webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

cmd/containerboot: allow for automatic ID token generation

Browse Source 
Allow for optionally specifying an audience for containerboot. This is
passed to tailscale up to allow for containerboot to use automatic ID
token generation for authentication.

Updates https://github.com/tailscale/corp/issues/34430

Signed-off-by: Mario Minardi <mario@tailscale.com>
This commit is contained in:
Mario Minardi
2026-01-13 17:30:57 -07:00
committed by Mario Minardi
parent 02af7c963c
commit e9d82767e5
4 changed files with 79 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/containerboot/tailscaled.go
+3
View File
@@ -129,6 +129,9 @@ func tailscaleUp(ctx context.Context, cfg *settings) error {
if cfg.IDToken != "" {
args = append(args, "--id-token="+cfg.IDToken)
}
if cfg.Audience != "" {
args = append(args, "--audience="+cfg.Audience)
}
// --advertise-routes can be passed an empty string to configure a
// device (that might have previously advertised subnet routes) to not
// advertise any routes. Respect an empty string passed by a user and