tailscale.comtailscale.com/client/tailscale Index | Files | Directories

package tailscale

import "tailscale.com/client/tailscale"

Package tailscale contains a Go client for the Tailscale control plane API.

This package is only intended for internal and transitional use.

Deprecated: the official control plane client is available at tailscale.com/client/tailscale/v2.

Index

Variables 

var (
	DeviceAllFields = &DeviceFieldsOpts{}

	// DeviceDefaultFields specifies that the following fields are returned:
	//   Addresses, NodeID, User, Name, Hostname, ClientVersion, UpdateAvailable,
	//   OS, Created, LastSeen, KeyExpiryDisabled, Expires, Authorized, IsExternal
	//   MachineKey, NodeKey, BlocksIncomingConnections.
	DeviceDefaultFields = &DeviceFieldsOpts{}
)
var ErrPeerNotFound = local.ErrPeerNotFound

ErrPeerNotFound is an alias for tailscale.com/client/local.ErrPeerNotFound.

Deprecated: import tailscale.com/client/local instead. 

var I_Acknowledge_This_API_Is_Unstable = false

I_Acknowledge_This_API_Is_Unstable must be set true to use this package for now. This package is being replaced by tailscale.com/client/tailscale/v2.

Functions

func CertPair 

func CertPair(ctx context.Context, domain string) (certPEM, keyPEM []byte, err error)

CertPair is an alias for tailscale.com/client/local.CertPair.

Deprecated: import tailscale.com/client/local instead and use local.Client.CertPair.

func ExpandSNIName 

func ExpandSNIName(ctx context.Context, name string) (fqdn string, ok bool)

ExpandSNIName is an alias for tailscale.com/client/local.ExpandSNIName.

Deprecated: import tailscale.com/client/local instead and use local.Client.ExpandSNIName.

func GetCertificate 

func GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate is an alias for tailscale.com/client/local.GetCertificate.

Deprecated: import tailscale.com/client/local instead and use local.Client.GetCertificate.

func HandleErrorResponse 

func HandleErrorResponse(b []byte, resp *http.Response) error

HandleErrorResponse decodes the error message from the server and returns an ErrResponse from it.

Deprecated: use tailscale.com/client/tailscale/v2 instead.

func IsAccessDeniedError 

func IsAccessDeniedError(err error) bool

IsAccessDeniedError is an alias for tailscale.com/client/local.IsAccessDeniedError.

Deprecated: import tailscale.com/client/local instead.

func IsPreconditionsFailedError 

func IsPreconditionsFailedError(err error) bool

IsPreconditionsFailedError is an alias for tailscale.com/client/local.IsPreconditionsFailedError.

Deprecated: import tailscale.com/client/local instead.

func SetVersionMismatchHandler 

func SetVersionMismatchHandler(f func(clientVer, serverVer string))

SetVersionMismatchHandler is an alias for tailscale.com/client/local.SetVersionMismatchHandler.

Deprecated: import tailscale.com/client/local instead.

func Status 

func Status(ctx context.Context) (*ipnstate.Status, error)

Status is an alias for tailscale.com/client/local.Status.

Deprecated: import tailscale.com/client/local instead.

func StatusWithoutPeers 

func StatusWithoutPeers(ctx context.Context) (*ipnstate.Status, error)

StatusWithoutPeers is an alias for tailscale.com/client/local.StatusWithoutPeers.

Deprecated: import tailscale.com/client/local instead.

func WhoIs 

func WhoIs(ctx context.Context, remoteAddr string) (*apitype.WhoIsResponse, error)

WhoIs is an alias for tailscale.com/client/local.WhoIs.

Deprecated: import tailscale.com/client/local instead and use local.Client.WhoIs.

Types

type ACL 

type ACL struct {
	ACL  ACLDetails
	ETag string // to check with version on server
}

ACL contains an ACLDetails and metadata.

type ACLDetails 

type ACLDetails struct {
	Tests     []ACLTest           `json:"tests,omitempty"`
	ACLs      []ACLRow            `json:"acls,omitempty"`
	Groups    map[string][]string `json:"groups,omitempty"`
	TagOwners map[string][]string `json:"tagowners,omitempty"`
	Hosts     map[string]string   `json:"hosts,omitempty"`
	NodeAttrs []NodeAttrGrant     `json:"nodeAttrs,omitempty"`
}

ACLDetails contains all the details for an ACL.

type ACLHuJSON 

type ACLHuJSON struct {
	ACL      string
	Warnings []string
	ETag     string // to check with version on server
}

ACLHuJSON contains the HuJSON string of the ACL and metadata.

type ACLPreview 

type ACLPreview struct {
	Matches []UserRuleMatch `json:"matches"`
	User    string          `json:"user,omitempty"`   // Filled if response of PreviewACLForUser or PreviewACLHuJSONForUser
	IPPort  string          `json:"ipport,omitempty"` // Filled if response of PreviewACLForIPPort or PreviewACLHuJSONForIPPort

	// Postures is a map of postures and associated rules that apply
	// to this preview.
	// For more details about the posture mapping, see:
	// https://tailscale.com/kb/1288/device-posture#postures
	Postures map[string][]string `json:"postures,omitempty"`
}

ACLPreview is the response type of PreviewACLForUser, PreviewACLForIPPort, PreviewACLHuJSONForUser, and PreviewACLHuJSONForIPPort

type ACLPreviewResponse 

type ACLPreviewResponse struct {
	Matches    []UserRuleMatch `json:"matches"`    // ACL rules that match the specified user or ipport.
	Type       string          `json:"type"`       // The request type: currently only "user" or "ipport".
	PreviewFor string          `json:"previewFor"` // A specific user or ipport.

	// Postures is a map of postures and associated rules that apply
	// to this preview.
	// For more details about the posture mapping, see:
	// https://tailscale.com/kb/1288/device-posture#postures
	Postures map[string][]string `json:"postures,omitempty"`
}

ACLPreviewResponse is the response type of previewACLPostRequest

type ACLRow 

type ACLRow struct {
	Action string   `json:"action,omitempty"` // valid values: "accept"
	Proto  string   `json:"proto,omitempty"`  // protocol
	Users  []string `json:"users,omitempty"`  // old name for src
	Ports  []string `json:"ports,omitempty"`  // old name for dst
	Src    []string `json:"src,omitempty"`
	Dst    []string `json:"dst,omitempty"`
}

ACLRow defines a rule that grants access by a set of users or groups to a set of servers and ports. Only one of Src/Dst or Users/Ports may be specified.

type ACLTest 

type ACLTest struct {
	Src    string   `json:"src,omitempty"`    // source
	User   string   `json:"user,omitempty"`   // old name for source
	Proto  string   `json:"proto,omitempty"`  // protocol
	Accept []string `json:"accept,omitempty"` // expected destination ip:port that user can access
	Deny   []string `json:"deny,omitempty"`   // expected destination ip:port that user cannot access

	Allow []string `json:"allow,omitempty"` // old name for accept
}

ACLTest defines a test for your ACLs to prevent accidental exposure or revoking of access to key servers and ports. Only one of Src or User may be specified, and only one of Allow/Accept may be specified.

type ACLTestError 

type ACLTestError struct {
	ErrResponse
	Data []ACLTestFailureSummary `json:"data"`
}

ACLTestError is ErrResponse but with an extra field to account for ACLTestFailureSummary.

func (ACLTestError) Error 

func (e ACLTestError) Error() string

type ACLTestFailureSummary 

type ACLTestFailureSummary struct {
	// User is the source ("src") value of the ACL test that failed.
	// The name "user" is a legacy holdover from the original naming and
	// is kept for compatibility but it may also contain any value
	// that's valid in a ACL test "src" field.
	User string `json:"user,omitempty"`

	Errors   []string `json:"errors,omitempty"`
	Warnings []string `json:"warnings,omitempty"`
}

ACLTestFailureSummary specifies a user for which ACL tests failed and the related user-friendly error messages.

ACLTestFailureSummary specifies the JSON format sent to the JavaScript client to be rendered in the HTML.

type APIKey 

type APIKey string

APIKey is an AuthMethod for NewClient that authenticates requests using an authkey.

type AuthMethod 

type AuthMethod interface {
	// contains filtered or unexported methods
}

AuthMethod is the interface for API authentication methods.

Most users will use AuthKey.

type BugReportOpts 

type BugReportOpts = local.BugReportOpts

BugReportOpts is an alias for tailscale.com/client/local.BugReportOpts.

Deprecated: import tailscale.com/client/local instead.

type Client 

type Client struct {

	// BaseURL optionally specifies an alternate API server to use.
	// If empty, "https://api.tailscale.com" is used.
	BaseURL string

	// HTTPClient optionally specifies an alternate HTTP client to use.
	// If nil, [http.DefaultClient] is used.
	HTTPClient *http.Client

	// UserAgent optionally specifies an alternate User-Agent header
	UserAgent string
	// contains filtered or unexported fields
}

Client makes API calls to the Tailscale control plane API server.

Use NewClient to instantiate one. Exported fields should be set before the client is used and not changed thereafter.

Deprecated: use tailscale.com/client/tailscale/v2 instead.

func NewClient 

func NewClient(tailnet string, auth AuthMethod) *Client

NewClient is a convenience method for instantiating a new Client.

tailnet is the globally unique identifier for a Tailscale network, such as "example.com" or "user@gmail.com". If httpClient is nil, then http.DefaultClient is used. "api.tailscale.com" is set as the BaseURL for the returned client and can be changed manually by the user.

Deprecated: use tailscale.com/client/tailscale/v2 instead.

func (*Client) ACL 

func (c *Client) ACL(ctx context.Context) (acl *ACL, err error)

ACL makes a call to the Tailscale server to get a JSON-parsed version of the ACL. The JSON-parsed version of the ACL contains no comments as proper JSON does not support comments.

func (*Client) ACLHuJSON 

func (c *Client) ACLHuJSON(ctx context.Context) (acl *ACLHuJSON, err error)

ACLHuJSON makes a call to the Tailscale server to get the ACL HuJSON and returns it as a string. HuJSON is JSON with a few modifications to make it more human-friendly. The primary changes are allowing comments and trailing comments. See the following links for more info: https://tailscale.com/s/acl-format https://github.com/tailscale/hujson

func (*Client) AuthorizeDevice 

func (c *Client) AuthorizeDevice(ctx context.Context, deviceID string) error

AuthorizeDevice marks a device as authorized.

func (*Client) BuildTailnetURL 

func (c *Client) BuildTailnetURL(pathElements ...any) string

BuildTailnetURL builds a url to http(s)://<apiserver>/api/v2/tailnet/<tailnet>/<slash-separated-pathElements> using the given pathElements. It url escapes each path element, so the caller doesn't need to worry about that. The last item of pathElements can be of type url.Values to add a query string to the URL.

For example, BuildTailnetURL(policy, validate) with the default server URL and a tailnet of "example.com" would result in https://api.tailscale.com/api/v2/tailnet/example.com/policy/validate.

func (*Client) BuildURL 

func (c *Client) BuildURL(pathElements ...any) string

BuildURL builds a url to http(s)://<apiserver>/api/v2/<slash-separated-pathElements> using the given pathElements. It url escapes each path element, so the caller doesn't need to worry about that. The last item of pathElements can be of type url.Values to add a query string to the URL.

For example, BuildURL(devices, 5) with the default server URL would result in https://api.tailscale.com/api/v2/devices/5.

func (*Client) CreateKey 

func (c *Client) CreateKey(ctx context.Context, caps KeyCapabilities) (keySecret string, keyMeta *Key, _ error)

CreateKey creates a new key for the current user. Currently, only auth keys can be created. It returns the secret key itself, which cannot be retrieved again later, and the key metadata.

To create a key with a specific expiry, use CreateKeyWithExpiry.

func (*Client) CreateKeyWithExpiry 

func (c *Client) CreateKeyWithExpiry(ctx context.Context, caps KeyCapabilities, expiry time.Duration) (keySecret string, keyMeta *Key, _ error)

CreateKeyWithExpiry is like CreateKey, but allows specifying a expiration time.

The time is truncated to a whole number of seconds. If zero, that means no expiration.

func (*Client) DNSConfig 

func (c *Client) DNSConfig(ctx context.Context) (cfg *apitype.DNSConfig, err error)

DNSConfig retrieves the DNSConfig settings for a domain.

func (*Client) DNSPreferences 

func (c *Client) DNSPreferences(ctx context.Context) (dnsResp *DNSPreferences, err error)

DNSPreferences retrieves the DNS preferences set for a tailnet.

It returns the status of MagicDNS.

func (*Client) DeleteDevice 

func (c *Client) DeleteDevice(ctx context.Context, deviceID string) (err error)

DeleteDevice deletes the specified device from the Client's tailnet. NOTE: Only devices that belong to the Client's tailnet can be deleted. Deleting external devices is not supported.

func (*Client) DeleteKey 

func (c *Client) DeleteKey(ctx context.Context, id string) error

DeleteKey deletes the key with the given ID.

func (*Client) Device 

func (c *Client) Device(ctx context.Context, deviceID string, fields *DeviceFieldsOpts) (device *Device, err error)

Device retrieved the details for a specific device.

See the Device structure for the list of fields hidden for an external device. The optional fields parameter specifies which fields of the devices to return; currently only DeviceDefaultFields (equivalent to nil) and DeviceAllFields are supported. Other values are currently undefined.

func (*Client) Devices 

func (c *Client) Devices(ctx context.Context, fields *DeviceFieldsOpts) (deviceList []*Device, err error)

Devices retrieves the list of devices for a tailnet.

See the Device structure for the list of fields hidden for external devices. The optional fields parameter specifies which fields of the devices to return; currently only DeviceDefaultFields (equivalent to nil) and DeviceAllFields are supported. Other values are currently undefined.

func (*Client) Do 

func (c *Client) Do(req *http.Request) (*http.Response, error)

Do sends a raw HTTP request, after adding any authentication headers.

func (*Client) Key 

func (c *Client) Key(ctx context.Context, id string) (*Key, error)

Key returns the metadata for the given key ID. Currently, capabilities are only returned for auth keys, API keys only return general metadata.

func (*Client) Keys 

func (c *Client) Keys(ctx context.Context) ([]string, error)

Keys returns the list of keys for the current user.

func (*Client) NameServers 

func (c *Client) NameServers(ctx context.Context) (nameservers []string, err error)

NameServers retrieves the list of nameservers set for a domain.

func (*Client) PreviewACLForIPPort 

func (c *Client) PreviewACLForIPPort(ctx context.Context, acl ACL, ipport netip.AddrPort) (res *ACLPreview, err error)

PreviewACLForIPPort determines what rules match a given ACL for a ipport. The ACL can be a locally modified or clean ACL obtained from server.

Returns ACLPreview on success with matches in a slice. If there are no matches, the call is still successful but Matches will be an empty slice. Returns error if the provided ACL is invalid.

func (*Client) PreviewACLForUser 

func (c *Client) PreviewACLForUser(ctx context.Context, acl ACL, user string) (res *ACLPreview, err error)

PreviewACLForUser determines what rules match a given ACL for a user. The ACL can be a locally modified or clean ACL obtained from server.

Returns ACLPreview on success with matches in a slice. If there are no matches, the call is still successful but Matches will be an empty slice. Returns error if the provided ACL is invalid.

func (*Client) PreviewACLHuJSONForIPPort 

func (c *Client) PreviewACLHuJSONForIPPort(ctx context.Context, acl ACLHuJSON, ipport string) (res *ACLPreview, err error)

PreviewACLHuJSONForIPPort determines what rules match a given ACL for a ipport. The ACL can be a locally modified or clean ACL obtained from server.

Returns ACLPreview on success with matches in a slice. If there are no matches, the call is still successful but Matches will be an empty slice. Returns error if the provided ACL is invalid.

func (*Client) PreviewACLHuJSONForUser 

func (c *Client) PreviewACLHuJSONForUser(ctx context.Context, acl ACLHuJSON, user string) (res *ACLPreview, err error)

PreviewACLHuJSONForUser determines what rules match a given ACL for a user. The ACL can be a locally modified or clean ACL obtained from server.

Returns ACLPreview on success with matches in a slice. If there are no matches, the call is still successful but Matches will be an empty slice. Returns error if the provided ACL is invalid.

func (*Client) Routes 

func (c *Client) Routes(ctx context.Context, deviceID string) (routes *Routes, err error)

Routes retrieves the list of subnet routes that have been enabled for a device. The routes that are returned are not necessarily advertised by the device, they have only been preapproved.

func (*Client) SearchPaths 

func (c *Client) SearchPaths(ctx context.Context) (searchpaths []string, err error)

SearchPaths retrieves the list of searchpaths set for a tailnet.

func (*Client) SetACL 

func (c *Client) SetACL(ctx context.Context, acl ACL, avoidCollisions bool) (res *ACL, err error)

SetACL sends a POST request to update the ACL according to the provided ACL object. If `avoidCollisions` is true, it will use the ETag obtained in the GET request in an If-Match header to check if the previously obtained ACL was the latest version and that no updates were missed.

Returns error with status code 412 if mistmached ETag and avoidCollisions is set to true. Returns error if ACL has tests that fail. Returns error if there are other errors with the ACL.

func (*Client) SetACLHuJSON 

func (c *Client) SetACLHuJSON(ctx context.Context, acl ACLHuJSON, avoidCollisions bool) (res *ACLHuJSON, err error)

SetACLHuJSON sends a POST request to update the ACL according to the provided ACL object. If `avoidCollisions` is true, it will use the ETag obtained in the GET request in an If-Match header to check if the previously obtained ACL was the latest version and that no updates were missed.

Returns error with status code 412 if mistmached ETag and avoidCollisions is set to true. Returns error if the HuJSON is invalid. Returns error if ACL has tests that fail. Returns error if there are other errors with the ACL.

func (*Client) SetAuthorized 

func (c *Client) SetAuthorized(ctx context.Context, deviceID string, authorized bool) error

SetAuthorized marks a device as authorized or not.

func (*Client) SetDNSConfig 

func (c *Client) SetDNSConfig(ctx context.Context, cfg apitype.DNSConfig) (resp *apitype.DNSConfig, err error)

func (*Client) SetDNSPreferences 

func (c *Client) SetDNSPreferences(ctx context.Context, magicDNS bool) (dnsResp *DNSPreferences, err error)

SetDNSPreferences sets the DNS preferences for a tailnet.

MagicDNS can only be enabled when there is at least one nameserver provided. When all nameservers are removed, MagicDNS is disabled and will stay disabled, unless explicitly enabled by a user again.

func (*Client) SetNameServers 

func (c *Client) SetNameServers(ctx context.Context, nameservers []string) (dnsResp *DNSNameServersPostResponse, err error)

SetNameServers sets the list of nameservers for a tailnet to the list provided by the user.

It returns the new list of nameservers and the MagicDNS status in case it was affected by the change. For example, removing all nameservers will turn off MagicDNS.

func (*Client) SetRoutes 

func (c *Client) SetRoutes(ctx context.Context, deviceID string, subnets []netip.Prefix) (routes *Routes, err error)

SetRoutes updates the list of subnets that are enabled for a device. Subnets must be parsable by net/netip.ParsePrefix. Subnets do not have to be currently advertised by a device, they may be pre-enabled. Returns the updated list of enabled and advertised subnet routes in a *Routes object.

func (*Client) SetSearchPaths 

func (c *Client) SetSearchPaths(ctx context.Context, searchpaths []string) (newSearchPaths []string, err error)

SetSearchPaths sets the list of searchpaths for a tailnet.

func (*Client) SetTags 

func (c *Client) SetTags(ctx context.Context, deviceID string, tags []string) error

SetTags updates the ACL tags on a device.

func (*Client) Tailnet 

func (c *Client) Tailnet() string

func (*Client) TailnetDeleteRequest 

func (c *Client) TailnetDeleteRequest(ctx context.Context, tailnetID string) (err error)

TailnetDeleteRequest handles sending a DELETE request for a tailnet to control.

func (*Client) ValidateACLJSON 

func (c *Client) ValidateACLJSON(ctx context.Context, source, dest string) (testErr *ACLTestError, err error)

ValidateACLJSON takes in the given source and destination (in this situation, it is assumed that you are checking whether the source can connect to destination) and creates an ACLTest from that. It then sends the ACLTest to the control api acl validate endpoint, where the test is run. It returns a nil ACLTestError pointer if no test errors occur.

type ClientConnectivity 

type ClientConnectivity struct {
	Endpoints             []string `json:"endpoints"`
	DERP                  string   `json:"derp"`
	MappingVariesByDestIP opt.Bool `json:"mappingVariesByDestIP"`
	// DERPLatency is mapped by region name (e.g. "New York City", "Seattle").
	DERPLatency    map[string]DerpRegion `json:"latency"`
	ClientSupports map[string]opt.Bool   `json:"clientSupports"`
}

type DNSNameServers 

type DNSNameServers struct {
	DNS []string `json:"dns"` // DNS name servers
}

DNSNameServers is returned when retrieving the list of nameservers. It is also the structure provided when setting nameservers.

type DNSNameServersPostResponse 

type DNSNameServersPostResponse struct {
	DNS      []string `json:"dns"`      // DNS name servers
	MagicDNS bool     `json:"magicDNS"` // whether MagicDNS is active for this tailnet (enabled + has fallback nameservers)
}

DNSNameServersPostResponse is returned when setting the list of DNS nameservers.

It includes the MagicDNS status since nameservers changes may affect MagicDNS.

type DNSPreferences 

type DNSPreferences struct {
	MagicDNS bool `json:"magicDNS"` // whether MagicDNS is active for this tailnet (enabled + has fallback nameservers)
}

DNSPreferences is the preferences set for a given tailnet.

It includes MagicDNS which can be turned on or off. To enable MagicDNS, there must be at least one nameserver. When all nameservers are removed, MagicDNS is disabled.

type DNSSearchPaths 

type DNSSearchPaths struct {
	SearchPaths []string `json:"searchPaths"` // DNS search paths
}

DNSSearchpaths is the list of search paths for a given domain.

type DebugPortmapOpts 

type DebugPortmapOpts = local.DebugPortmapOpts

DebugPortmapOpts is an alias for tailscale.com/client/local.DebugPortmapOpts.

Deprecated: import tailscale.com/client/local instead.

type DerpRegion 

type DerpRegion struct {
	Preferred           bool    `json:"preferred,omitempty"`
	LatencyMilliseconds float64 `json:"latencyMs"`
}

type Device 

type Device struct {
	// Addresses is a list of the devices's Tailscale IP addresses.
	// It's currently just 1 element, the 100.x.y.z Tailscale IP.
	Addresses []string `json:"addresses"`
	DeviceID  string   `json:"id"`
	NodeID    string   `json:"nodeId"`
	User      string   `json:"user"`
	Name      string   `json:"name"`
	Hostname  string   `json:"hostname"`

	ClientVersion     string   `json:"clientVersion"`   // Empty for external devices.
	UpdateAvailable   bool     `json:"updateAvailable"` // Empty for external devices.
	OS                string   `json:"os"`
	Tags              []string `json:"tags"`
	Created           string   `json:"created"` // Empty for external devices.
	LastSeen          string   `json:"lastSeen"`
	KeyExpiryDisabled bool     `json:"keyExpiryDisabled"`
	Expires           string   `json:"expires"`
	Authorized        bool     `json:"authorized"`
	IsExternal        bool     `json:"isExternal"`
	MachineKey        string   `json:"machineKey"` // Empty for external devices.
	NodeKey           string   `json:"nodeKey"`

	// BlocksIncomingConnections is configured via the device's
	// Tailscale client preferences. This field is only reported
	// to the API starting with Tailscale 1.3.x clients.
	BlocksIncomingConnections bool `json:"blocksIncomingConnections"`

	// EnabledRoutes are the previously-approved subnet routes
	// (e.g. "192.168.4.16/24", "10.5.2.4/32").
	EnabledRoutes []string `json:"enabledRoutes"` // Empty for external devices.
	// AdvertisedRoutes are the subnets (both enabled and not enabled)
	// being requested from the node.
	AdvertisedRoutes []string `json:"advertisedRoutes"` // Empty for external devices.

	ClientConnectivity *ClientConnectivity `json:"clientConnectivity"`

	// PostureIdentity contains extra identifiers collected from the device when
	// the tailnet has the device posture identification features enabled. If
	// Tailscale have attempted to collect this from the device but it has not
	// opted in, PostureIdentity will have Disabled=true.
	PostureIdentity *DevicePostureIdentity `json:"postureIdentity"`

	// TailnetLockKey is the tailnet lock public key of the node as a hex string.
	TailnetLockKey string `json:"tailnetLockKey,omitempty"`

	// TailnetLockErr indicates an issue with the tailnet lock node-key signature
	// on this device. This field is only populated when tailnet lock is enabled.
	TailnetLockErr string `json:"tailnetLockError,omitempty"`
}

type DeviceFieldsOpts 

type DeviceFieldsOpts Device

DeviceFieldsOpts determines which fields should be returned in the response.

Please only use DeviceAllFields and DeviceDefaultFields. Other DeviceFieldsOpts are not supported.

TODO: Support other DeviceFieldsOpts. In the future, users should be able to create their own DeviceFieldsOpts as valid arguments by setting the fields they want returned to a "non-nil" value. For example, DeviceFieldsOpts{NodeID: "true"} should only return NodeIDs.

type DevicePostureIdentity 

type DevicePostureIdentity struct {
	Disabled      bool     `json:"disabled,omitempty"`
	SerialNumbers []string `json:"serialNumbers,omitempty"`
}

type ErrResponse 

type ErrResponse struct {
	Status  int
	Message string
}

ErrResponse is the HTTP error returned by the Tailscale server.

func (ErrResponse) Error 

func (e ErrResponse) Error() string

type GetDevicesResponse 

type GetDevicesResponse struct {
	Devices []*Device `json:"devices"`
}

type IPNBusWatcher 

type IPNBusWatcher = local.IPNBusWatcher

IPNBusWatcher is an alias for tailscale.com/client/local.IPNBusWatcher.

Deprecated: import tailscale.com/client/local instead.

type Key 

type Key struct {
	ID           string          `json:"id"`
	Created      time.Time       `json:"created"`
	Expires      time.Time       `json:"expires"`
	Capabilities KeyCapabilities `json:"capabilities"`
}

Key represents a Tailscale API or auth key.

type KeyCapabilities 

type KeyCapabilities struct {
	Devices KeyDeviceCapabilities `json:"devices,omitempty"`
}

KeyCapabilities are the capabilities of a Key.

type KeyDeviceCapabilities 

type KeyDeviceCapabilities struct {
	Create KeyDeviceCreateCapabilities `json:"create"`
}

KeyDeviceCapabilities are the device-related capabilities of a Key.

type KeyDeviceCreateCapabilities 

type KeyDeviceCreateCapabilities struct {
	Reusable      bool     `json:"reusable"`
	Ephemeral     bool     `json:"ephemeral"`
	Preauthorized bool     `json:"preauthorized"`
	Tags          []string `json:"tags,omitempty"`
}

KeyDeviceCreateCapabilities are the device creation capabilities of a Key.

type LocalClient 

type LocalClient = local.Client

LocalClient is an alias for tailscale.com/client/local.Client.

Deprecated: import tailscale.com/client/local instead.

type NodeAttrGrant 

type NodeAttrGrant struct {
	// Target specifies which nodes the attributes apply to. The nodes can be a
	// tag (tag:server), user (alice@example.com), group (group:kids), or *.
	Target []string `json:"target,omitempty"`

	// Attr are the attributes to set on Target(s).
	Attr []string `json:"attr,omitempty"`
}

NodeAttrGrant defines additional string attributes that apply to specific devices.

type PingOpts 

type PingOpts = local.PingOpts

PingOpts is an alias for tailscale.com/client/local.PingOpts.

Deprecated: import tailscale.com/client/local instead.

type Routes 

type Routes struct {
	AdvertisedRoutes []netip.Prefix `json:"advertisedRoutes"`
	EnabledRoutes    []netip.Prefix `json:"enabledRoutes"`
}

Routes contains the lists of subnet routes that are currently advertised by a device, as well as the subnets that are enabled to be routed by the device.

type UserRuleMatch 

type UserRuleMatch struct {
	Users      []string `json:"users"`
	Ports      []string `json:"ports"`
	LineNumber int      `json:"lineNumber"`
	// Via is the list of targets through which Users can access Ports.
	// See https://tailscale.com/kb/1378/via for more information.
	Via []string `json:"via,omitempty"`

	// Postures is a list of posture policies that are
	// associated with this match. The rules can be looked
	// up in the ACLPreviewResponse parent struct.
	// The source of the list is from srcPosture on
	// an ACL or Grant rule:
	// https://tailscale.com/kb/1288/device-posture#posture-conditions
	Postures []string `json:"postures"`
}

UserRuleMatch specifies the source users/groups/hosts that a rule targets and the destination ports that they can access. LineNumber is only useful for requests provided in HuJSON form. While JSON requests will have LineNumber, the value is not useful.

Source Files

acl.go devices.go dns.go keys.go localclient_aliases.go routes.go tailnet.go tailscale.go

Directories

PathSynopsis
client/tailscale/apitypePackage apitype contains types for the Tailscale LocalAPI and control plane API.
client/tailscale/example
client/tailscale/example/servetlsThe servetls program shows how to run an HTTPS server using a Tailscale cert via LetsEncrypt.
Version
v1.84.0 (latest)
Published
May 21, 2025
Platform
linux/amd64
Imports
18 packages
Last checked
1 day ago

Tools for package owners.