Add script to renew api-token for gitlab #46
Conversation
|
It's great to see preemptive action being take to improve token renewals in the future! ❤️ 🏆 |
| user_id="$(_get_id_from_username "${username}")" | ||
| local name="CI token" | ||
|
|
||
| impersonation_tokens=$(curl -sSL --header "${TOKEN_HEADER}" \ |
There was a problem hiding this comment.
Expired token may be removed from gitlab and therefore return something like:
{"error":"invalid_token","error_description":"Token is expired. You can either do re-authorization or token refresh."}
There was a problem hiding this comment.
This method is used as well for logging expired date of tokens.
NOTE: expired tokens are not visible from the UI, but the API returns a full list.
heurtematte
force-pushed
the
feat/gitlab_api_token_renew
branch
from
a1ece31
to
bc9cccd
Compare
Signed-off-by: sebastien.heurtematte <[email protected]>
heurtematte
force-pushed
the
feat/gitlab_api_token_renew
branch
from
bc9cccd
to
dee29b8
Compare
|
I'm a bit confused why vault is being queried for the current token, but the renewed token is only stored in pass. 🤔 |
|
Vault (secretsmanager) is only used to list the paths to the existing API token key, not for reading purposes. This is more of a preparation for the transition to the secrets manager. |
Signed-off-by: sebastien.heurtematte <[email protected]>
gitlab/gitlab_admin.sh
Outdated
| @@ -263,7 +263,7 @@ check_api_token_validity() { | |||
| echo "CI Token ${username}(${user_id}) expired or revoked: $expires_at" | |||
| exit 1 | |||
| else | |||
| echo "CI Token ${username}(${user_id}) is still valid, expired: $expires_at" | |||
| echo "CI Token ${username}(${user_id}) is still valid, expired on: $expires_at" | |||
There was a problem hiding this comment.
Sorry for nitpicking, but it's a statement about the future, hence it should be: is still valid, will expire on:
Signed-off-by: sebastien.heurtematte <[email protected]>
Renew GitLab API token for the bot user of the project <project_id> or all projects bots registered in the secretsmanager and all related tools: jenkins and otterdog (github org)
e.g:
Renew the token and update tools for the project
technology.cbi:Renew the token and update tools for all projects bots registered in the secretsmanager
Options:
-f: force regeneration of token-t: keep token and force update on tools