From 2e388320a169aa3efd4cb8950f51fcdb119a72e4 Mon Sep 17 00:00:00 2001
From: Jon Prentice <4913666+jon77p@users.noreply.github.com>
Date: Tue, 10 Oct 2023 09:00:53 -0700
Subject: [PATCH 1/6] chore(cdktf/package.json): added clean and
 remove-tailscale scripts

---
 cdktf/package.json | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cdktf/package.json b/cdktf/package.json
index 468f483fd..f338e97aa 100644
--- a/cdktf/package.json
+++ b/cdktf/package.json
@@ -16,7 +16,9 @@
     "watch": "tsc -w",
     "test": "jest",
     "test:watch": "jest --watch",
-    "upgrade": "yarn upgrade"
+    "upgrade": "yarn upgrade",
+    "clean": "rm -rf .gen cdktf.out node_modules *.log",
+    "remove-tailscale": "cd cdktf.out/stacks/cdktf && terraform state rm $(terraform state list | grep tailscale)"
   },
   "engines": {
     "node": ">=14.0"

From 3f41acea5eb5d1557001903300b071986764cc58 Mon Sep 17 00:00:00 2001
From: Jon Prentice <4913666+jon77p@users.noreply.github.com>
Date: Tue, 10 Oct 2023 10:18:20 -0700
Subject: [PATCH 2/6] fix(cdktf): grant all scope permissions to tailscale
 oauth client

---
 cdktf/main.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cdktf/main.ts b/cdktf/main.ts
index 31c6c22b3..84b2ef913 100644
--- a/cdktf/main.ts
+++ b/cdktf/main.ts
@@ -137,7 +137,7 @@ class InfrastructureStack extends TerraformStack {
     new tailscale.provider.TailscaleProvider(this, "tailscale", {
       oauthClientId: tailscale_oauth_client_id.value,
       oauthClientSecret: tailscale_oauth_client_secret.value,
-      scopes: ["devices"],
+      scopes: ["all"],
       tailnet: tailscale_tailnet.value,
     })
 

From a373a9167a5b0be833a04fb5802d63d53b439d32 Mon Sep 17 00:00:00 2001
From: Jon Prentice <4913666+jon77p@users.noreply.github.com>
Date: Tue, 10 Oct 2023 10:24:20 -0700
Subject: [PATCH 3/6] fix(.github/workflows/cdktf-diff): fixed action
 parameters for terraform-cdk-action v0.1.43

---
 .github/workflows/cdktf-diff.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cdktf-diff.yml b/.github/workflows/cdktf-diff.yml
index 594dbf09a..9a5b06c8b 100644
--- a/.github/workflows/cdktf-diff.yml
+++ b/.github/workflows/cdktf-diff.yml
@@ -74,7 +74,7 @@ jobs:
           mode: plan-only
           terraformCloudToken: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
           githubToken: ${{ secrets.GITHUB_TOKEN }}
-          commentOnPR: true
+          commentOnPr: true
       - name: Store generated CDKTF
         uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
         if: always()

From 53e7fc6f3b31cdac43207638ff8ae4993a4fea14 Mon Sep 17 00:00:00 2001
From: Jon Prentice <4913666+jon77p@users.noreply.github.com>
Date: Tue, 10 Oct 2023 10:24:53 -0700
Subject: [PATCH 4/6] feat(.github/workflows): added manual workflow to remove
 tailscale from terraform state

---
 .github/workflows/cdktf-refresh-tailscale.yml | 70 +++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 .github/workflows/cdktf-refresh-tailscale.yml

diff --git a/.github/workflows/cdktf-refresh-tailscale.yml b/.github/workflows/cdktf-refresh-tailscale.yml
new file mode 100644
index 000000000..2037a716a
--- /dev/null
+++ b/.github/workflows/cdktf-refresh-tailscale.yml
@@ -0,0 +1,70 @@
+---
+name: CDKTF Refresh Tailscale
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  CDKTF_VERSION: 0.14.3
+  TERRAFORM_VERSION: 1.3.5
+  NODE_VERSION: latest
+
+jobs:
+  terraform:
+    name: "Terraform CDK Refresh Tailscale"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
+        with:
+          persist-credentials: false
+      # Configure 1Password Service Account
+      - name: Configure 1Password Service Account
+        uses: 1Password/load-secrets-action/configure@d1a4e73495bde3551cf63f6c048588b8f734e21d # v1
+        with:
+          service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+      # Fetch TERRAFORM_CLOUD_TOKEN from 1Password using load-secrets-action
+      - name: Fetch TERRAFORM_CLOUD_TOKEN from 1Password
+        uses: 1Password/load-secrets-action@d1a4e73495bde3551cf63f6c048588b8f734e21d # v1
+        id: fetch-terraform-cloud-token
+        with:
+          export-env: false
+        env:
+          TERRAFORM_CLOUD_TOKEN: op://Infrastructure/terraform/cloud/token
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2
+        with:
+          terraform_version: ${{ env.TERRAFORM_VERSION }}
+          terraform_wrapper: false
+          cli_config_credentials_token: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
+      - name: Setup yarn
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: yarn
+          cache-dependency-path: ./cdktf/yarn.lock
+      - name: Install dependencies
+        working-directory: ./cdktf
+        run: |
+          # Install node-gyp globally first
+          npm install -g node-gyp
+
+          yarn install --frozen-lockfile --immutable
+      - name: Generate module and provider bindings
+        working-directory: ./cdktf
+        env:
+          TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
+        run: yarn get
+      - name: Synth Terraform CDK
+        working-directory: ./cdktf
+        env:
+          TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
+        run: yarn synth
+      - name: Remove tailscale from state
+        working-directory: ./cdktf
+        env:
+          TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
+        run: yarn remove-tailscale

From 1a25f015287c1b5dab1fb4d42b2aff48eec52738 Mon Sep 17 00:00:00 2001
From: Jon Prentice <4913666+jon77p@users.noreply.github.com>
Date: Tue, 10 Oct 2023 10:26:29 -0700
Subject: [PATCH 5/6] chore(cdktf/main): added description for generated
 tailscale auth keys

---
 cdktf/main.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cdktf/main.ts b/cdktf/main.ts
index 84b2ef913..8ed3e41c8 100644
--- a/cdktf/main.ts
+++ b/cdktf/main.ts
@@ -149,6 +149,7 @@ class InfrastructureStack extends TerraformStack {
         reusable: true,
         ephemeral: false,
         preauthorized: true,
+        description: "Generated by CDKTF in jon77p infrastructure",
         tags: ["tag:cdktf", "tag:ssh", "tag:oci"],
       }
     )

From f1dd16f572f6a8f5f90ac80589056658e2d95a8c Mon Sep 17 00:00:00 2001
From: Jon Prentice <4913666+jon77p@users.noreply.github.com>
Date: Tue, 10 Oct 2023 11:23:34 -0700
Subject: [PATCH 6/6] chore(ansible): moved tailscale_tailnet var to global
 scope

---
 ansible/{host_vars/localhost => group_vars/all}/tailscale.yml     | 0
 .../{host_vars/localhost => group_vars/all}/vault_tailscale.yml   | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename ansible/{host_vars/localhost => group_vars/all}/tailscale.yml (100%)
 rename ansible/{host_vars/localhost => group_vars/all}/vault_tailscale.yml (100%)

diff --git a/ansible/host_vars/localhost/tailscale.yml b/ansible/group_vars/all/tailscale.yml
similarity index 100%
rename from ansible/host_vars/localhost/tailscale.yml
rename to ansible/group_vars/all/tailscale.yml
diff --git a/ansible/host_vars/localhost/vault_tailscale.yml b/ansible/group_vars/all/vault_tailscale.yml
similarity index 100%
rename from ansible/host_vars/localhost/vault_tailscale.yml
rename to ansible/group_vars/all/vault_tailscale.yml