I am in the process of setting up Gitops pipelines for my Tailscale ACL file. I use Gitlab, so I am following the instructions here. The initial pushes onto main resulted in a successful apply pipeline, great! However, when I created a feature branch with some changes and started a Merge Request, I was greeted with failure and the seemingly unhelpful error:
$ gitops-pusher --policy-file ./policy.hujson test
wanted HTTP status code 200 but got 401
Several test branches later, in the process of creating a bug report on the Tailscale Github, when it dawned on me that when I had set up the CI variables on the repo, I mashed all of the buttons about protecting the TS_API_KEY variable. Go back and look at the Gitlab CI variables and sure enough, I had set the Protected flag on the var, which prevents the variable from being used on non-protected branches.
So it turns out that the unhelpful error message was actually telling me exactly what the problem was; I just wasn't paying attention. In this process, other hits on Google noted that this error is also caused by an expired API key. In that case, you'd see both test and apply stages failing. Tailscale expires keys after a maximum 90-days, which means this is probably an annoyingly frequent occurrence.
No comments:
Post a Comment