types/persist: add AttestationKey (#17281)

Extend Persist with AttestationKey to record a hardware-backed attestation key for the node's identity. Add a flag to tailscaled to allow users to control the use of hardware-backed keys to bind node identity to individual machines. Updates tailscale/corp#31269 Change-Id: Idcf40d730a448d85f07f1bebf387f086d4c58be3 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
2025-10-10 10:28:36 -07:00
parent a2dc517d7d
commit e45557afc0
26 changed files with 370 additions and 42 deletions
@@ -1,7 +1,7 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause

-//go:generate go run tailscale.com/cmd/cloner  -clonefunc=true -type SliceContainer
+//go:generate go run tailscale.com/cmd/cloner  -clonefunc=true -type SliceContainer,InterfaceContainer

 // Package clonerex is an example package for the cloner tool.
 package clonerex
@@ -9,3 +9,26 @@ package clonerex
 type SliceContainer struct {
 	Slice []*int
 }
+
+// Cloneable is an interface with a Clone method.
+type Cloneable interface {
+	Clone() Cloneable
+}
+
+// CloneableImpl is a concrete type that implements Cloneable.
+type CloneableImpl struct {
+	Value int
+}
+
+func (c *CloneableImpl) Clone() Cloneable {
+	if c == nil {
+		return nil
+	}
+	return &CloneableImpl{Value: c.Value}
+}
+
+// InterfaceContainer has a pointer to an interface field, which tests
+// the special handling for interface types in the cloner.
+type InterfaceContainer struct {
+	Interface Cloneable
+}
@@ -35,9 +35,28 @@ var _SliceContainerCloneNeedsRegeneration = SliceContainer(struct {
 	Slice []*int
 }{})

+// Clone makes a deep copy of InterfaceContainer.
+// The result aliases no memory with the original.
+func (src *InterfaceContainer) Clone() *InterfaceContainer {
+	if src == nil {
+		return nil
+	}
+	dst := new(InterfaceContainer)
+	*dst = *src
+	if src.Interface != nil {
+		dst.Interface = src.Interface.Clone()
+	}
+	return dst
+}
+
+// A compilation failure here means this code must be regenerated, with the command at the top of this file.
+var _InterfaceContainerCloneNeedsRegeneration = InterfaceContainer(struct {
+	Interface Cloneable
+}{})
+
 // Clone duplicates src into dst and reports whether it succeeded.
 // To succeed, <src, dst> must be of types <*T, *T> or <*T, **T>,
-// where T is one of SliceContainer.
+// where T is one of SliceContainer,InterfaceContainer.
 func Clone(dst, src any) bool {
 	switch src := src.(type) {
 	case *SliceContainer:
@@ -49,6 +68,15 @@ func Clone(dst, src any) bool {
 			*dst = src.Clone()
 			return true
 		}
+	case *InterfaceContainer:
+		switch dst := dst.(type) {
+		case *InterfaceContainer:
+			*dst = *src.Clone()
+			return true
+		case **InterfaceContainer:
+			*dst = src.Clone()
+			return true
+		}
 	}
 	return false
 }