Skip to content

cloudy-sky-software/pulumi-tailscale-native

Repository files navigation

Pulumi Native Provider for Tailscale (Preview)

Tailscale connects your team's devices and development environments for easy access to remote resources.

ℹ️ This provider uses Tailscale's API directly.

This provider was generated using pulschema and pulumi-provider-framework.

Why Is This Called Tailscale Native?

Despite the fact that all Pulumi providers created by Cloudy Sky Software being "native" Pulumi providers, by default, there is a prior Pulumi provider for Tailscale, albeit a TF-bridged one. So this provider had to be renamed to avoid naming conflicts, specifically in language package registries such as PyPi and Nuget where the packages are not namespaced under an organization or user unlike npm.

Package SDKs

Using The Provider

OAuth2 Client

A quote from Tailscale's own docs:

OAuth clients provide a framework for delegated and scoped access to the Tailscale API. An OAuth client creates access tokens for scoped API access, instead of using a fully-permitted access token which expires after 90 days (or less if the fully-permitted access token has a shorter expiry). OAuth clients support the principle of least privilege by allowing fine-grained control on the access granted to the client using scopes, unlike a fully-permitted access token which grants full access to the Tailscale API.

  • Create an OAuth client on https://login.tailscale.com/admin/settings/oauth.
  • Grant the appropriate scopes (permissions) to the client.
  • Copy the client ID and secret.
  • Set the client ID with pulumi config set tailscale-native:clientId <clientID>.
  • Set the client secret with pulumi config set --secret tailscale-native:clientSecret <clientSecret>.
  • Optional: Remove the API key config tailscale-native:apiKey from your stack config if you previously used that method of auth.

Read the full official docs at https://tailscale.com/kb/1215/oauth-clients/.

API Key

You'll need an API access token (aka API key). Follow Tailscale's docs for creating one or head straight to your tailnet admin console to create one. Then set the API key as a secret with pulumi config set --secret tailscale-native:apiKey.

Releasing A New Version

:info: Switch to the main branch first and get the latest git pull origin main && git fetch. Check what the last release tag was.

  1. Regular releases should just increment the patch version unless a minor or a major (breaking changes) version bump is warranted.

  2. Update the CHANGELOG.md with notes about what will be included in this release.

  3. Commit the changelog with git commit -am "vX.Y.Z" or something similar and push git push origin main.

  4. Tag the commit with the release version by running

    git tag vX.Y.Z
    git tag sdk/vX.Y.Z
  5. Push the tags.

    git push --tags