dump-tailscale-acl: coily verb for round-tripping current tailnet policy #135

Closed
opened 2026-05-26 17:40:50 +00:00 by coilysiren · 0 comments
Owner

Problem

No way to dump the current tailnet policy file outside the web console. Bootstrap of terraform/tailscale-policy/ (coilysiren/infrastructure#134) needs to round-trip current state into the new tailscale_acl.policy body before terraform import adopts it.

Change

  • scripts/k8s/dump_tailscale_acl.py - admin-OAuth → bearer → GET /api/v2/tailnet/-/acl, prints HuJSON to stdout.
  • Makefile + .coily/coily.yaml - new dump-tailscale-acl verb.

Reuses tailscale_admin_oauth_env() from scripts/_lib.py (same admin pair as terraform_tailscale_devices.py).

Filed by Claude.

**Problem** No way to dump the current tailnet policy file outside the web console. Bootstrap of `terraform/tailscale-policy/` (coilysiren/infrastructure#134) needs to round-trip current state into the new `tailscale_acl.policy` body before `terraform import` adopts it. **Change** - `scripts/k8s/dump_tailscale_acl.py` - admin-OAuth → bearer → `GET /api/v2/tailnet/-/acl`, prints HuJSON to stdout. - `Makefile` + `.coily/coily.yaml` - new `dump-tailscale-acl` verb. Reuses `tailscale_admin_oauth_env()` from `scripts/_lib.py` (same admin pair as `terraform_tailscale_devices.py`). Filed by Claude.
Sign in to join this conversation.
No description provided.