✨ tailscale provider #5214
Merged
✨ tailscale provider #5214
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment has been minimized.
This comment has been minimized.
afiune
force-pushed
the
afiune/tailscale
branch
from
461a0ab to
891b7b2
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Use the tailscale provider to query devices, DNS namespaces, and more information about a Tailscale network
known as `tailnet`.
To authenticate using an API access token:
```
cnquery shell tailscale --token <access-token>
```
To authenticate using an OAuth client:
```
cnquery shell tailscale --client-id <id> --client-secret <secret>
```
You can also use the default environment variables `TAILSCALE_OAUTH_CLIENT_ID`, `TAILSCALE_OAUTH_CLIENT_SECRET`,
and `TAILSCALE_TAILNET` to provide your credentials.
If you are using an API access token instead of an OAuth client, use the `TAILSCALE_API_KEY` variable instead.
Examples
**List all devices in a tailnet**
```shell
cnquery> tailscale.devices()
```
**Show a single device information**
```shell
cnquery> tailscale.device(id: "55161288425123456") {*}
tailscale.device: {
id: "55161288425123456"
isExternal: false
os: "linux"
created: 2021-06-25 12:34:34 -0700 PDT
updateAvailable: true
nodeKey: "nodekey:abc123"
lastSeen: 2024-03-25 08:01:04 -0700 PDT
user: "afiune@mondoo.com"
hostname: "raspberrypi"
clientVersion: "1.10.0-t766ae6c10-g3e6822772"
authorized: true
blocksIncomingConnections: false
addresses: [
0: "100.71.181.41"
1: "abc1:abc1:a1e0:ab12:abc1:cd96:abc1:bf33"
]
keyExpiryDisabled: true
expires: 2022-08-02 18:55:39 -0700 PDT
name: "raspberrypi.tail1a4a6.ts.net"
machineKey: "mkey:abc123"
tailnetLockKey: ""
tailnetLockError: ""
}
```
Advanced Usage
Discover all devices (any computer or mobile device) that joins the tailnet `example.com`.
```shell
cnquery shell tailscale example.com --discover devices
```
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
afiune
force-pushed
the
afiune/tailscale
branch
from
891b7b2 to
412dbb1
Compare
This comment has been minimized.
This comment has been minimized.
chris-rock
approved these changes
Feb 14, 2025
There was a problem hiding this comment.
@afiune Great first version for the tailscale provider! I added a few comments that we should address before we can merge it. Its close!
| option provider = "go.mondoo.com/cnquery/v11/providers/tailscale" | ||
| option go_package = "go.mondoo.com/cnquery/v11/providers/tailscale/resources" | ||
|
|
||
| // The Tailscale provider |
There was a problem hiding this comment.
I think this represents the tailscale organization
| conf := conn.Asset().Connections[0] | ||
| assetList := []*inventory.Asset{} | ||
|
|
||
| cf, err := getMqlTailscale(runtime) |
There was a problem hiding this comment.
I think we want also discover the root asset (org/tailnet).
There was a problem hiding this comment.
I don't think we can fetch this information.
tas50
reviewed
Feb 14, 2025
tas50
reviewed
Feb 14, 2025
tas50
reviewed
Feb 14, 2025
tas50
reviewed
Feb 14, 2025
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
afiune
force-pushed
the
afiune/tailscale
branch
from
1893fc9 to
6ee3021
Compare
This comment has been minimized.
This comment has been minimized.
misterpantz
reviewed
Feb 18, 2025
| // The time the user joined their tailnet | ||
| createdAt time | ||
| // This time can be either: | ||
| // a) The last time any of the user's nodes were connected to the network |
There was a problem hiding this comment.
Suggested change
| // a) The last time any of the user's nodes were connected to the network | |
| // a) The last time any of the user's nodes were connected to the network | |
| // or |
chris-rock
reviewed
Feb 18, 2025
| } | ||
| } | ||
|
|
||
| func (s *Service) ParseCLI(req *plugin.ParseCLIReq) (*plugin.ParseCLIRes, error) { |
There was a problem hiding this comment.
Using an empty token does not throw an error in the initial phase:
echo $TAILSCALE_API_KEY
cnquery shell tailscale --token $TAILSCALE_API_KEY --discover devices
→ tailscale> authentication configured method=token
→ connected to Tailscale
___ _ __ __ _ _ _ ___ _ __ _ _
/ __| '_ \ / _` | | | |/ _ \ '__| | | |
| (__| | | | (_| | |_| | __/ | | |_| |
\___|_| |_|\__, |\__,_|\___|_| \__, |
mondoo™ |_| |___/ interactive shell
cnquery> tailscale
tailscale: tailscale id = devices
cnquery> tailscale.devices
API token invalid (401)
tailscale.devices: no data available
There was a problem hiding this comment.
I will add a verify step to fail fast, just like we do with the GitHub provider, good call! 💯
Co-authored-by: Letha <letha@mondoo.com>
This comment has been minimized.
This comment has been minimized.
Signed-off-by: Salim Afiune Maya <afiune@mondoo.com>
Let's go!!!! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
✨ Tailscale Provider
Use the tailscale provider to query devices, users, DNS namespaces, and more information about a Tailscale network,
known as a
tailnet.To authenticate using an API access token:
To authenticate using an OAuth client:
You can also use the default environment variables
TAILSCALE_OAUTH_CLIENT_ID,TAILSCALE_OAUTH_CLIENT_SECRET,and
TAILSCALE_TAILNETto provide your credentials.If you are using an API access token instead of an OAuth client, use the
TAILSCALE_API_KEYvariable instead.Examples
List all devices in a tailnet
Get information on a single device
List all users in a tailnet
Get information on a single user
Advanced usage
Discover all devices (any computer or mobile device) that join the tailnet
example.com