Documentation
¶
Overview ¶
Package tailscale mints short-lived, tagged auth keys from an OAuth client and watches for the new node to join the tailnet. No long-lived secret touches the box.
Index ¶
- func MintAccess(ctx context.Context, oauthID, oauthSecret string) (string, error)
- func MintKey(ctx context.Context, oauthID, oauthSecret, tag string) (key, accessToken string, err error)
- func RevokeByHostname(ctx context.Context, accessToken, hostname string) error
- func Validate(ctx context.Context, oauthID, oauthSecret string) error
- func WaitForNode(ctx context.Context, accessToken, hostname string, attempts int, ...) (string, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MintAccess ¶
MintAccess exchanges an OAuth client for a short-lived API access token, used to revoke a node during teardown.
func MintKey ¶
func MintKey(ctx context.Context, oauthID, oauthSecret, tag string) (key, accessToken string, err error)
MintKey exchanges an OAuth client for an access token, then creates a single-use, pre-authorized, tagged, non-ephemeral auth key (30 min TTL). It returns the key (for cloud-init) and the access token (reused to poll/revoke the node).
func RevokeByHostname ¶
RevokeByHostname deletes every tailnet node with the given hostname. Tagged nodes never expire, so an old box must be revoked explicitly on rebuild/teardown.
Types ¶
This section is empty.