Move to ephemeral auth key for CI tests (#103)

* Move to ephemeral auth key for CI tests * Fix verify assertions
artis3n · May 24, 2021 · 6c15448 · 6c15448
1 parent 9bce220
commit 6c15448
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -217,12 +217,12 @@ Ari Kalfus ([@artis3n](https://www.artis3nal.com/)) <[email protected]>
 
 ## Development and Contributing
 
-| :exclamation: Due to the encrypted Tailscale auth key in `molecule/defaults/converge.yml`, this repository can't successfully test PRs from forks. I'm working on how to enable collaboration and welcome any ideas. |
+| :exclamation: Due to the encrypted Tailscale ephemeral auth key in `molecule/defaults/converge.yml`, this repository can't successfully test PRs from forks. I'm working on how to enable collaboration and welcome any ideas. |
 | ----- |
 
 This GitHub repository uses a dedicated "test" Tailscale account to authenticate Tailscale during CI runs.
 Each Docker container creates a new authorized machine in that test account.
-The machines are manually cleaned up every so often.
+The machines are authorized with [ephemeral auth keys][] and are automatically cleaned up within 48 hours.
 
 If you are interested in contributing to this repository, you must create a [Tailscale account][] and generate a [Node Authorization auth key][auth key].
 
@@ -242,5 +242,6 @@ This will generate an encrypted string for you to set in the `molecule/default/c
 
 [ansible-vault]: https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypt-string-for-use-in-yaml
 [auth key]: https://login.tailscale.com/admin/authkeys
+[ephemeral auth key]: https://tailscale.com/kb/1111/ephemeral-nodes/
 [tailscale]: https://tailscale.com/
 [tailscale account]: https://login.tailscale.com/start
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -8,9 +8,9 @@
       vars:
         tailscale_auth_key: !vault |
           $ANSIBLE_VAULT;1.2;AES256;tailscale
-          64386636323631353934306532343136376337366134373935643332383137636531633264376530
-          3066613130316234366265313739306561386233316662300a656436623736646261626135386139
-          66386231366432626263343265393961346133636234373263343235366362313064396362396333
-          3265613163393863310a356565346538353530393835393435346531383562636566356165363331
-          34383661613231313164616132393666663737396163656336613365336439353936
+          37356361326562346634353132346635353332303564316435383338386231303638316661373965
+          6638323433383530326431326265323930313639333337330a666464663034383339303831353634
+          66346230623462306232326637303263646133616237613633396162633565613639663937643839
+          3139333539656262300a393438383865366430366530383566363732373632343633656130653234
+          63343735303939383639616234376631393430333533663262376363383439653763
         verbose: true
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -11,4 +11,4 @@
   - name: Assertions
     assert:
       that:
-        - '"hello-ipn-dev" in tailscale_status.stdout'
+        - tailscale_status.stdout != "Logged out."
diff --git a/molecule/skip-authentication/verify.yml b/molecule/skip-authentication/verify.yml
@@ -14,4 +14,4 @@
   - name: Assertions
     assert:
       that:
-        - '"hello-ipn-dev" not in tailscale_status.stdout'
+        - tailscale_status.stdout == "Logged out."