Add caddyfile parsing for allowing tagged nodes

Signed-off-by: Christine Dodrill <xe@tailscale.com>
tailscale · Oct 27, 2022 · c2ec606 · c2ec606 · gbraad · Apr 29, 2023
1 parent a98aa89
commit c2ec606
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/module.go b/module.go
@@ -1,6 +1,7 @@
 package tscaddy
 
 import (
+	"fmt"
 	"log"
 	"net"
 	"net/http"
@@ -89,6 +90,8 @@ func getListener(_, addr string) (net.Listener, error) {
 
 type TailscaleAuth struct {
 	localclient *tailscale.LocalClient
+
+	AllowTaggedNodes bool `json:"allow_tagged_nodes"`
 }
 
 func (TailscaleAuth) CaddyModule() caddy.ModuleInfo {
@@ -144,9 +147,11 @@ func (ta TailscaleAuth) Authenticate(w http.ResponseWriter, r *http.Request) (ca
 		return user, false, err
 	}
 
-	if len(info.Node.Tags) != 0 {
+	if ta.AllowTaggedNodes && len(info.Node.Tags) != 0 {
 		info.UserProfile.LoginName = strings.Replace(info.Node.Tags[0], ":", "___", -1) + "@tags.in.your.tailnet"
 		info.UserProfile.DisplayName = "A tagged node with tags: " + strings.Join(info.Node.Tags, ", ")
+	} else {
+		return user, false, fmt.Errorf("node %s has tags", info.Node.Hostinfo.Hostname())
 	}
 
 	var tailnet string