pulumi-gitlab-kotlin/com.pulumi.gitlab.kotlin/GroupServiceAccountAccessTokenArgs

GroupServiceAccountAccessTokenArgs

data class GroupServiceAccountAccessTokenArgs(val expiresAt: Output<String>? = null, val group: Output<String>? = null, val name: Output<String>? = null, val rotationConfiguration: Output<GroupServiceAccountAccessTokenRotationConfigurationArgs>? = null, val scopes: Output<List<String>>? = null, val userId: Output<Int>? = null) : ConvertibleToJava<GroupServiceAccountAccessTokenArgs>

The gitlab.GroupServiceAccountAccessToken resource allows to manage the lifecycle of a group service account access token.

Use of the timestamp() function with expires_at will cause the resource to be re-created with every apply, it's recommended to use plantimestamp() or a static value instead. Reading the access token status of a service account requires an admin token or a top-level group owner token on gitlab.com. As a result, this resource will ignore permission errors when attempting to read the token status, and will rely on the values in state instead. This can lead to apply-time failures if the token configured for the provider doesn't have permissions to rotate tokens for the service account. Use rotation_configuration to automatically rotate tokens instead of using timestamp() as timestamp will cause changes with every plan. pulumi up must still be run to rotate the token. Due to a limitation in the API, the rotation_configuration is unable to set the new expiry date before GitLab 17.9. Instead, when the resource is created, it will default the expiry date to 7 days in the future. On each subsequent apply, the new expiry will be 7 days from the date of the apply. Upstream API: GitLab API docs

Import

Starting in Terraform v1.5.0 you can use an import block to import gitlab_group_service_account_access_token. For example: terraform import { to = gitlab_group_service_account_access_token.example id = "see CLI command below for ID" } Import using the CLI is supported using the following syntax:

$ pulumi import gitlab:index/groupServiceAccountAccessToken:GroupServiceAccountAccessToken You can import a service account access token using `<resource> <id>`. The
Content copied to clipboard

id is in the form of :: Importing an access token does not import the access token value.

$ pulumi import gitlab:index/groupServiceAccountAccessToken:GroupServiceAccountAccessToken example 1:2:3
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(expiresAt: Output<String>? = null, group: Output<String>? = null, name: Output<String>? = null, rotationConfiguration: Output<GroupServiceAccountAccessTokenRotationConfigurationArgs>? = null, scopes: Output<List<String>>? = null, userId: Output<Int>? = null)

Properties

Link copied to clipboard
val expiresAt: Output<String>? = null

The service account access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.

Link copied to clipboard
val group: Output<String>? = null

The ID or URL-encoded path of the group containing the service account. Must be a top level group.

Link copied to clipboard
val name: Output<String>? = null

The name of the personal access token.

Link copied to clipboard
val rotationConfiguration: Output<GroupServiceAccountAccessTokenRotationConfigurationArgs>? = null

The configuration for when to rotate a token automatically. Will not rotate a token until pulumi up is run.

Link copied to clipboard
val scopes: Output<List<String>>? = null

The scopes of the group service account access token. valid values are: api, read_api, read_registry, write_registry, read_repository, write_repository, create_runner, manage_runner, ai_features, k8s_proxy, read_observability, write_observability

Link copied to clipboard
val userId: Output<Int>? = null

The ID of a service account user.

Functions

Link copied to clipboard
open override fun toJava(): GroupServiceAccountAccessTokenArgs