Package rsop facilitates [source.Store] registration via [RegisterStore] and provides access to the effective policy merged from all registered sources via [PolicyFor].

Package setting contains types for defining and representing policy settings.

Package source defines interfaces for policy stores, facilitates the creation of policy sources, and provides functionality for reading policy settings from these sources.

GetBoolean returns a boolean policy setting with the specified key, or defaultValue if it does not exist.

GetDuration loads a policy from the registry that can be managed by an enterprise policy management system and describes a duration for some action.

GetPreferenceOption loads a policy from the registry that can be managed by an enterprise policy management system and allows administrative overrides of users' choices in a way that we do not want tailcontrol to have the authority to set.

GetString returns a string policy setting with the specified key, or defaultValue if it does not exist.

GetStringArray returns a multi-string policy setting with the specified key, or defaultValue if it does not exist.

GetUint64 returns a numeric policy setting with the specified key, or defaultValue if it does not exist.

GetVisibility loads a policy from the registry that can be managed by an enterprise policy management system and describes show/hide decisions for UI elements.

MustRegisterStoreForTest is like [rsop.RegisterStoreForTest], but it fails the test if the store could not be registered.

RegisterChangeCallback adds a function that will be called whenever the effective policy for the default scope changes.

RegisterHandler wraps and registers the specified handler as the device's policy [source.Store] for the program's lifetime.

RegisterStore registers a new policy [source.Store] with the specified name and [setting.PolicyScope].

RegisterWellKnownSettingsForTest registers all implicit setting definitions for the duration of the test.

SelectControlURL returns the ControlURL to use based on a value in the registry (LoginURL) and the one on disk (in the GUI's prefs.conf).

SetDebugLoggingEnabled controls whether spammy debug logging is enabled.

SetHandlerForTest wraps and sets the specified handler as the device's policy [source.Store] for the duration of tb.

WellKnownSettingDefinition returns a well-known, implicit setting definition by its key, or an [ErrNoSuchKey] if a policy setting with the specified key does not exist among implicit policy definitions.

WrapHandler returns a [source.Store] that wraps the specified [Handler].

Keys with a string value that controls visibility: "show", "hide".

Keys with a string array value.

ApplyUpdates is the key to signal if updates should be automatically installed.

AuthKey is an auth key that will be used to login whenever the backend starts.

AutoUpdateVisibility is the key to signal if the menu item for automatic installation of updates should be visible.

CheckUpdates is the key to signal if the updater should periodically check for updates.

default ""; if blank, ipn uses ipn.DefaultControlURL.

DeviceSerialNumber is the serial number of the device that is running Tailscale.

Keys with a string value that specifies an option: "always", "never", "user-decides".

EnableRunExitNode controls if the device acts as an exit node.

ExitNodeID is the exit node's node id.

default ""; if blank, no exit node is forced.

default 24 hours.

Boolean Keys that are only applicable on Windows.

default ""; if blank logging uses logtail.DefaultHost.

MachineCertificateSubject is the exact name of a Subject that needs to be present in an identity's certificate chain to sign a RegisterRequest, formatted as per pkix.Name.String().

ManagedByCaption is an info message displayed inside the client UI as a caption when ManagedByOrganizationName is set.

ManagedByOrganizationName indicates the name of the organization managing the Tailscale install.

ManagedByURL is a valid URL pointing to a support help desk for Tailscale within the organization.

OnboardingFlowVisibility controls the visibility of the onboarding flow in the client GUI.

PostureChecking indicates if posture checking is enabled and the client shall gather posture data.

RunExitNodeVisibility controls if the "run as exit node" menu item is visible, without controlling the setting itself.

SuggestedExitNodeVisibility controls the visibility of suggested exit nodes in the client GUI.

default ""; if blank, no tailnet name is sent to the server.

ErrNoSuchKey is returned by [setting.DefinitionOf] when no policy setting has been registered with the specified key.

ErrNotConfigured is returned when the requested policy setting is not configured.

ErrTypeMismatch is returned when there's a type mismatch between the actual type of the setting value and the expected type.

Handler reads system policies from OS-specific storage.

Key is a string that uniquely identifies a policy and must remain unchanged once established and documented for a given policy setting.

TB is a subset of testing.TB that we use to set up test helpers.