pulumi-gitlab-kotlin/com.pulumi.gitlab.kotlin/GroupServiceAccountAccessToken

GroupServiceAccountAccessToken

class GroupServiceAccountAccessToken : KotlinCustomResource

The gitlab.GroupServiceAccountAccessToken resource allows to manage the lifecycle of a group service account access token.

Use of the timestamp() function with expires_at will cause the resource to be re-created with every apply, it's recommended to use plantimestamp() or a static value instead. Reading the access token status of a service account requires an admin token or a top-level group owner token on gitlab.com. As a result, this resource will ignore permission errors when attempting to read the token status, and will rely on the values in state instead. This can lead to apply-time failures if the token configured for the provider doesn't have permissions to rotate tokens for the service account. Use rotation_configuration to automatically rotate tokens instead of using timestamp() as timestamp will cause changes with every plan. pulumi up must still be run to rotate the token. Due to a limitation in the API, the rotation_configuration is unable to set the new expiry date before GitLab 17.9. Instead, when the resource is created, it will default the expiry date to 7 days in the future. On each subsequent apply, the new expiry will be 7 days from the date of the apply. Upstream API: GitLab API docs

Import

Starting in Terraform v1.5.0 you can use an import block to import gitlab_group_service_account_access_token. For example: terraform import { to = gitlab_group_service_account_access_token.example id = "see CLI command below for ID" } Import using the CLI is supported using the following syntax:

$ pulumi import gitlab:index/groupServiceAccountAccessToken:GroupServiceAccountAccessToken You can import a service account access token using `<resource> <id>`. The

id is in the form of :: Importing an access token does not import the access token value.

$ pulumi import gitlab:index/groupServiceAccountAccessToken:GroupServiceAccountAccessToken example 1:2:3

Properties

active

val active: Output<Boolean>

True if the token is active.

createdAt

val createdAt: Output<String>

Time the token has been created, RFC3339 format.

expiresAt

val expiresAt: Output<String>

The service account access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.

group

val group: Output<String>

The ID or URL-encoded path of the group containing the service account. Must be a top level group.

val id: Output<String>

name

val name: Output<String>

The name of the personal access token.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

revoked

val revoked: Output<Boolean>

True if the token is revoked.

rotationConfiguration

val rotationConfiguration: Output<GroupServiceAccountAccessTokenRotationConfiguration>?

The configuration for when to rotate a token automatically. Will not rotate a token until pulumi up is run.

scopes

val scopes: Output<List<String>>

The scopes of the group service account access token. valid values are: api, read_api, read_registry, write_registry, read_repository, write_repository, create_runner, manage_runner, ai_features, k8s_proxy, read_observability, write_observability

token

val token: Output<String>

The token of the group service account access token. Note: the token is not available for imported resources.

urn

val urn: Output<String>

userId

val userId: Output<Int>

The ID of a service account user.