dump-tailscale-acl: coily verb for round-tripping current tailnet policy #135
Labels
No labels
burndown-2026-06
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/infrastructure#135
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Problem
No way to dump the current tailnet policy file outside the web console. Bootstrap of
terraform/tailscale-policy/(coilysiren/infrastructure#134) needs to round-trip current state into the newtailscale_acl.policybody beforeterraform importadopts it.Change
scripts/k8s/dump_tailscale_acl.py- admin-OAuth → bearer →GET /api/v2/tailnet/-/acl, prints HuJSON to stdout.Makefile+.coily/coily.yaml- newdump-tailscale-aclverb.Reuses
tailscale_admin_oauth_env()fromscripts/_lib.py(same admin pair asterraform_tailscale_devices.py).Filed by Claude.