MCPcopy Index your code
hub / github.com/tailscale/tailscale / resolveAuthKey

Method resolveAuthKey

tsnet/tsnet.go:997–1040  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

995}
996
997func (s *Server) resolveAuthKey() (string, error) {
998 authKey := s.getAuthKey()
999 var err error
1000 // Try to use an OAuth secret to generate an auth key if that functionality
1001 // is available.
1002 resolveViaOAuth, oauthOk := tailscale.HookResolveAuthKey.GetOk()
1003 if oauthOk {
1004 clientSecret := authKey
1005 if authKey == "" {
1006 clientSecret = s.getClientSecret()
1007 }
1008 authKey, err = resolveViaOAuth(s.shutdownCtx, clientSecret, s.AdvertiseTags)
1009 if err != nil {
1010 return "", err
1011 }
1012 }
1013 // Try to resolve the auth key via workload identity federation if that functionality
1014 // is available and no auth key is yet determined.
1015 resolveViaWIF, wifOk := tailscale.HookResolveAuthKeyViaWIF.GetOk()
1016 if wifOk && authKey == "" {
1017 clientID := s.getClientID()
1018 idToken := s.getIDToken()
1019 audience := s.getAudience()
1020 if clientID != "" && idToken == "" && audience == "" {
1021 return "", fmt.Errorf("client ID for workload identity federation found, but ID token and audience are empty")
1022 }
1023 if idToken != "" && audience != "" {
1024 return "", fmt.Errorf("only one of ID token and audience should be for workload identity federation")
1025 }
1026 if clientID == "" {
1027 if idToken != "" {
1028 return "", fmt.Errorf("ID token for workload identity federation found, but client ID is empty")
1029 }
1030 if audience != "" {
1031 return "", fmt.Errorf("audience for workload identity federation found, but client ID is empty")
1032 }
1033 }
1034 authKey, err = resolveViaWIF(s.shutdownCtx, s.getControlURL(), clientID, idToken, audience, s.AdvertiseTags)
1035 if err != nil {
1036 return "", err
1037 }
1038 }
1039 return authKey, nil
1040}
1041
1042func (s *Server) startLogger(closePool *closeOnErrorPool, health *health.Tracker, tsLogf logger.Logf) error {
1043 if testenv.InTest() {

Callers 2

TestResolveAuthKeyFunction · 0.95
startMethod · 0.95

Calls 8

getAuthKeyMethod · 0.95
getClientSecretMethod · 0.95
getClientIDMethod · 0.95
getIDTokenMethod · 0.95
getAudienceMethod · 0.95
getControlURLMethod · 0.95
ErrorfMethod · 0.65
GetOkMethod · 0.45

Tested by 1

TestResolveAuthKeyFunction · 0.76