types/persist: add AttestationKey (#17281)

Extend Persist with AttestationKey to record a hardware-backed attestation key for the node's identity. Add a flag to tailscaled to allow users to control the use of hardware-backed keys to bind node identity to individual machines. Updates tailscale/corp#31269 Change-Id: Idcf40d730a448d85f07f1bebf387f086d4c58be3 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
2025-10-10 10:28:36 -07:00
parent a2dc517d7d
commit e45557afc0
26 changed files with 370 additions and 42 deletions
@@ -121,7 +121,12 @@ func gen(buf *bytes.Buffer, it *codegen.ImportTracker, typ *types.Named) {
 				continue
 			}
 			if !hasBasicUnderlying(ft) {
-				writef("dst.%s = *src.%s.Clone()", fname, fname)
+				// don't dereference if the underlying type is an interface
+				if _, isInterface := ft.Underlying().(*types.Interface); isInterface {
+					writef("if src.%s != nil { dst.%s = src.%s.Clone() }", fname, fname, fname)
+				} else {
+					writef("dst.%s = *src.%s.Clone()", fname, fname)
+				}
 				continue
 			}
 		}
@@ -59,3 +59,52 @@ func TestSliceContainer(t *testing.T) {
 		})
 	}
 }
+
+func TestInterfaceContainer(t *testing.T) {
+	examples := []struct {
+		name string
+		in   *clonerex.InterfaceContainer
+	}{
+		{
+			name: "nil",
+			in:   nil,
+		},
+		{
+			name: "zero",
+			in:   &clonerex.InterfaceContainer{},
+		},
+		{
+			name: "with_interface",
+			in: &clonerex.InterfaceContainer{
+				Interface: &clonerex.CloneableImpl{Value: 42},
+			},
+		},
+		{
+			name: "with_nil_interface",
+			in: &clonerex.InterfaceContainer{
+				Interface: nil,
+			},
+		},
+	}
+
+	for _, ex := range examples {
+		t.Run(ex.name, func(t *testing.T) {
+			out := ex.in.Clone()
+			if !reflect.DeepEqual(ex.in, out) {
+				t.Errorf("Clone() = %v, want %v", out, ex.in)
+			}
+
+			// Verify no aliasing: modifying the clone should not affect the original
+			if ex.in != nil && ex.in.Interface != nil {
+				if impl, ok := out.Interface.(*clonerex.CloneableImpl); ok {
+					impl.Value = 999
+					if origImpl, ok := ex.in.Interface.(*clonerex.CloneableImpl); ok {
+						if origImpl.Value == 999 {
+							t.Errorf("Clone() aliased memory with original")
+						}
+					}
+				}
+			}
+		})
+	}
+}
@@ -1,7 +1,7 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause

-//go:generate go run tailscale.com/cmd/cloner  -clonefunc=true -type SliceContainer
+//go:generate go run tailscale.com/cmd/cloner  -clonefunc=true -type SliceContainer,InterfaceContainer

 // Package clonerex is an example package for the cloner tool.
 package clonerex
@@ -9,3 +9,26 @@ package clonerex
 type SliceContainer struct {
 	Slice []*int
 }
+
+// Cloneable is an interface with a Clone method.
+type Cloneable interface {
+	Clone() Cloneable
+}
+
+// CloneableImpl is a concrete type that implements Cloneable.
+type CloneableImpl struct {
+	Value int
+}
+
+func (c *CloneableImpl) Clone() Cloneable {
+	if c == nil {
+		return nil
+	}
+	return &CloneableImpl{Value: c.Value}
+}
+
+// InterfaceContainer has a pointer to an interface field, which tests
+// the special handling for interface types in the cloner.
+type InterfaceContainer struct {
+	Interface Cloneable
+}
@@ -35,9 +35,28 @@ var _SliceContainerCloneNeedsRegeneration = SliceContainer(struct {
 	Slice []*int
 }{})

+// Clone makes a deep copy of InterfaceContainer.
+// The result aliases no memory with the original.
+func (src *InterfaceContainer) Clone() *InterfaceContainer {
+	if src == nil {
+		return nil
+	}
+	dst := new(InterfaceContainer)
+	*dst = *src
+	if src.Interface != nil {
+		dst.Interface = src.Interface.Clone()
+	}
+	return dst
+}
+
+// A compilation failure here means this code must be regenerated, with the command at the top of this file.
+var _InterfaceContainerCloneNeedsRegeneration = InterfaceContainer(struct {
+	Interface Cloneable
+}{})
+
 // Clone duplicates src into dst and reports whether it succeeded.
 // To succeed, <src, dst> must be of types <*T, *T> or <*T, **T>,
-// where T is one of SliceContainer.
+// where T is one of SliceContainer,InterfaceContainer.
 func Clone(dst, src any) bool {
 	switch src := src.(type) {
 	case *SliceContainer:
@@ -49,6 +68,15 @@ func Clone(dst, src any) bool {
 			*dst = src.Clone()
 			return true
 		}
+	case *InterfaceContainer:
+		switch dst := dst.(type) {
+		case *InterfaceContainer:
+			*dst = *src.Clone()
+			return true
+		case **InterfaceContainer:
+			*dst = src.Clone()
+			return true
+		}
 	}
 	return false
 }