chore: capmap vs capabilities

internal/mapping/mapping.go

@@ -82,29 +82,9 @@ func ToDNSConfig(m *domain.Machine, tailnet *domain.Tailnet, c *domain.DNSConfig
 	return dnsConfig
 }
 
-func ToNode(m *domain.Machine, tailnet *domain.Tailnet, taggedDevicesUser *domain.User, peer bool, connected bool, routeFilter func(m *domain.Machine) []netip.Prefix) (*tailcfg.Node, *tailcfg.UserProfile, error) {
+func ToNode(capVer tailcfg.CapabilityVersion, m *domain.Machine, tailnet *domain.Tailnet, taggedDevicesUser *domain.User, peer bool, connected bool, routeFilter func(m *domain.Machine) []netip.Prefix) (*tailcfg.Node, *tailcfg.UserProfile, error) {
 	role := tailnet.IAMPolicy.GetRole(m.User)
 
-	var capabilities []tailcfg.NodeCapability
-
-	if !peer {
-		if !m.HasTags() && role == domain.UserRoleAdmin {
-			capabilities = append(capabilities, tailcfg.CapabilityAdmin)
-		}
-
-		if tailnet.FileSharingEnabled {
-			capabilities = append(capabilities, tailcfg.CapabilityFileSharing)
-		}
-
-		if tailnet.SSHEnabled {
-			capabilities = append(capabilities, tailcfg.CapabilitySSH)
-		}
-
-		if tailnet.DNSConfig.HttpsCertsEnabled {
-			capabilities = append(capabilities, tailcfg.CapabilityHTTPS)
-		}
-	}
-
 	nKey, err := util.ParseNodePublicKey(m.NodeKey)
 	if err != nil {
 		return nil, nil, err
@@ -186,15 +166,43 @@ func ToNode(m *domain.Machine, tailnet *domain.Tailnet, taggedDevicesUser *domai
 		Endpoints:  endpoints,
 		DERP:       derp,
 
-		Hostinfo:     hostInfo.View(),
+		Hostinfo: hostInfo.View(),
-		Capabilities: capabilities,
+		Created:  m.CreatedAt.UTC(),
-
-		Created: m.CreatedAt.UTC(),
 
 		MachineAuthorized: m.Authorized,
 		User:              tailcfg.UserID(m.UserID),
 	}
 
+	if !peer {
+		var capabilities []tailcfg.NodeCapability
+		capMap := make(tailcfg.NodeCapMap)
+		if !m.HasTags() && role == domain.UserRoleAdmin {
+			capabilities = append(capabilities, tailcfg.CapabilityAdmin)
+			capMap[tailcfg.CapabilityAdmin] = []tailcfg.RawMessage{}
+		}
+
+		if tailnet.FileSharingEnabled {
+			capabilities = append(capabilities, tailcfg.CapabilityFileSharing)
+			capMap[tailcfg.CapabilityFileSharing] = []tailcfg.RawMessage{}
+		}
+
+		if tailnet.SSHEnabled {
+			capabilities = append(capabilities, tailcfg.CapabilitySSH)
+			capMap[tailcfg.CapabilitySSH] = []tailcfg.RawMessage{}
+		}
+
+		if tailnet.DNSConfig.HttpsCertsEnabled {
+			capabilities = append(capabilities, tailcfg.CapabilityHTTPS)
+			capMap[tailcfg.CapabilityHTTPS] = []tailcfg.RawMessage{}
+		}
+
+		if capVer >= 74 {
+			n.CapMap = capMap
+		} else {
+			n.Capabilities = capabilities
+		}
+	}
+
 	if !m.ExpiresAt.IsZero() {
 		e := m.ExpiresAt.UTC()
 		n.KeyExpiry = e

internal/mapping/poll_net_mapper.go

@@ -60,7 +60,7 @@ func (h *PollNetMapper) CreateMapResponse(ctx context.Context, delta bool) (*tai
 
 	prc := &primaryRoutesCollector{flagged: map[netip.Prefix]bool{}}
 
-	node, user, err := ToNode(m, &tailnet, serviceUser, false, true, prc.filter)
+	node, user, err := ToNode(h.req.Version, m, &tailnet, serviceUser, false, true, prc.filter)
 	if err != nil {
 		return nil, err
 	}
@@ -84,7 +84,7 @@ func (h *PollNetMapper) CreateMapResponse(ctx context.Context, delta bool) (*tai
 		if policies.IsValidPeer(m, &peer) || policies.IsValidPeer(&peer, m) {
 			isConnected := h.sessionManager.HasSession(peer.TailnetID, peer.ID)
 
-			n, u, err := ToNode(&peer, &tailnet, serviceUser, true, isConnected, prc.filter)
+			n, u, err := ToNode(h.req.Version, &peer, &tailnet, serviceUser, true, isConnected, prc.filter)
 			if err != nil {
 				return nil, err
 			}