tailscale icon indicating copy to clipboard operation
tailscale copied to clipboard
verified publisher icon tailscale

FR: Webhook when ACLs change

Open kgleason opened this issue 3 years ago • 1 comments

What are you trying to do?

Automatically save / backup the ACLs when changes are made to the web config.

An option setting for a webhook to push changes to when the ACLs are modified would be perfect. Or a way to tie the ACLs to a git repo.

How should we solve this?

Implement a way to push the ACL HuJSON or JSON to a specified endpoint.

What is the impact of not solving this?

If someone makes changes to the ACLs, we've got no record of it. All admins are able to see the ACLs from the web portal. Implementing something like this would allow for rollback should a change have unexpected consequences. It would also allow for some sort of rudimentary change control.

Anything else?

I suppose another way to accomplish this would be to create an ACL to determine who could see the ACL view in the web portal. Or do disable that tab completely and force all of the ACL management to be handled via the API. Optionnaly.

kgleason avatar Aug 02 '22 17:08 kgleason

Or a way to tie the ACLs to a git repo.

We're more likely to do this, part of the motivation for keeping all of the settings in one JSON blob is to enable them to be maintained with workflows outside of the admin panel.

DentonGentry avatar Aug 05 '22 22:08 DentonGentry

The webhooks feature launched last week: https://tailscale.com/blog/webhooks/ It includes a notification when ACLs change.

Or a way to tie the ACLs to a git repo.

https://tailscale.com/kb/1204/gitops-acls/

DentonGentry avatar Oct 31 '22 12:10 DentonGentry