeFields ¶
type IncludeFields string
IncludeFields controls the subset of fields returned in the response.
const ( // IncludeFieldsDefault omits EnabledRoutes, AdvertisedRoutes, and ClientConnectivity. IncludeFieldsDefault IncludeFields = "default" // IncludeFieldsAll returns all fields in the response. IncludeFieldsAll IncludeFields = "all" )
func (IncludeFields) String ¶
func (i IncludeFields) String() string
type Key ¶
type Key struct {
ID string `json:"id"`
KeyType string `json:"keyType"`
Key string `json:"key"`
Description string `json:"description"`
ExpirySeconds *time.Duration `json:"expirySeconds"`
Created time.Time `json:"created"`
Updated time.Time `json:"updated"`
Expires time.Time `json:"expires"`
Revoked time.Time `json:"revoked"`
Invalid bool `json:"invalid"`
Capabilities KeyCapabilities `json:"capabilities"`
Scopes []string `json:"scopes,omitempty"`
Tags []string `json:"tags,omitempty"`
UserID string `json:"userId"`
Audience string `json:"audience"`
Issuer string `json:"issuer"`
Subject string `json:"subject"`
CustomClaimRules map[string]string `json:"customClaimRules"`
}
Key describes an authentication key within the tailnet.
type KeyCapabilities ¶
type KeyCapabilities struct {
Devices struct {
Create struct {
Reusable bool `json:"reusable"`
Ephemeral bool `json:"ephemeral"`
Tags []string `json:"tags"`
Preauthorized bool `json:"preauthorized"`
} `json:"create"`
} `json:"devices"`
}
KeyCapabilities describes the capabilities of an authentication key.
type KeysResource ¶
type KeysResource struct {
*Client
}
KeysResource provides access to https://tailscale.com/api#tag/keys.
func (*KeysResource) Create ¶
func (kr *KeysResource) Create(ctx context.Context, ckr CreateKeyRequest) (*Key, error)
Create creates a new authentication key. Returns the generated Key if successful. Deprecated: Use CreateAuthKey instead.
func (*KeysResource) CreateAuthKey ¶
func (kr *KeysResource) CreateAuthKey(ctx context.Context, ckr CreateKeyRequest) (*Key, error)
CreateAuthKey creates a new authentication key. Returns the generated Key if successful.
func (*KeysResource) CreateFederatedIdentity ¶
func (kr *KeysResource) CreateFederatedIdentity(ctx context.Context, ckr CreateFederatedIdentityRequest) (*Key, error)
CreateFederatedIdentity creates a new federated identity. Returns the generated Key if successful.
func (*KeysResource) CreateOAuthClient ¶
func (kr *KeysResource) CreateOAuthClient(ctx context.Context, ckr CreateOAuthClientRequest) (*Key, error)
CreateOAuthClient creates a new OAuth client. Returns the generated Key if successful.
func (*KeysResource) Delete ¶
func (kr *KeysResource) Delete(ctx context.Context, id string) error
Delete removes an authentication key from the tailnet.
func (*KeysResource) Get ¶
Get returns all information on a Key whose identifier matches the one provided. This will not return the authentication key itself, just the metadata.
func (*KeysResource) List ¶
List returns every Key within the tailnet. The only fields set for each Key will be its identifier. The keys returned are relative to the user that owns the API key used to authenticate the client.
Specify all to list both user and tailnet level keys.
func (*KeysResource) SetFederatedIdentity ¶
func (kr *KeysResource) SetFederatedIdentity(ctx context.Context, id string, skr SetFederatedIdentityRequest) (*Key, error)
SetFederatedIdentity sets the configuration for an existing federated identity. Returns the generated Key if successful.
func (*KeysResource) SetOAuthClient ¶
func (kr *KeysResource) SetOAuthClient(ctx context.Context, id string, skr SetOAuthClientRequest) (*Key, error)
SetOAuthClient sets the configuration for an existing OAuth client. Returns the generated Key if successful.
type ListDevicesOptions ¶
type ListDevicesOptions func(*listDevicesOptions)
func WithFields ¶
func WithFields(fields IncludeFields) ListDevicesOptions
WithFields specifies which fields to include in the response. Use IncludeFieldsAll for all fields, or IncludeFieldsDefault for the standard set.
func WithFilter ¶
func WithFilter(key string, values []string) ListDevicesOptions
type LoggingResource ¶
type LoggingResource struct {
*Client
}
LoggingResource provides access to https://tailscale.com/api#tag/logging.
func (*LoggingResource) CreateOrGetAwsExternalId ¶
func (lr *LoggingResource) CreateOrGetAwsExternalId(ctx context.Context, reusable bool) (*AWSExternalID, error)
CreateOrGetAwsExternalId gets an AWS External ID that Tailscale can use to stream logs to a LogstreamS3Endpoint using S3RoleARNAuthentication, creating a new one for this tailnet when necessary.
func (*LoggingResource) DeleteLogstreamConfiguration ¶
func (lr *LoggingResource) DeleteLogstreamConfiguration(ctx context.Context, logType LogType) error
DeleteLogstreamConfiguration deletes the tailnet's LogstreamConfiguration for the given LogType.
func (*LoggingResource) GetNetworkFlowLogs ¶
func (lr *LoggingResource) GetNetworkFlowLogs(ctx context.Context, params NetworkFlowLogsRequest, handler NetworkFlowLogHandler) error
GetNetworkFlowLogs streams network flow logs for the tailnet, calling the provided handler function for each log entry as it's parsed from the JSON response. This approach is memory-efficient and handles large datasets without loading all logs into memory.
Both start and end parameters are required by the server. Times older than 30 days will be automatically adjusted by the server to the retention limit.
func (*LoggingResource) LogstreamConfiguration ¶
func (lr *LoggingResource) LogstreamConfiguration(ctx context.Context, logType LogType) (*LogstreamConfiguration, error)
LogstreamConfiguration retrieves the tailnet's LogstreamConfiguration for the given LogType.
func (*LoggingResource) SetLogstreamConfiguration ¶
func (lr *LoggingResource) SetLogstreamConfiguration(ctx context.Context, logType LogType, request SetLogstreamConfigurationRequest) error
SetLogstreamConfiguration sets the tailnet's LogstreamConfiguration for the given LogType.
func (*LoggingResource) ValidateAWSTrustPolicy ¶
func (lr *LoggingResource) ValidateAWSTrustPolicy(ctx context.Context, awsExternalID string, roleARN string) error
ValidateAWSTrustPolicy validates that Tailscale can assume your AWS IAM role with (and only with) the given AWS External ID.
type LogstreamConfiguration ¶
type LogstreamConfiguration struct {
LogType LogType `json:"logType,omitempty"`
DestinationType LogstreamEndpointType `json:"destinationType,omitempty"`
URL string `json:"url,omitempty"`
User string `json:"user,omitempty"`
UploadPeriodMinutes int `json:"uploadPeriodMinutes,omitempty"`
CompressionFormat CompressionFormat `json:"compressionFormat,omitempty"`
S3Bucket string `json:"s3Bucket,omitempty"`
S3Region string `json:"s3Region,omitempty"`
S3KeyPrefix string `json:"s3KeyPrefix,omitempty"`
S3AuthenticationType S3AuthenticationType `json:"s3AuthenticationType,omitempty"`
S3AccessKeyID string `json:"s3AccessKeyId,omitempty"`
S3RoleARN string `json:"s3RoleArn,omitempty"`
S3ExternalID string `json:"s3ExternalId,omitempty"`
GCSBucket string `json:"gcsBucket,omitempty"`
GCSKeyPrefix string `json:"gcsKeyPrefix,omitempty"`
GCSScopes []string `json:"gcsScopes,omitzero"`
GCSCredentials string `json:"gcsCredentials,omitempty"`
}
LogstreamConfiguration type defines a log stream entity in tailscale.
type LogstreamEndpointType ¶
type LogstreamEndpointType string
LogstreamEndpointType describes the type of the endpoint.
const ( LogstreamSplunkEndpoint LogstreamEndpointType = "splunk" LogstreamElasticEndpoint LogstreamEndpointType = "elastic" LogstreamPantherEndpoint LogstreamEndpointType = "panther" LogstreamCriblEndpoint LogstreamEndpointType = "cribl" LogstreamDatadogEndpoint LogstreamEndpointType = "datadog" LogstreamAxiomEndpoint LogstreamEndpointType = "axiom" LogstreamS3Endpoint LogstreamEndpointType = "s3" LogstreamGCSEndpoint LogstreamEndpointType = "gcs" )
type NetworkFlowLog ¶
type NetworkFlowLog struct {
Logged time.Time `json:"logged"` // the time at which this log was captured by the server
NodeID string `json:"nodeId"` // the node ID for which the flow statistics apply
Start time.Time `json:"start"` // the start of the sample period (node's local clock)
End time.Time `json:"end"` // the end of the sample period (node's local clock)
VirtualTraffic []TrafficStats `json:"virtualTraffic,omitempty"` // traffic between Tailscale nodes
SubnetTraffic []TrafficStats `json:"subnetTraffic,omitempty"` // traffic involving subnet routes
ExitTraffic []TrafficStats `json:"exitTraffic,omitempty"` // traffic via exit nodes
PhysicalTraffic []TrafficStats `json:"physicalTraffic,omitempty"` // WireGuard transport-level statistics
}
NetworkFlowLog represents a network flow log entry from the Tailscale API.
type NetworkFlowLogHandler ¶
type NetworkFlowLogHandler func(log NetworkFlowLog) error
NetworkFlowLogHandler is a callback function for processing individual network flow log entries. It receives each log entry as it's parsed from the JSON stream. Return an error to stop processing and bubble up the error.
type NetworkFlowLogsRequest ¶
type NetworkFlowLogsRequest struct {
// Start must be set to a non-zero time within the log retention period (last 30 days).
// The server may adjust times that are too old.
Start time.Time
// End must be set to a non-zero time after Start.
End time.Time
}
NetworkFlowLogsRequest represents query parameters for fetching network flow logs.
type NodeAttrGrant ¶
type NodeAttrGrant struct {
Target []string `json:"target,omitempty" hujson:"Target,omitempty"`
Attr []string `json:"attr,omitempty" hujson:"Attr,omitempty"`
App map[string][]*NodeAttrGrantApp `json:"app,omitempty" hujson:"App,omitempty"`
IPPool []string `json:"ipPool,omitempty" hujson:"IpPool,omitempty"`
}
type NodeAttrGrantApp ¶
type OAuth ¶
type OAuth struct {
// ClientID is the client ID of the OAuth client.
ClientID string
// ClientSecret is the client secret of the OAuth client.
ClientSecret string
// Scopes are the scopes to request when generating tokens for this OAuth client.
Scopes []string
}
OAuth configures OAuth authentication.
type OAuthConfig ¶
type OAuthConfig struct {
// ClientID is the client ID of the OAuth client.
ClientID string
// ClientSecret is the client secret of the OAuth client.
ClientSecret string
// Scopes are the scopes to request when generating tokens for this OAuth client.
Scopes []string
// BaseURL is an optional base URL for the API server to which we'll connect. Defaults to https://api.tailscale.com.
BaseURL string
}
OAuthConfig provides a mechanism for configuring OAuth authentication. Deprecated: use OAuth instead.
func (OAuthConfig) HTTPClient ¶
func (ocfg OAuthConfig) HTTPClient() *http.Client
HTTPClient constructs an HTTP client that authenticates using OAuth. Deprecated: use OAuth instead.
type PolicyFileResource ¶
type PolicyFileResource struct {
*Client
}
PolicyFileResource provides access to https://tailscale.com/api#tag/policyfile.
func (*PolicyFileResource) Get ¶
func (pr *PolicyFileResource) Get(ctx context.Context) (*ACL, error)
Get retrieves the ACL that is currently set for the tailnet.
func (*PolicyFileResource) Raw ¶
func (pr *PolicyFileResource) Raw(ctx context.Context) (*RawACL, error)
Raw retrieves the ACL that is currently set for the tailnet as a HuJSON string.
func (*PolicyFileResource) Set ¶
Set sets the ACL for the tailnet. acl can either be an ACL, or a HuJSON string. etag is an optional value that, if supplied, will be used in the "If-Match" HTTP request header.
type PostureIntegration ¶
type PostureIntegration struct {
ID string `json:"id,omitempty"`
Provider PostureIntegrationProvider `json:"provider,omitempty"`
CloudID string `json:"cloudId,omitempty"`
ClientID string `json:"clientId,omitempty"`
TenantID string `json:"tenantId,omitempty"`
}
PostureIntegration is a configured posture integration.
type PostureIntegrationProvider ¶
type PostureIntegrationProvider string
PostureIntegrationProvider identifies a supported posture integration data provider.
const ( PostureIntegrationProviderFalcon PostureIntegrationProvider = "falcon" PostureIntegrationProviderFleet PostureIntegrationProvider = "fleet" PostureIntegrationProviderHuntress PostureIntegrationProvider = "huntress" PostureIntegrationProviderIntune PostureIntegrationProvider = "intune" PostureIntegrationProviderJamfPro PostureIntegrationProvider = "jamfpro" PostureIntegrationProviderKandji PostureIntegrationProvider = "kandji" PostureIntegrationProviderKolide PostureIntegrationProvider = "kolide" PostureIntegrationProviderSentinelOne PostureIntegrationProvider = "sentinelone" )
type RawACL ¶
type RawACL struct {
// HuJSON is the raw HuJSON ACL string
HuJSON string
// ETag is the etag corresponding to this version of the ACL
ETag string
}
RawACL contains a raw HuJSON ACL and its associated ETag.
type RoleAllowedToJoinExternalTailnets ¶
type RoleAllowedToJoinExternalTailnets string
RoleAllowedToJoinExternalTailnets constrains which users are allowed to join external tailnets based on their role.
const ( RoleAllowedToJoinExternalTailnetsNone RoleAllowedToJoinExternalTailnets = "none" RoleAllowedToJoinExternalTailnetsAdmin RoleAllowedToJoinExternalTailnets = "admin" RoleAllowedToJoinExternalTailnetsMember RoleAllowedToJoinExternalTailnets = "member" )
type S3AuthenticationType ¶
type S3AuthenticationType string
S3AuthenticationType describes the type of authentication used to stream logs to a LogstreamS3Endpoint.
const ( S3AccessKeyAuthentication S3AuthenticationType = "accesskey" S3RoleARNAuthentication S3AuthenticationType = "rolearn" )
type SSHCheckPeriod ¶
SSHCheckPeriod wraps a time.Duration, allowing it to be JSON marshalled as a string like "20h" rather than a numeric value. It also supports the special value "always", which forces a check on every connection.
const CheckPeriodAlways SSHCheckPeriod = -1
CheckPeriodAlways is a magic value corresponding to the SSHCheckPeriod "always". It indicates that re-authorization is required on every login.
func (SSHCheckPeriod) MarshalText ¶
func (d SSHCheckPeriod) MarshalText() ([]byte, error)
func (SSHCheckPeriod) String ¶
func (d SSHCheckPeriod) String() string
func (*SSHCheckPeriod) UnmarshalText ¶
func (d *SSHCheckPeriod) UnmarshalText(b []byte) error
type Service ¶
type Service struct {
Name string `json:"name,omitempty"`
Addrs []string `json:"addrs,omitempty"`
Comment string `json:"comment,omitempty"`
Annotations map[string]string `json:"annotations,omitempty"`
Ports []string `json:"ports,omitempty"`
Tags []string `json:"tags,omitempty"`
}
Service is a Tailscale service with a stable virtual IP address.
type ServiceApproval ¶
type ServiceApproval struct {
Approved bool `json:"approved"`
AutoApproved bool `json:"autoApproved"`
}
ServiceApproval contains the approval status for a Service on a device.
type ServiceHost ¶
type ServiceHost struct {
StableNodeID string `json:"stableNodeID,omitempty"`
ApprovalLevel string `json:"approvalLevel,omitempty"`
Configured string `json:"configured,omitempty"`
}
ServiceHost contains host details for a device advertising a Service.
type ServicesResource ¶
type ServicesResource struct {
*Client
}
ServicesResource provides access to https://tailscale.com/api#tag/services.
func (*ServicesResource) CreateOrUpdate ¶
func (sr *ServicesResource) CreateOrUpdate(ctx context.Context, svc Service) error
CreateOrUpdate creates or updates a Service.
func (*ServicesResource) Delete ¶
func (sr *ServicesResource) Delete(ctx context.Context, name string) error
Delete deletes a specific Service.
func (*ServicesResource) GetDeviceApproval ¶
func (sr *ServicesResource) GetDeviceApproval(ctx context.Context, serviceName, deviceID string) (*ServiceApproval, error)
GetDeviceApproval retrieves the approval status for the specified Service on a device.
func (*ServicesResource) List ¶
func (sr *ServicesResource) List(ctx context.Context) ([]Service, error)
List lists every Service in the tailnet.
func (*ServicesResource) ListHosts ¶
func (sr *ServicesResource) ListHosts(ctx context.Context, serviceName string) ([]ServiceHost, error)
ListHosts lists all devices hosting the specified Service.
func (*ServicesResource) UpdateDeviceApproval ¶
func (sr *ServicesResource) UpdateDeviceApproval(ctx context.Context, serviceName, deviceID string, approved bool) (*ServiceApproval, error)
UpdateDeviceApproval updates the approval status for the specified Service on a device.
func (*ServicesResource) Upsert ¶
func (sr *ServicesResource) Upsert(ctx context.Context, serviceName string, svc Service) (*Service, error)
Upsert creates or updates a Service using the current resource name in the request path. This allows callers to rename an existing Service by providing the current path name separately from the desired service name in the request body.
type SetFederatedIdentityRequest ¶
type SetFederatedIdentityRequest struct {
Scopes []string `json:"scopes"`
Tags []string `json:"tags"`
Audience string `json:"audience"`
Issuer string `json:"issuer"`
Subject string `json:"subject"`
CustomClaimRules map[string]string `json:"customClaimRules"`
Description string `json:"description"`
}
SetFederatedIdentityRequest describes the definition of a federated identity to create.
type SetLogstreamConfigurationRequest ¶
type SetLogstreamConfigurationRequest struct {
DestinationType LogstreamEndpointType `json:"destinationType,omitempty"`
URL string `json:"url,omitempty"`
User string `json:"user,omitempty"`
Token string `json:"token,omitempty"`
UploadPeriodMinutes int `json:"uploadPeriodMinutes,omitempty"`
CompressionFormat CompressionFormat `json:"compressionFormat,omitempty"`
S3Bucket string `json:"s3Bucket,omitempty"`
S3Region string `json:"s3Region,omitempty"`
S3KeyPrefix string `json:"s3KeyPrefix,omitempty"`
S3AuthenticationType S3AuthenticationType `json:"s3AuthenticationType,omitempty"`
S3AccessKeyID string `json:"s3AccessKeyId,omitempty"`
S3SecretAccessKey string `json:"s3SecretAccessKey,omitempty"`
S3RoleARN string `json:"s3RoleArn,omitempty"`
S3ExternalID string `json:"s3ExternalId,omitempty"`
GCSBucket string `json:"gcsBucket,omitempty"`
GCSKeyPrefix string `json:"gcsKeyPrefix,omitempty"`
GCSScopes []string `json:"gcsScopes,omitzero"`
GCSCredentials string `json:"gcsCredentials,omitempty"`
}
SetLogstreamConfigurationRequest type defines a request for setting a LogstreamConfiguration.
type SetOAuthClientRequest ¶
type SetOAuthClientRequest struct {
Scopes []string `json:"scopes"`
Tags []string `json:"tags"`
Description string `json:"description"`
}
SetOAuthClientRequest describes the definition of an existing OAuth client to set (wholesale update) the configuration of.
type SplitDNSRequest ¶
SplitDNSRequest is a map from domain names to a list of nameservers.
type SplitDNSResponse ¶
type SplitDNSResponse SplitDNSRequest
SplitDNSResponse is a map from domain names to a list of nameservers.
type TailnetSettings ¶
type TailnetSettings struct {
ACLsExternallyManagedOn bool `json:"aclsExternallyManagedOn"`
ACLsExternalLink string `json:"aclsExternalLink"`
DevicesApprovalOn bool `json:"devicesApprovalOn"`
DevicesAutoUpdatesOn bool `json:"devicesAutoUpdatesOn"`
DevicesKeyDurationDays int `json:"devicesKeyDurationDays"` // days before device key expiry
UsersApprovalOn bool `json:"usersApprovalOn"`
UsersRoleAllowedToJoinExternalTailnets RoleAllowedToJoinExternalTailnets `json:"usersRoleAllowedToJoinExternalTailnets"`
NetworkFlowLoggingOn bool `json:"networkFlowLoggingOn"`
RegionalRoutingOn bool `json:"regionalRoutingOn"`
PostureIdentityCollectionOn bool `json:"postureIdentityCollectionOn"`
HTTPSEnabled bool `json:"httpsEnabled"`
}
TailnetSettings represents the current settings of a tailnet. See https://tailscale.com/api#model/tailnetsettings.
type TailnetSettingsResource ¶
type TailnetSettingsResource struct {
*Client
}
TailnetSettingsResource provides access to https://tailscale.com/api#tag/tailnetsettings.
func (*TailnetSettingsResource) Get ¶
func (tsr *TailnetSettingsResource) Get(ctx context.Context) (*TailnetSettings, error)
Get retrieves the current TailnetSettings. See https://tailscale.com/api#tag/tailnetsettings/GET/tailnet/{tailnet}/settings.
func (*TailnetSettingsResource) Update ¶
func (tsr *TailnetSettingsResource) Update(ctx context.Context, request UpdateTailnetSettingsRequest) error
Update updates the tailnet settings. See https://tailscale.com/api#tag/tailnetsettings/PATCH/tailnet/{tailnet}/settings.
type Time ¶
Time wraps a time and allows for unmarshalling timestamps that represent an empty time as an empty string (e.g "") this is used by the tailscale API when it returns devices that have no created date, such as its hello service.
func (Time) MarshalJSON ¶
MarshalJSON is an implementation of json.Marshal.
func (*Time) UnmarshalJSON ¶
UnmarshalJSON unmarshals the content of data as a time.Time, a blank string will keep the time at its zero value.
type TrafficStats ¶
type TrafficStats struct {
Proto int `json:"proto,omitempty"` // IP protocol number (e.g., 6 for TCP, 17 for UDP)
Src string `json:"src,omitempty"` // Source address and port
Dst string `json:"dst,omitempty"` // Destination address and port
TxPkts uint64 `json:"txPkts,omitempty"` // Transmitted packets
TxBytes uint64 `json:"txBytes,omitempty"` // Transmitted bytes
RxPkts uint64 `json:"rxPkts,omitempty"` // Received packets
RxBytes uint64 `json:"rxBytes,omitempty"` // Received bytes
}
TrafficStats represents traffic flow statistics. This type is used for all traffic types: virtual, subnet, exit, and physical.
type UpdateContactRequest ¶
type UpdateContactRequest struct {
Email *string `json:"email,omitempty"`
}
UpdateContactRequest type defines the structure of a request to update a Contact.
type UpdatePostureIntegrationRequest ¶
type UpdatePostureIntegrationRequest struct {
CloudID string `json:"cloudId,omitempty"`
ClientID string `json:"clientId,omitempty"`
TenantID string `json:"tenantId,omitempty"`
// ClientSecret may be omitted to preserve the existing value
ClientSecret *string `json:"clientSecret,omitempty"`
}
UpdatePostureIntegrationRequest is a request to update a posture integration.
type UpdateTailnetSettingsRequest ¶
type UpdateTailnetSettingsRequest struct {
ACLsExternallyManagedOn *bool `json:"aclsExternallyManagedOn"`
ACLsExternalLink *string `json:"aclsExternalLink"`
DevicesApprovalOn *bool `json:"devicesApprovalOn,omitempty"`
DevicesAutoUpdatesOn *bool `json:"devicesAutoUpdatesOn,omitempty"`
DevicesKeyDurationDays *int `json:"devicesKeyDurationDays,omitempty"` // days before device key expiry
UsersApprovalOn *bool `json:"usersApprovalOn,omitempty"`
UsersRoleAllowedToJoinExternalTailnets *RoleAllowedToJoinExternalTailnets `json:"usersRoleAllowedToJoinExternalTailnets,omitempty"`
NetworkFlowLoggingOn *bool `json:"networkFlowLoggingOn,omitempty"`
RegionalRoutingOn *bool `json:"regionalRoutingOn,omitempty"`
PostureIdentityCollectionOn *bool `json:"postureIdentityCollectionOn,omitempty"`
HTTPSEnabled *bool `json:"httpsEnabled,omitempty"`
}
UpdateTailnetSettingsRequest is a request to update the settings of a tailnet. Nil values indicate that the existing setting should be left unchanged.
type User ¶
type User struct {
ID string `json:"id"`
DisplayName string `json:"displayName"`
LoginName string `json:"loginName"`
ProfilePicURL string `json:"profilePicUrl"`
TailnetID string `json:"tailnetId"`
Created time.Time `json:"created"`
Type UserType `json:"type"`
Role UserRole `json:"role"`
Status UserStatus `json:"status"`
DeviceCount int `json:"deviceCount"`
LastSeen time.Time `json:"lastSeen"`
CurrentlyConnected bool `json:"currentlyConnected"`
}
User is a representation of a user within a tailnet.
type UserStatus ¶
type UserStatus string
UserStatus is the status of the user.
const ( UserStatusActive UserStatus = "active" UserStatusIdle UserStatus = "idle" UserStatusSuspended UserStatus = "suspended" UserStatusNeedsApproval UserStatus = "needs-approval" UserStatusOverBillingLimit UserStatus = "over-billing-limit" )
type UserType ¶
type UserType string
UserType is the type of relation this user has to the tailnet associated with the request.
const ( UserTypeMember UserType = "member" )
type UsersResource ¶
type UsersResource struct {
*Client
}
UsersResource provides access to https://tailscale.com/api#tag/users.
type VIPService ¶
type VIPService = Service
VIPService is an alias for Service. Deprecated: use Service instead.
type VIPServiceApproval ¶
type VIPServiceApproval = ServiceApproval
VIPServiceApproval is an alias for ServiceApproval. Deprecated: use ServiceApproval instead.
type VIPServicesResource ¶
type VIPServicesResource = ServicesResource
VIPServicesResource is an alias for ServicesResource. Deprecated: use ServicesResource instead.
type Webhook ¶
type Webhook struct {
EndpointID string `json:"endpointId"`
EndpointURL string `json:"endpointUrl"`
ProviderType WebhookProviderType `json:"providerType"`
CreatorLoginName string `json:"creatorLoginName"`
Created time.Time `json:"created"`
LastModified time.Time `json:"lastModified"`
Subscriptions []WebhookSubscriptionType `json:"subscriptions"`
// Secret is only populated on Webhook creation and after secret rotation.
Secret *string `json:"secret,omitempty"`
}
Webhook type defines a webhook endpoint within a tailnet.
type WebhookProviderType ¶
type WebhookProviderType string
WebhookProviderType defines the provider type for a Webhook destination.
const ( WebhookEmptyProviderType WebhookProviderType = "" WebhookSlackProviderType WebhookProviderType = "slack" WebhookMattermostProviderType WebhookProviderType = "mattermost" WebhookGoogleChatProviderType WebhookProviderType = "googlechat" WebhookDiscordProviderType WebhookProviderType = "discord" )
type WebhookSubscriptionType ¶
type WebhookSubscriptionType string
WebhookSubscriptionType defines events in tailscale to subscribe a Webhook to.
const ( // WebhookCategoryTailnetManagement implies the entire group of events below. // Note that subscribing to WebhookCategoryTailnetManagement will include any // future events added below. WebhookCategoryTailnetManagement WebhookSubscriptionType = "categoryTailnetManagement" WebhookNodeCreated WebhookSubscriptionType = "nodeCreated" WebhookNodeNeedsApproval WebhookSubscriptionType = "nodeNeedsApproval" WebhookNodeApproved WebhookSubscriptionType = "nodeApproved" WebhookNodeKeyExpiringInOneDay WebhookSubscriptionType = "nodeKeyExpiringInOneDay" WebhookNodeKeyExpired WebhookSubscriptionType = "nodeKeyExpired" WebhookNodeDeleted WebhookSubscriptionType = "nodeDeleted" WebhookPolicyUpdate WebhookSubscriptionType = "policyUpdate" WebhookUserCreated WebhookSubscriptionType = "userCreated" WebhookUserNeedsApproval WebhookSubscriptionType = "userNeedsApproval" WebhookUserSuspended WebhookSubscriptionType = "userSuspended" WebhookUserRestored WebhookSubscriptionType = "userRestored" WebhookUserDeleted WebhookSubscriptionType = "userDeleted" WebhookUserApproved WebhookSubscriptionType = "userApproved" WebhookUserRoleUpdated WebhookSubscriptionType = "userRoleUpdated" )
const ( // WebhookCategoryDeviceMisconfigurations implies the entire group of events below. // Note that subscribing to WebhookCategoryDeviceMisconfigurations will include any // future events added below. WebhookCategoryDeviceMisconfigurations WebhookSubscriptionType = "categoryDeviceMisconfigurations" WebhookSubnetIPForwardingNotEnabled WebhookSubscriptionType = "subnetIPForwardingNotEnabled" WebhookExitNodeIPForwardingNotEnabled WebhookSubscriptionType = "exitNodeIPForwardingNotEnabled" )
type WebhooksResource ¶
type WebhooksResource struct {
*Client
}
WebhooksResource provides access to https://tailscale.com/api#tag/webhooks.
func (*WebhooksResource) Create ¶
func (wr *WebhooksResource) Create(ctx context.Context, request CreateWebhookRequest) (*Webhook, error)
Create creates a new Webhook with the specifications provided in the CreateWebhookRequest. Returns the created Webhook if successful.
func (*WebhooksResource) Delete ¶
func (wr *WebhooksResource) Delete(ctx context.Context, endpointID string) error
Delete deletes a specific webhook.
func (*WebhooksResource) List ¶
func (wr *WebhooksResource) List(ctx context.Context) ([]Webhook, error)
List lists every Webhook in the tailnet.
func (*WebhooksResource) RotateSecret ¶
RotateSecret rotates the secret associated with a webhook. A new secret will be generated and set on the returned Webhook.
func (*WebhooksResource) Test ¶
func (wr *WebhooksResource) Test(ctx context.Context, endpointID string) error
Test queues a test event to be sent to a specific webhook. Sending the test event is an asynchronous operation which will typically happen a few seconds after using this method.
func (*WebhooksResource) Update ¶
func (wr *WebhooksResource) Update(ctx context.Context, endpointID string, subscriptions []WebhookSubscriptionType) (*Webhook, error)
Update updates an existing webhook's subscriptions. Returns the updated Webhook on success.
Source Files