diff --git a/README.md b/README.md index ffa91f83..a8090c1d 100644 --- a/README.md +++ b/README.md @@ -217,12 +217,12 @@ Ari Kalfus ([@artis3n](https://www.artis3nal.com/)) ## Development and Contributing -| :exclamation: Due to the encrypted Tailscale auth key in `molecule/defaults/converge.yml`, this repository can't successfully test PRs from forks. I'm working on how to enable collaboration and welcome any ideas. | +| :exclamation: Due to the encrypted Tailscale ephemeral auth key in `molecule/defaults/converge.yml`, this repository can't successfully test PRs from forks. I'm working on how to enable collaboration and welcome any ideas. | | ----- | This GitHub repository uses a dedicated "test" Tailscale account to authenticate Tailscale during CI runs. Each Docker container creates a new authorized machine in that test account. -The machines are manually cleaned up every so often. +The machines are authorized with [ephemeral auth keys][] and are automatically cleaned up within 48 hours. If you are interested in contributing to this repository, you must create a [Tailscale account][] and generate a [Node Authorization auth key][auth key]. @@ -242,5 +242,6 @@ This will generate an encrypted string for you to set in the `molecule/default/c [ansible-vault]: https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypt-string-for-use-in-yaml [auth key]: https://login.tailscale.com/admin/authkeys +[ephemeral auth key]: https://tailscale.com/kb/1111/ephemeral-nodes/ [tailscale]: https://tailscale.com/ [tailscale account]: https://login.tailscale.com/start diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index b82316b5..e1ddff9f 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -8,9 +8,9 @@ vars: tailscale_auth_key: !vault | $ANSIBLE_VAULT;1.2;AES256;tailscale - 64386636323631353934306532343136376337366134373935643332383137636531633264376530 - 3066613130316234366265313739306561386233316662300a656436623736646261626135386139 - 66386231366432626263343265393961346133636234373263343235366362313064396362396333 - 3265613163393863310a356565346538353530393835393435346531383562636566356165363331 - 34383661613231313164616132393666663737396163656336613365336439353936 + 37356361326562346634353132346635353332303564316435383338386231303638316661373965 + 6638323433383530326431326265323930313639333337330a666464663034383339303831353634 + 66346230623462306232326637303263646133616237613633396162633565613639663937643839 + 3139333539656262300a393438383865366430366530383566363732373632343633656130653234 + 63343735303939383639616234376631393430333533663262376363383439653763 verbose: true diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 103817ca..7022c281 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -11,4 +11,4 @@ - name: Assertions assert: that: - - '"hello-ipn-dev" in tailscale_status.stdout' + - tailscale_status.stdout != "Logged out." diff --git a/molecule/skip-authentication/verify.yml b/molecule/skip-authentication/verify.yml index 35bb5fe2..4c3dc181 100644 --- a/molecule/skip-authentication/verify.yml +++ b/molecule/skip-authentication/verify.yml @@ -14,4 +14,4 @@ - name: Assertions assert: that: - - '"hello-ipn-dev" not in tailscale_status.stdout' + - tailscale_status.stdout == "Logged out."