mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-07-09 16:00:59 +00:00
Re-pin the demo tailnet join on the OAuth client secrets
Commit0a9a29d63moved deploy-demo-server.yml and update-demo-server.yml from the static TS_AUTHKEY to the Tailscale OAuth client but left the release promotion policy pin asserting TS_AUTHKEY, so the Canonical Governance run failed at the promotion policy unit tests once the completion guard false positive (fixed in54a6118d1) stopped masking the step. The pin now asserts the OAuth client id and secret and pins the static key retirement.
This commit is contained in:
parent
d61f57a1e2
commit
a1c22bf55c
1 changed files with 5 additions and 1 deletions
|
|
@ -784,7 +784,11 @@ class ReleasePromotionPolicyTest(unittest.TestCase):
|
|||
self.assertNotIn('SERVICE_NAME="pulse-v6-preview"', demo)
|
||||
self.assertNotIn("Preview demo updates must not target the stable pulse service.", demo)
|
||||
self.assertIn("tailscale/github-action@4e4c49acaa9818630ce0bd7a564372c17e33fb4d # v2", demo)
|
||||
self.assertIn("TS_AUTHKEY", demo)
|
||||
self.assertIn("oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}", demo)
|
||||
self.assertIn("oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}", demo)
|
||||
# The static 90-day TS_AUTHKEY was retired for the OAuth client
|
||||
# (0a9a29d63); the runner mints an ephemeral tagged node key per run.
|
||||
self.assertNotIn("TS_AUTHKEY", demo)
|
||||
self.assertIn("DEMO_EXPECTED_HOSTNAME", demo)
|
||||
self.assertIn("Verify target host identity", demo)
|
||||
self.assertIn("Demo environment points at host $REMOTE_HOSTNAME but expected $DEMO_EXPECTED_HOSTNAME.", demo)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue