eyjhb/headscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

use dedicated registration ID for auth flow (#2337)

Browse source
This commit is contained in:
Kristoffer Dalby 2025-01-26 22:20:11 +01:00 committed by GitHub
parent 97e5d95399
commit 4c8e847f47
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
26 changed files with 586 additions and 586 deletions
Download patch file Download diff file Expand all files Collapse all files

56
integration/tsic/tsic.go
View file

@ -466,7 +466,7 @@ func (t *TailscaleInContainer) Login(
// This login mechanism uses web + command line flow for authentication.
func (t *TailscaleInContainer) LoginWithURL(
loginServer string,
) (*url.URL, error) {
) (loginURL *url.URL, err error) {
command := []string{
"tailscale",
"up",
@ -475,20 +475,27 @@ func (t *TailscaleInContainer) LoginWithURL(
"--accept-routes=false",
}
_, stderr, err := t.Execute(command)
stdout, stderr, err := t.Execute(command)
if errors.Is(err, errTailscaleNotLoggedIn) {
return nil, errTailscaleCannotUpWithoutAuthkey
}
urlStr := strings.ReplaceAll(stderr, "\nTo authenticate, visit:\n\n\t", "")
defer func() {
if err != nil {
log.Printf("join command: %q", strings.Join(command, " "))
}
}()
urlStr := strings.ReplaceAll(stdout+stderr, "\nTo authenticate, visit:\n\n\t", "")
urlStr = strings.TrimSpace(urlStr)
// parse URL
loginURL, err := url.Parse(urlStr)
if err != nil {
log.Printf("Could not parse login URL: %s", err)
log.Printf("Original join command result: %s", stderr)
if urlStr == "" {
return nil, fmt.Errorf("failed to get login URL: stdout: %s, stderr: %s", stdout, stderr)
}
// parse URL
loginURL, err = url.Parse(urlStr)
if err != nil {
return nil, err
}
@ -497,12 +504,17 @@ func (t *TailscaleInContainer) LoginWithURL(
// Logout runs the logout routine on the given Tailscale instance.
func (t *TailscaleInContainer) Logout() error {
_, _, err := t.Execute([]string{"tailscale", "logout"})
stdout, stderr, err := t.Execute([]string{"tailscale", "logout"})
if err != nil {
return err
}
return nil
stdout, stderr, _ = t.Execute([]string{"tailscale", "status"})
if !strings.Contains(stdout+stderr, "Logged out.") {
return fmt.Errorf("failed to logout, stdout: %s, stderr: %s", stdout, stderr)
}
return t.waitForBackendState("NeedsLogin")
}
// Helper that runs `tailscale up` with no arguments.
@ -826,28 +838,16 @@ func (t *TailscaleInContainer) FailingPeersAsString() (string, bool, error) {
// WaitForNeedsLogin blocks until the Tailscale (tailscaled) instance has
// started and needs to be logged into.
func (t *TailscaleInContainer) WaitForNeedsLogin() error {
return t.pool.Retry(func() error {
status, err := t.Status()
if err != nil {
return errTailscaleStatus(t.hostname, err)
}
// ipnstate.Status.CurrentTailnet was added in Tailscale 1.22.0
// https://github.com/tailscale/tailscale/pull/3865
//
// Before that, we can check the BackendState to see if the
// tailscaled daemon is connected to the control system.
if status.BackendState == "NeedsLogin" {
return nil
}
return errTailscaledNotReadyForLogin
})
return t.waitForBackendState("NeedsLogin")
}
// WaitForRunning blocks until the Tailscale (tailscaled) instance is logged in
// and ready to be used.
func (t *TailscaleInContainer) WaitForRunning() error {
return t.waitForBackendState("Running")
}
func (t *TailscaleInContainer) waitForBackendState(state string) error {
return t.pool.Retry(func() error {
status, err := t.Status()
if err != nil {
@ -859,7 +859,7 @@ func (t *TailscaleInContainer) WaitForRunning() error {
//
// Before that, we can check the BackendState to see if the
// tailscaled daemon is connected to the control system.
if status.BackendState == "Running" {
if status.BackendState == state {
return nil
}