CodeCow/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-06-03 21:01:54 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

posture: add HealthTracker for serial number retrieval (#19181)

Browse Source 
Device posture checking can fail while enabled if tailscaled does not
have access to smbios. Previously, this was only observable by looking
in the tailscaled logs.

Fixes tailscale/corp#39314

Signed-off-by: Evan Lowry <evan@tailscale.com>
This commit is contained in:
Evan Lowry 2026-04-25 15:42:47 -03:00 committed by GitHub
parent f3b2f9b0ef
commit 3a05c450ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
feature/posture/posture.go
View File

@ -8,8 +8,10 @@
import ( import (
"encoding/json" "encoding/json"
"fmt"
"net/http" "net/http"
"tailscale.com/health"
"tailscale.com/ipn/ipnext" "tailscale.com/ipn/ipnext"
"tailscale.com/ipn/ipnlocal" "tailscale.com/ipn/ipnlocal"
"tailscale.com/posture" "tailscale.com/posture"
@ -25,6 +27,15 @@ func init() {
ipnlocal.RegisterC2N("GET /posture/identity", handleC2NPostureIdentityGet) ipnlocal.RegisterC2N("GET /posture/identity", handleC2NPostureIdentityGet)
} }
var postureSerialWarnable = health.Register(&health.Warnable{
Code: "posture-checking-serial-collection-failed",
Title: "Device Posture: serial number collection failed",
Severity: health.SeverityMedium,
Text: func(args health.Args) string {
return fmt.Sprintf("Could not collect device serial numbers for posture checking. (%v)", args[health.ArgError])
},
})
func newExtension(logf logger.Logf, b ipnext.SafeBackend) (ipnext.Extension, error) { func newExtension(logf logger.Logf, b ipnext.SafeBackend) (ipnext.Extension, error) {
e := &extension{ e := &extension{
logf: logger.WithPrefix(logf, "posture: "), logf: logger.WithPrefix(logf, "posture: "),
@ -73,6 +84,9 @@ func handleC2NPostureIdentityGet(b *ipnlocal.LocalBackend, w http.ResponseWriter
res.SerialNumbers, err = posture.GetSerialNumbers(b.PolicyClient(), e.logf) res.SerialNumbers, err = posture.GetSerialNumbers(b.PolicyClient(), e.logf)
if err != nil { if err != nil {
e.logf("c2n: GetSerialNumbers returned error: %v", err) e.logf("c2n: GetSerialNumbers returned error: %v", err)
b.HealthTracker().SetUnhealthy(postureSerialWarnable, health.Args{health.ArgError: err.Error()})
} else {
b.HealthTracker().SetHealthy(postureSerialWarnable)
} }
// TODO(tailscale/corp#21371, 2024-07-10): once this has landed in a stable release // TODO(tailscale/corp#21371, 2024-07-10): once this has landed in a stable release

2
ipn/ipnlocal/local.go
View File

@ -4212,6 +4212,8 @@ func (b *LocalBackend) CurrentUserForTest() (ipn.WindowsUserID, ipnauth.Actor) {
return b.pm.CurrentUserID(), b.currentUser return b.pm.CurrentUserID(), b.currentUser
} }
// CheckPrefs validates the provided user modifiable settings for correctness
// and returns an error if they are invalid for the current backend.
func (b *LocalBackend) CheckPrefs(p *ipn.Prefs) error { func (b *LocalBackend) CheckPrefs(p *ipn.Prefs) error {
b.mu.Lock() b.mu.Lock()
defer b.mu.Unlock() defer b.mu.Unlock()

3
posture/serialnumber_stub.go
View File

@ -12,6 +12,7 @@
import ( import (
"errors" "errors"
"fmt"
"tailscale.com/types/logger" "tailscale.com/types/logger"
"tailscale.com/util/syspolicy/policyclient" "tailscale.com/util/syspolicy/policyclient"
@ -19,5 +20,5 @@
// GetSerialNumber returns client machine serial number(s). // GetSerialNumber returns client machine serial number(s).
func GetSerialNumbers(polc policyclient.Client, _ logger.Logf) ([]string, error) { func GetSerialNumbers(polc policyclient.Client, _ logger.Logf) ([]string, error) {
return nil, errors.New("not implemented") return nil, fmt.Errorf("not implemented: %w", errors.ErrUnsupported)
} }