Docs Home
GitLab v8.5.0 published on Friday, Oct 18, 2024 by Pulumi
gitlab.GroupServiceAccountAccessToken
Explore with Pulumi AI
The gitlab.GroupServiceAccountAccessToken resource allows to manage the lifecycle of a group service account access token.
Use of the
timestamp()function with expires_at will cause the resource to be re-created with every apply, it’s recommended to useplantimestamp()or a static value instead.
Upstream API: GitLab API docs
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gitlab from "@pulumi/gitlab";
const example = new gitlab.Group("example", {
name: "example",
path: "example",
description: "An example group",
});
const example_sa = new gitlab.GroupServiceAccount("example-sa", {
group: example.id,
name: "example-name",
username: "example-username",
});
const example_sa_token = new gitlab.GroupServiceAccountAccessToken("example-sa-token", {
group: example.id,
userId: example_sa.id,
name: "Example personal access token",
expiresAt: "2020-03-14",
scopes: ["api"],
});
import pulumi
import pulumi_gitlab as gitlab
example = gitlab.Group("example",
name="example",
path="example",
description="An example group")
example_sa = gitlab.GroupServiceAccount("example-sa",
group=example.id,
name="example-name",
username="example-username")
example_sa_token = gitlab.GroupServiceAccountAccessToken("example-sa-token",
group=example.id,
user_id=example_sa.id,
name="Example personal access token",
expires_at="2020-03-14",
scopes=["api"])
package main
import (
"github.com/pulumi/pulumi-gitlab/sdk/v8/go/gitlab"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := gitlab.NewGroup(ctx, "example", &gitlab.GroupArgs{
Name: pulumi.String("example"),
Path: pulumi.String("example"),
Description: pulumi.String("An example group"),
})
if err != nil {
return err
}
_, err = gitlab.NewGroupServiceAccount(ctx, "example-sa", &gitlab.GroupServiceAccountArgs{
Group: example.ID(),
Name: pulumi.String("example-name"),
Username: pulumi.String("example-username"),
})
if err != nil {
return err
}
_, err = gitlab.NewGroupServiceAccountAccessToken(ctx, "example-sa-token", &gitlab.GroupServiceAccountAccessTokenArgs{
Group: example.ID(),
UserId: example_sa.ID(),
Name: pulumi.String("Example personal access token"),
ExpiresAt: pulumi.String("2020-03-14"),
Scopes: pulumi.StringArray{
pulumi.String("api"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using GitLab = Pulumi.GitLab;
return await Deployment.RunAsync(() =>
{
var example = new GitLab.Group("example", new()
{
Name = "example",
Path = "example",
Description = "An example group",
});
var example_sa = new GitLab.GroupServiceAccount("example-sa", new()
{
Group = example.Id,
Name = "example-name",
Username = "example-username",
});
var example_sa_token = new GitLab.GroupServiceAccountAccessToken("example-sa-token", new()
{
Group = example.Id,
UserId = example_sa.Id,
Name = "Example personal access token",
ExpiresAt = "2020-03-14",
Scopes = new[]
{
"api",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gitlab.Group;
import com.pulumi.gitlab.GroupArgs;
import com.pulumi.gitlab.GroupServiceAccount;
import com.pulumi.gitlab.GroupServiceAccountArgs;
import com.pulumi.gitlab.GroupServiceAccountAccessToken;
import com.pulumi.gitlab.GroupServiceAccountAccessTokenArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Group("example", GroupArgs.builder()
.name("example")
.path("example")
.description("An example group")
.build());
var example_sa = new GroupServiceAccount("example-sa", GroupServiceAccountArgs.builder()
.group(example.id())
.name("example-name")
.username("example-username")
.build());
var example_sa_token = new GroupServiceAccountAccessToken("example-sa-token", GroupServiceAccountAccessTokenArgs.builder()
.group(example.id())
.userId(example_sa.id())
.name("Example personal access token")
.expiresAt("2020-03-14")
.scopes("api")
.build());
}
}
resources:
example:
type: gitlab:Group
properties:
name: example
path: example
description: An example group
example-sa:
type: gitlab:GroupServiceAccount
properties:
group: ${example.id}
name: example-name
username: example-username
example-sa-token:
type: gitlab:GroupServiceAccountAccessToken
properties:
group: ${example.id}
userId: ${["example-sa"].id}
name: Example personal access token
expiresAt: 2020-03-14
scopes:
- api
Create GroupServiceAccountAccessToken Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GroupServiceAccountAccessToken(name: string, args: GroupServiceAccountAccessTokenArgs, opts?: CustomResourceOptions);@overload
def GroupServiceAccountAccessToken(resource_name: str,
args: GroupServiceAccountAccessTokenArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GroupServiceAccountAccessToken(resource_name: str,
opts: Optional[ResourceOptions] = None,
group: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
user_id: Optional[int] = None,
expires_at: Optional[str] = None,
name: Optional[str] = None)func NewGroupServiceAccountAccessToken(ctx *Context, name string, args GroupServiceAccountAccessTokenArgs, opts ...ResourceOption) (*GroupServiceAccountAccessToken, error)public GroupServiceAccountAccessToken(string name, GroupServiceAccountAccessTokenArgs args, CustomResourceOptions? opts = null)
public GroupServiceAccountAccessToken(String name, GroupServiceAccountAccessTokenArgs args)
public GroupServiceAccountAccessToken(String name, GroupServiceAccountAccessTokenArgs args, CustomResourceOptions options)
type: gitlab:GroupServiceAccountAccessToken
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GroupServiceAccountAccessTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GroupServiceAccountAccessTokenArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GroupServiceAccountAccessTokenArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GroupServiceAccountAccessTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GroupServiceAccountAccessTokenArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var groupServiceAccountAccessTokenResource = new GitLab.GroupServiceAccountAccessToken("groupServiceAccountAccessTokenResource", new()
{
Group = "string",
Scopes = new[]
{
"string",
},
UserId = 0,
ExpiresAt = "string",
Name = "string",
});
example, err := gitlab.NewGroupServiceAccountAccessToken(ctx, "groupServiceAccountAccessTokenResource", &gitlab.GroupServiceAccountAccessTokenArgs{
Group: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
UserId: pulumi.Int(0),
ExpiresAt: pulumi.String("string"),
Name: pulumi.String("string"),
})
var groupServiceAccountAccessTokenResource = new GroupServiceAccountAccessToken("groupServiceAccountAccessTokenResource", GroupServiceAccountAccessTokenArgs.builder()
.group("string")
.scopes("string")
.userId(0)
.expiresAt("string")
.name("string")
.build());
group_service_account_access_token_resource = gitlab.GroupServiceAccountAccessToken("groupServiceAccountAccessTokenResource",
group="string",
scopes=["string"],
user_id=0,
expires_at="string",
name="string")
const groupServiceAccountAccessTokenResource = new gitlab.GroupServiceAccountAccessToken("groupServiceAccountAccessTokenResource", {
group: "string",
scopes: ["string"],
userId: 0,
expiresAt: "string",
name: "string",
});
type: gitlab:GroupServiceAccountAccessToken
properties:
expiresAt: string
group: string
name: string
scopes:
- string
userId: 0
GroupServiceAccountAccessToken Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GroupServiceAccountAccessToken resource accepts the following input properties:
- Group string
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- Scopes List<string>
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - User
Id int - The ID of a service account user.
- Expires
At string - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- Name string
- The name of the personal access token.
- Group string
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- Scopes []string
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - User
Id int - The ID of a service account user.
- Expires
At string - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- Name string
- The name of the personal access token.
- group String
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- scopes List<String>
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - user
Id Integer - The ID of a service account user.
- expires
At String - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- name String
- The name of the personal access token.
- group string
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- scopes string[]
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - user
Id number - The ID of a service account user.
- expires
At string - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- name string
- The name of the personal access token.
- group str
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- scopes Sequence[str]
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - user_
id int - The ID of a service account user.
- expires_
at str - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- name str
- The name of the personal access token.
- group String
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- scopes List<String>
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - user
Id Number - The ID of a service account user.
- expires
At String - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- name String
- The name of the personal access token.
Outputs
All input properties are implicitly available as output properties. Additionally, the GroupServiceAccountAccessToken resource produces the following output properties:
- Active bool
- True if the token is active.
- Created
At string - Time the token has been created, RFC3339 format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Revoked bool
- True if the token is revoked.
- Token string
- The token of the group service account access token. Note: the token is not available for imported resources.
- Active bool
- True if the token is active.
- Created
At string - Time the token has been created, RFC3339 format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Revoked bool
- True if the token is revoked.
- Token string
- The token of the group service account access token. Note: the token is not available for imported resources.
- active Boolean
- True if the token is active.
- created
At String - Time the token has been created, RFC3339 format.
- id String
- The provider-assigned unique ID for this managed resource.
- revoked Boolean
- True if the token is revoked.
- token String
- The token of the group service account access token. Note: the token is not available for imported resources.
- active boolean
- True if the token is active.
- created
At string - Time the token has been created, RFC3339 format.
- id string
- The provider-assigned unique ID for this managed resource.
- revoked boolean
- True if the token is revoked.
- token string
- The token of the group service account access token. Note: the token is not available for imported resources.
- active bool
- True if the token is active.
- created_
at str - Time the token has been created, RFC3339 format.
- id str
- The provider-assigned unique ID for this managed resource.
- revoked bool
- True if the token is revoked.
- token str
- The token of the group service account access token. Note: the token is not available for imported resources.
- active Boolean
- True if the token is active.
- created
At String - Time the token has been created, RFC3339 format.
- id String
- The provider-assigned unique ID for this managed resource.
- revoked Boolean
- True if the token is revoked.
- token String
- The token of the group service account access token. Note: the token is not available for imported resources.
Look up Existing GroupServiceAccountAccessToken Resource
Get an existing GroupServiceAccountAccessToken resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GroupServiceAccountAccessTokenState, opts?: CustomResourceOptions): GroupServiceAccountAccessToken@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
active: Optional[bool] = None,
created_at: Optional[str] = None,
expires_at: Optional[str] = None,
group: Optional[str] = None,
name: Optional[str] = None,
revoked: Optional[bool] = None,
scopes: Optional[Sequence[str]] = None,
token: Optional[str] = None,
user_id: Optional[int] = None) -> GroupServiceAccountAccessTokenfunc GetGroupServiceAccountAccessToken(ctx *Context, name string, id IDInput, state *GroupServiceAccountAccessTokenState, opts ...ResourceOption) (*GroupServiceAccountAccessToken, error)public static GroupServiceAccountAccessToken Get(string name, Input<string> id, GroupServiceAccountAccessTokenState? state, CustomResourceOptions? opts = null)public static GroupServiceAccountAccessToken get(String name, Output<String> id, GroupServiceAccountAccessTokenState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Active bool
- True if the token is active.
- Created
At string - Time the token has been created, RFC3339 format.
- Expires
At string - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- Group string
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- Name string
- The name of the personal access token.
- Revoked bool
- True if the token is revoked.
- Scopes List<string>
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - Token string
- The token of the group service account access token. Note: the token is not available for imported resources.
- User
Id int - The ID of a service account user.
- Active bool
- True if the token is active.
- Created
At string - Time the token has been created, RFC3339 format.
- Expires
At string - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- Group string
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- Name string
- The name of the personal access token.
- Revoked bool
- True if the token is revoked.
- Scopes []string
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - Token string
- The token of the group service account access token. Note: the token is not available for imported resources.
- User
Id int - The ID of a service account user.
- active Boolean
- True if the token is active.
- created
At String - Time the token has been created, RFC3339 format.
- expires
At String - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- group String
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- name String
- The name of the personal access token.
- revoked Boolean
- True if the token is revoked.
- scopes List<String>
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - token String
- The token of the group service account access token. Note: the token is not available for imported resources.
- user
Id Integer - The ID of a service account user.
- active boolean
- True if the token is active.
- created
At string - Time the token has been created, RFC3339 format.
- expires
At string - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- group string
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- name string
- The name of the personal access token.
- revoked boolean
- True if the token is revoked.
- scopes string[]
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - token string
- The token of the group service account access token. Note: the token is not available for imported resources.
- user
Id number - The ID of a service account user.
- active bool
- True if the token is active.
- created_
at str - Time the token has been created, RFC3339 format.
- expires_
at str - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- group str
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- name str
- The name of the personal access token.
- revoked bool
- True if the token is revoked.
- scopes Sequence[str]
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - token str
- The token of the group service account access token. Note: the token is not available for imported resources.
- user_
id int - The ID of a service account user.
- active Boolean
- True if the token is active.
- created
At String - Time the token has been created, RFC3339 format.
- expires
At String - The personal access token expiry date. When left blank, the token follows the standard rule of expiry for personal access tokens.
- group String
- The ID or URL-encoded path of the group containing the service account. Must be a top level group.
- name String
- The name of the personal access token.
- revoked Boolean
- True if the token is revoked.
- scopes List<String>
- The scopes of the group service account access token. valid values are:
api,read_api,read_registry,write_registry,read_repository,write_repository,create_runner,manage_runner,ai_features,k8s_proxy,read_observability,write_observability - token String
- The token of the group service account access token. Note: the token is not available for imported resources.
- user
Id Number - The ID of a service account user.
Import
$ pulumi import gitlab:index/groupServiceAccountAccessToken:GroupServiceAccountAccessToken You can import a service account access token using `<resource> <id>`. The
id is in the form of <group_id>:<service_account_id>:<access_token_id>
Importing an access token does not import the access token value.
$ pulumi import gitlab:index/groupServiceAccountAccessToken:GroupServiceAccountAccessToken example 1:2:3
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- GitLab pulumi/pulumi-gitlab
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
gitlabTerraform Provider.