search

pulumi / pulumi-pulumiservice

https://pulumi.com
Apache License 2.0
13 stars 6 forks source link

OrgAccessToken cannot be re-created #389

Closed jkodroff closed 1 month ago

jkodroff commented 1 month ago

What happened?

It looks like OrgAccessToken is a soft delete because when I try to recreate a token with the same name, I get:

  pulumiservice:index:OrgAccessToken (pulumi-org-token):
    error: error creating access token 'gitlab-ci-cd': failed to create access token: 409 API error: Conflict: token name already exists

This resource could really use autonaming, per #110.

Example

const pulumiOrgToken = new pulumicloud.OrgAccessToken("pulumi-org-token", {
  name: "gitlab-ci-cd",
  organizationName: pulumiOrg,
  admin: false,
  description: "Used by GitLab CI/CD"
});
pulumi up -y
pulumi destroy -y
pulumi up -y

Output of pulumi about

CLI          
Version      3.129.0
Go Version   go1.22.6
Go Compiler  gc

Plugins
KIND      NAME           VERSION
resource  aws            6.6.1
resource  command        1.0.1
resource  gitlab         8.3.0
language  nodejs         unknown
resource  pulumiservice  0.23.2

Host     
OS       darwin
Version  14.6.1
Arch     arm64

This project is written in nodejs: executable='/opt/homebrew/bin/node' version='v22.5.1'

Current Stack: jkodrofftest/pulumi-cloud-gitlab-integration/dev

TYPE                            URN
pulumi:pulumi:Stack             urn:pulumi:dev::pulumi-cloud-gitlab-integration::pulumi:pulumi:Stack::pulumi-cloud-gitlab-integration-dev
pulumi:providers:aws            urn:pulumi:dev::pulumi-cloud-gitlab-integration::pulumi:providers:aws::default_6_6_1
pulumi:providers:pulumiservice  urn:pulumi:dev::pulumi-cloud-gitlab-integration::pulumi:providers:pulumiservice::default_0_23_2
pulumi:providers:gitlab         urn:pulumi:dev::pulumi-cloud-gitlab-integration::pulumi:providers:gitlab::default_8_3_0
pulumi:providers:command        urn:pulumi:dev::pulumi-cloud-gitlab-integration::pulumi:providers:command::default_1_0_1

Found no pending operations associated with dev

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/josh-pulumi-corp
User           josh-pulumi-corp
Organizations  josh-pulumi-corp, jkodrofftest, pulumi-gl-demo-2024-08, aws-partnership, zephyr, jkodroff-team, pulumi
Token type     personal

Dependencies:
NAME                   VERSION
@pulumi/pulumi         3.91.0
@pulumi/pulumiservice  0.23.2
@types/node            16.18.59
@pulumi/aws            6.6.1
@pulumi/command        1.0.1
@pulumi/gitlab         8.3.0

Pulumi locates its logs in /var/folders/5m/4n1x3f8151s35wc80w06z5k80000gn/T/ by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

jkodroff commented 1 month ago

Workaround:

const randomString = new random.RandomString("org-token-suffix", {
  length: 6,
  lower: true,
  numeric: true,
});

const pulumiOrgToken = new pulumicloud.OrgAccessToken("pulumi-org-token", {
  name: pulumi.interpolate`gitlab-ci-cd-${randomString.result}`,
  organizationName: pulumiOrg,
  admin: false,
  description: "Used by GitLab CI/CD"
});
komalali commented 1 month ago

This is a duplicate of https://github.com/pulumi/pulumi-pulumiservice/issues/110 - org access tokens (and access tokens in general) need to be uniquely named so audit logs can remain accurate.