Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support tailnet lock #273

Open
michaelbeaumont opened this issue Aug 20, 2023 · 3 comments
Open

Support tailnet lock #273

michaelbeaumont opened this issue Aug 20, 2023 · 3 comments
Labels
enhancement New feature or request terraform

Comments

@michaelbeaumont
Copy link
Contributor

michaelbeaumont commented Aug 20, 2023
edited
Loading

Is your feature request related to a problem? Please describe.
It's apparently not possible to create a tailscale_tailnet_key that's been pre-signed by a signing node.

Describe the solution you'd like
A way to sign the keys created by tailscale_tailnet_key, assuming the local machine is a signing node.

Ideally the user shouldn't have to be root or the --operator user to run terraform with this resource, or should allow for privilege escalation, but obviously that requires changes to tailscale/tailscale.
@michaelbeaumont michaelbeaumont added the enhancement New feature or request label Aug 20, 2023
@michaelbeaumont michaelbeaumont mentioned this issue Oct 28, 2023
Open
@oxtoacart
Copy link
Contributor

cc: @awly

@awly
Copy link

awly commented Feb 3, 2025

cc @knyar @icio

@knyar
Copy link
Collaborator

knyar commented Feb 4, 2025
edited
Loading

My understanding is that the provider is built to expose Tailscale REST API to Terraform. Signing an auth key does not involve that API at all - it needs a Tailscale client with a Tailnet Lock signing key. We'd need to either call LocalAPI, or run tailscale lock sign tskey-auth-XXX as a subprocess. Not sure if this provider is even the right place for that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request terraform
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@awly @knyar @michaelbeaumont @oxtoacart