hi Tailscale team,
I’m trying to use the tags in my environment and was wondering if can see if the tags were applied to the machine in the admin console, as I suspect they are missing.
my command is:
sudo tailscale up --advertise-routes=advertise_routes --advertise-tags=advertise_tags -authkey AUTH_KEY
my ACL:
{
"Groups": {
"group:ops": [ "a@example.com" ],
"group:architects": [ "b@example.com" ],
"group:developers": []
},
"TagOwners": {
"tag:test": [
"group:ops",
"group:architects"
],
"tag:prod": [
"group:ops"
],
},
"Hosts": {
"db-test": "192.168.1.1", # advertised with test tag
"db-prod": "192.168.1.2", # advertised with prod tag
//"test": "172.28.0.0/16",
//"prod": "172.19.0.0/16"
},
"ACLs": [
{
"Action": "accept",
"Users": ["group:ops"],
"Ports": ["*:*"]
},
{
"Action": "accept",
"Users": ["group:architects"],
"Ports": ["tag:test:*"],
}
],
"Tests": [
{
"User": "a@example.com",
"Allow": ["db-prod:3306"]
},
{
"User": "b@example.com",
"Allow": ["db-test:3306"],
"Deny": ["db-prod:3306"]
},
],
}
Error:
Error: test(s) failed
test(s) failed for user: b@example.com
address “db-test:3306”: want: Accept, got: Drop