"Invalid token, parse" error while trying to run `terraform import`

[madelaney]

Describe the bug

• Terraform - 1.7.5 (macOS)
• Artifactory Platform provider - 1.4.1

While trying to run "terraform import" on a platform_permission resource, I'm getting the following error:

Error: {
  "errors" : [ {
    "code" : "UNAUTHORIZED",
    "message" : "Invalid token, parse"
  } ]
}

I should note that my token, that I'm passing in, has let me create repository resources so the token is value.

I've created a gist https://gist.github.com/madelaney/3ea8e36c0789fa96341b7b7dd2d89622 which should reproduce the error

Artifatory Version

jf rt curl api/system/version | jq .version
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   975    0   975    0     0  12981      0 --:--:-- --:--:-- --:--:-- 12828
"7.71.11"

Requirements for and issue

• [X] A description of the bug
• [X] A fully functioning terraform snippet that can be copy&pasted (no outside files or ENV vars unless that's part of the issue). If this is not supplied, this issue will likely be closed without any effort expended.
• [X] Your version of artifactory (you can curl it at $host/artifactory/api/system/version
• [X] Your version of terraform
• [X] Your version of terraform provider

Expected behavior I'd expect the resource to get imported but instead, I get the error.

Additional context Add any other context about the problem here.

[alexhung]

@madelaney I am unable to reproduce this issue locally.

Using an admin token (set in env var JFROG_ACCESS_TOKEN), I am able to import a permission from my local Artifactory instance.

terraform {
  required_providers {
    platform = {
      source  = "jfrog/platform"
      version = "1.4.1"
    }
  }
}

provider "platform" {
  // supply JFROG_ACCESS_TOKEN as env var
}

resource "platform_permission" "my-permission" {
  name = "my-permission-name"

  artifact = {
    targets = [
      {
        name = "alexh-docker-local"
        include_patterns = ["**"]
      },
      {
        name = "ALL-LOCAL"
        include_patterns = ["**", "*.js"]
      },
      {
        name = "ALL-REMOTE"
        include_patterns = ["**", "*.js"]
      },
      {
        name = "ALL-DISTRIBUTION"
        include_patterns = ["**", "*.js"]
      }
    ]
  }
}

Then:

terraform import platform_permission.my-permission my-permission-name

I don't see the variable artifactory_access_token being set to any value in your snippet, I assume that is set somewhere. I suggest making sure that variable is set to the correct token.

[alexhung]

@madelaney When I use curl to make the API request with incorrect token, I get the expected error:

[madelaney]

I don't see the variable artifactory_access_token being set to any value in your snippet, I assume that is set somewhere. I suggest making sure that variable is set to the correct token.

The token is being passed in via terraform.tfvars. I also tried via setting JFROG_ACCESS_TOKEN, I get the same issue.

The token seems correct as the artifactory provider was happy with it when I was able to create groups / users / repositories. It's only the platform provider that seems unhappy.

[madelaney]

@alexhung , can I use the same access token for both the Artifactory and Platform provider?

[alexhung]

@madelaney Per the REST API, the platform_permission resource requires access token with admin permission. This is likely the cause of the error.

[madelaney]

@alexhung , I'm pretty sure it has admin right. I shouldn't be able to create users / groups / repositories if it wasn't an admin token, right?

(I don't mean to sound like a jerk, I'm just confused)

[alexhung]

@madelaney I am using a token scoped to admin user and did not get any error per screenshot above. I don't believe it's an issue from the provider or the resource but I also don't have any answer to your issue.

[madelaney]

@alexhung , okay, I found it.

I was using an API token that was generated from the admin user originally. The API token was not working with the platform provider. If I create an admin access scoped token that value works with both.

I did see that the API token was being deprecated (https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#api-key-deprecated) but since the Artifactory provider, I didn't think much of it. Maybe this is a side-effect.

[alexhung]

@madelaney The API key will be deprecated by end of this year. When its support is removed by end of 2024, the artifactory_api_key resource will be removed as well.

If you are still using API key, please make plans to migrate to access tokens. Our development and testing process has been using access token since the announcement of API key deprecate in 2022(?).