Error: HTTP 400 :: maximum active login tokens

[chen23]

Environment

• TMOS/Bigip Version: 15.1.2
• Terraform Version: 0.13.5
• Terraform bigip provider Version: 1.5.0

Summary

When using token authentication the bigip provider does not delete the token after completion. This can lead to a situation (after multiple terraform runs) where you will get an error of "maximum active login tokens". This is very similar to: https://github.com/F5Networks/f5-ansible/issues/269

Steps To Reproduce

Steps to reproduce the behavior:

1. start with token_auth enabled

   provider "bigip" {
   address  = "https://${var.address}:${var.port}"
   token_auth = true
   username = var.username
   password = var.password
   }

2. generate many terraform calls until you see

   Error: HTTP 400 :: {"code":400,"message":"user 290107b2-852b-3179-8cce-42cae972295b has reached maximum active login tokens","referer":"10.1.1.8","restOperationId":7941661,"kind":":resterrorresponse"}

Expected Behavior

tokens will be removed after completion of task

Actual Behavior

tokens stack up

[papineni87]

Tracking with INFRAANO-42

[nmenant]

Eric,

After discussing this with the Hashicorp team, it doesn't seem like there is a way to "cleanup" the environment after Terraform is done executing its work. They work on a "long" term plan to provide a way for organization to cleanup their environment but it doesn't seem like it will happen soon.

[chen23]

That is unfortunate. The other suggested alternative would be to allow an end-user to specify the token value. This could allow one to request a token and extend the expiration out of band from terraform. For most use cases this is not an issue, but if you use Consul Terraform Sync / Network Infrastructure Automations the token will stack up.