v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/tailscale
Overview
7Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install tailscale

Table: tailscale_acl_auto_approver - Query Tailscale ACL Auto Approver using SQL

Tailscale ACL (Access Control List) Auto Approver is a component of Tailscale, a secure network connectivity tool. It automates the approval of ACL changes, enhancing security by ensuring only authorized changes are implemented. This feature is part of Tailscale's commitment to providing secure, private networks over public Internet.

Table Usage Guide

The tailscale_acl_auto_approver table provides insights into the ACL Auto Approver within Tailscale. As an IT administrator or security specialist, you can explore details about the auto-approver, including its status and any associated metadata. Use this table to monitor the approval of ACL changes, ensuring that your network remains secure and changes are authorized.

Examples

Basic info

Explore which routes are being used and identify the exit nodes and associated network names. This can help in understanding the network traffic flow and potential bottlenecks in your Tailscale network.

select
  routes,
  exit_node,
  tailnet_name
from
  tailscale_acl_auto_approver;
The PostgreSQL query provided does not use any PostgreSQL - specific functions
or data types that need to be converted to SQLite.Therefore,
the SQLite query is the same as the PostgreSQL query: ` ` ` sql
select
  routes,
  exit_node,
  tailnet_name
from
  tailscale_acl_auto_approver;

Users allowed for each route

select
  r.key as route,
  v as user
from
  tailscale_acl_auto_approver,
  jsonb_each(routes) as r,
  jsonb_array_elements_text(r.value) as v;

Exit node tags of each device

Determine the devices that are associated with specific exit node tags in your network. This can help you manage and control the flow of network traffic, ensuring optimal performance and security.

with tag_devices as(
  select
    id,
    d.name as device_name,
    d.hostname as device_hostname,
    tag
  from
    tailscale_device as d,
    jsonb_array_elements_text(tags) as tag
)
select
  device_name,
  id as device_id,
  en as exit_node_tag,
  device_hostname
from
  tailscale_acl_auto_approver,
  jsonb_array_elements_text(exit_node) as en
  join tag_devices as td on en = td.tag;
with tag_devices as(
  select
    id,
    d.name as device_name,
    d.hostname as device_hostname,
    tag
  from
    tailscale_device as d,
    json_each(tags) as tag
)
select
  device_name,
  id as device_id,
  en.value as exit_node_tag,
  device_hostname
from
  tailscale_acl_auto_approver,
  json_each(exit_node) as en
  join tag_devices as td on en.value = td.tag;

Schema for tailscale_acl_auto_approver

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
exit_nodejsonbDevice routing the traffic for a given tailnet.
routesjsonbSubnet router defined for a given tailnet.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tailnet_nametext=, !=, ~~, ~~*, !~~, !~~*The name of your tailnet.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- tailscale

You can pass the configuration to the command with the --config argument:

steampipe_export_tailscale --config '<your_config>' tailscale_acl_auto_approver