github-mirrors/terraform-provider-bitbucket
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-provider-bitbucket.git synced 2026-05-26 17:39:26 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

Added check if token is close to expire

Browse Source
This commit is contained in:
kardinal
2025-11-12 14:00:42 +01:00
parent 84725d51cf
commit e1433bcf5e
1 changed files with 9 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
resource_token.go
+4 -19
View File
@@ -196,18 +196,6 @@ func getTokenByName(tokens []tokenInfo, name string) *tokenInfo {
return nil return nil
} }
// getLatestByExpiry picks the token with the highest expiry.
func getLatestByExpiry(tokens []tokenInfo) *tokenInfo {
var latest *tokenInfo
for i := range tokens {
if latest == nil || tokens[i].ExpiryMs > latest.ExpiryMs {
copy := tokens[i]
latest = &copy
}
}
return latest
}
// createToken creates a new access token and returns (secret, name, expiryMs). // createToken creates a new access token and returns (secret, name, expiryMs).
func (r *BitbucketTokenResource) createToken(auth, baseURL, project, repo, prefix string) (string, string, int64, error) { func (r *BitbucketTokenResource) createToken(auth, baseURL, project, repo, prefix string) (string, string, int64, error) {
putURL := fmt.Sprintf("%s/rest/access-tokens/latest/projects/%s/repos/%s", baseURL, project, repo) putURL := fmt.Sprintf("%s/rest/access-tokens/latest/projects/%s/repos/%s", baseURL, project, repo)
@@ -284,33 +272,30 @@ func (r *BitbucketTokenResource) ensureToken(data *BitbucketTokenResourceModel)
} }
nowMs := time.Now().UnixMilli() nowMs := time.Now().UnixMilli()
thresholdMs := int64(30 * 24 * time.Hour / time.Millisecond)
// If we already have a specific token tracked in state, check it first.
stateName := data.CurrentTokenName.ValueString() stateName := data.CurrentTokenName.ValueString()
stateSecret := data.Token.ValueString() stateSecret := data.Token.ValueString()
if stateName != "" && stateSecret != "" { if stateName != "" && stateSecret != "" {
if t := getTokenByName(tokens, stateName); t != nil && t.ExpiryMs > nowMs { if t := getTokenByName(tokens, stateName); t != nil {
// Still valid → reuse secret from state. timeLeft := t.ExpiryMs - nowMs
if timeLeft > thresholdMs {
data.Token = types.StringValue(stateSecret) data.Token = types.StringValue(stateSecret)
data.CurrentTokenName = types.StringValue(t.Name) data.CurrentTokenName = types.StringValue(t.Name)
data.CurrentTokenExpiry = types.Int64Value(t.ExpiryMs) data.CurrentTokenExpiry = types.Int64Value(t.ExpiryMs)
return data, nil return data, nil
} }
// If expired or missing → try to delete it (best effort).
if t := getTokenByName(tokens, stateName); t != nil && t.ExpiryMs <= nowMs {
_ = r.deleteToken(r.authHeader, r.serverURL, project, repo, stateName) _ = r.deleteToken(r.authHeader, r.serverURL, project, repo, stateName)
} }
} }
// Clean up all expired tokens with this prefix before creating a new one.
for _, t := range tokens { for _, t := range tokens {
if t.ExpiryMs <= nowMs { if t.ExpiryMs <= nowMs {
_ = r.deleteToken(r.authHeader, r.serverURL, project, repo, t.Name) _ = r.deleteToken(r.authHeader, r.serverURL, project, repo, t.Name)
} }
} }
// Create a new token and record its secret + metadata.
secret, newName, expiry, err := r.createToken(r.authHeader, r.serverURL, project, repo, prefix) secret, newName, expiry, err := r.createToken(r.authHeader, r.serverURL, project, repo, prefix)
if err != nil { if err != nil {
return nil, err return nil, err