CodeCow/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-06-03 21:01:54 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
main
tailscale/feature/awsparamstore/awsparamstore_test.go
Andrew Dunham bcceef3682
Some checks failed
checklocks / checklocks (push) Has been cancelled
Details
CodeQL / Analyze (go) (push) Has been cancelled
Details
Dockerfile build / deploy (push) Has been cancelled
Details
CI / gomod-cache (push) Has been cancelled
Details
CI / fuzz (push) Has been cancelled
Details
update-flake / update-flake (push) Has been cancelled
Details
tailscale.com/cmd/vet / vet (push) Has been cancelled
Details
CI / race-root-integration (1/4) (push) Has been cancelled
Details
CI / race-root-integration (2/4) (push) Has been cancelled
Details
CI / race-root-integration (3/4) (push) Has been cancelled
Details
CI / race-root-integration (4/4) (push) Has been cancelled
Details
CI / test (-race, amd64, 1/3) (push) Has been cancelled
Details
CI / test (-race, amd64, 2/3) (push) Has been cancelled
Details
CI / test (-race, amd64, 3/3) (push) Has been cancelled
Details
CI / test (386) (push) Has been cancelled
Details
CI / test (amd64) (push) Has been cancelled
Details
CI / Windows (${{ matrix.name || matrix.shard}}) (win-bench, benchmarks) (push) Has been cancelled
Details
CI / Windows (${{ matrix.name || matrix.shard}}) (win-shard-1-2, 1/2) (push) Has been cancelled
Details
CI / Windows (${{ matrix.name || matrix.shard}}) (win-shard-2-2, 2/2) (push) Has been cancelled
Details
CI / Windows (win-tool-go) (push) Has been cancelled
Details
CI / privileged (push) Has been cancelled
Details
CI / vm (push) Has been cancelled
Details
CI / cross (386, linux) (push) Has been cancelled
Details
CI / cross (amd64, darwin) (push) Has been cancelled
Details
CI / cross (amd64, freebsd) (push) Has been cancelled
Details
CI / cross (amd64, openbsd) (push) Has been cancelled
Details
CI / cross (amd64, windows) (push) Has been cancelled
Details
CI / cross (arm, 5, linux) (push) Has been cancelled
Details
CI / cross (arm, 7, linux) (push) Has been cancelled
Details
CI / cross (arm64, darwin) (push) Has been cancelled
Details
CI / cross (arm64, linux) (push) Has been cancelled
Details
CI / cross (arm64, windows) (push) Has been cancelled
Details
CI / cross (loong64, linux) (push) Has been cancelled
Details
CI / ios (push) Has been cancelled
Details
CI / crossmin (amd64, illumos) (push) Has been cancelled
Details
CI / crossmin (amd64, plan9) (push) Has been cancelled
Details
CI / crossmin (amd64, solaris) (push) Has been cancelled
Details
CI / crossmin (ppc64, aix) (push) Has been cancelled
Details
CI / android (push) Has been cancelled
Details
CI / wasm (push) Has been cancelled
Details
CI / tailscale_go (push) Has been cancelled
Details
CI / depaware (push) Has been cancelled
Details
CI / go_generate (push) Has been cancelled
Details
CI / go_mod_tidy (push) Has been cancelled
Details
CI / licenses (push) Has been cancelled
Details
CI / staticcheck (${{ matrix.name }}) (--with-tags-all=darwin, arm64, darwin, macOS) (push) Has been cancelled
Details
CI / staticcheck (${{ matrix.name }}) (--with-tags-all=linux, amd64, linux, Linux) (push) Has been cancelled
Details
CI / staticcheck (${{ matrix.name }}) (--with-tags-all=windows, amd64, windows, Windows) (push) Has been cancelled
Details
CI / staticcheck (${{ matrix.name }}) (--without-tags-any=windows,darwin,linux --shard=1/4, amd64, linux, Portable (1/4)) (push) Has been cancelled
Details
CI / staticcheck (${{ matrix.name }}) (--without-tags-any=windows,darwin,linux --shard=2/4, amd64, linux, Portable (2/4)) (push) Has been cancelled
Details
CI / staticcheck (${{ matrix.name }}) (--without-tags-any=windows,darwin,linux --shard=3/4, amd64, linux, Portable (3/4)) (push) Has been cancelled
Details
CI / staticcheck (${{ matrix.name }}) (--without-tags-any=windows,darwin,linux --shard=4/4, amd64, linux, Portable (4/4)) (push) Has been cancelled
Details
CI / notify_slack (push) Has been cancelled
Details
CI / merge_blocker (push) Has been cancelled
Details
CI / check_mergeability_strict (push) Has been cancelled
Details
CI / check_mergeability (push) Has been cancelled
Details
cmd/tailscale/cli: allow fetching keys from AWS Parameter Store 
This allows fetching auth keys, OAuth client secrets, and ID tokens (for
workload identity federation) from AWS Parameter Store by passing an ARN
as the value. This is a relatively low-overhead mechanism for fetching
these values from an external secret store without needing to run a
secret service.

Usage examples:

    # Auth key
    tailscale up \
      --auth-key=arn:aws:ssm:us-east-1:123456789012:parameter/tailscale/auth-key

    # OAuth client secret
    tailscale up \
      --client-secret=arn:aws:ssm:us-east-1:123456789012:parameter/tailscale/oauth-secret \
      --advertise-tags=tag:server

    # ID token (for workload identity federation)
    tailscale up \
      --client-id=my-client \
      --id-token=arn:aws:ssm:us-east-1:123456789012:parameter/tailscale/id-token \
      --advertise-tags=tag:server

Updates tailscale/corp#28792

Signed-off-by: Andrew Dunham <andrew@tailscale.com>
2026-01-29 18:09:56 -05:00

84 lines
1.9 KiB
Go
Raw Permalink Blame History

// Copyright (c) Tailscale Inc & contributors
// SPDX-License-Identifier: BSD-3-Clause
//go:build !ts_omit_aws
package awsparamstore
import (
"testing"
)
func TestParseARN(t *testing.T) {
tests := []struct {
name string
input string
wantOk bool
wantRegion string
wantParamName string
}{
{
name: "non-arn-passthrough",
input: "tskey-abcd1234",
wantOk: false,
},
{
name: "file-prefix-passthrough",
input: "file:/path/to/key",
wantOk: false,
},
{
name: "empty-passthrough",
input: "",
wantOk: false,
},
{
name: "non-ssm-arn-passthrough",
input: "arn:aws:s3:::my-bucket",
wantOk: false,
},
{
name: "invalid-arn-passthrough",
input: "arn:invalid",
wantOk: false,
},
{
name: "arn-invalid-resource-passthrough",
input: "arn:aws:ssm:us-east-1:123456789012:document/myDoc",
wantOk: false,
},
{
name: "valid-arn",
input: "arn:aws:ssm:us-west-2:123456789012:parameter/my-secret",
wantOk: true,
wantRegion: "us-west-2",
wantParamName: "/my-secret",
},
{
name: "valid-arn-with-path",
input: "arn:aws:ssm:eu-central-1:123456789012:parameter/path/to/secret",
wantOk: true,
wantRegion: "eu-central-1",
wantParamName: "/path/to/secret",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gotRegion, gotParamName, gotOk := parseARN(tt.input)
if gotOk != tt.wantOk {
t.Errorf("parseARN(%q) got ok=%v, want %v", tt.input, gotOk, tt.wantOk)
}
if !tt.wantOk {
return
}
if gotRegion != tt.wantRegion {
t.Errorf("parseARN(%q) got region=%q, want %q", tt.input, gotRegion, tt.wantRegion)
}
if gotParamName != tt.wantParamName {
t.Errorf("parseARN(%q) got paramName=%q, want %q", tt.input, gotParamName, tt.wantParamName)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink