[FEAT] add OAuth key integration and additional URL-style params to --auth-key flags (ephemeral & preauthorized)

[McSim85]

this fixes
#398

Tailscale docs:
https://tailscale.com/kb/1215/oauth-clients/#registering-new-nodes-using-oauth-credentials

Source code reference:
https://github.com/tailscale/tailscale/blob/869b34ddeb4175df2b08cdc3d6cd9a350ec81059/cmd/tailscale/cli/up.go#L1068

[McSim85]

Can you please duplicate the default directory/test suite under molecule/, rename the new directory to oauth, and modify

ansible-role-tailscale/molecule/default/init_tailscale_vars.yml

Line 4 in d56b263

tailscale_authkey: "{{ lookup('ansible.builtin.env', 'TAILSCALE_CI_KEY') }}"

inside the new test directory to look for the env var TAILSCALE_OAUTH_CLIENT_SECRET instead of TAILSCALE_CI_KEY?
Also be sure to rename the scenario to oauth as well:

ansible-role-tailscale/molecule/default/molecule.yml

Line 35 in d56b263

name: default

The way tests work in this repo (to securely use my secrets in PRs), the new test won't get triggered in this PR but I'll manually verify its correctness before merging.

this is done in 23f6a82 I am not super familiar with molecule. I hope I did renaming correctly. 🙏

Also, in 1467653 added /oauth/ tests to linter's exclude_paths

Hi @artis3n
Just a follow-up, in case you missed my commits :)

[artis3n]

This does not work just yet! And to answer the previous comment, Molecule is basically a system for integration tests of Ansible roles.

Running the Molecule test locally with poetry run molecule test --scenario-name oauth (and the TAILSCALE_OAUTH_CLIENT_SECRET env var) results in this error:

I've tinkered with the PR and will push up a fix with some minor molecule enhancements as well.

[artis3n]

Can you enable the "Allow edits from maintainers" setting so I can push a fix commit?

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork

[McSim85]

This does not work just yet! And to answer the previous comment, Molecule is basically a system for integration tests of Ansible roles.

Running the Molecule test locally with poetry run molecule test --scenario-name oauth (and the TAILSCALE_OAUTH_CLIENT_SECRET env var) results in this error:

I've tinkered with the PR and will push up a fix with some minor molecule enhancements as well.

ohhh, right.
We use --advertise-tags everywhere. So, I did not meet those errors.
--advertise-tags is required with OAuth, unless you use all scopes when granting access.

[McSim85]

Can you enable the "Allow edits from maintainers" setting so I can push a fix commit?

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork

This was enabled already. Can you try to push changes?

[artis3n]

Hmm I do see that on my side too, but I'm getting permissions errors. I'm going to merge and put up a subsequent PR with the fixes.