Does not need review yet: Update main.go #632
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These tests are occasionally running with an incorrect TFE_TOKEN env var: https://github.com/hashicorp/go-tfe/blob/main/.github/workflows/nightly-tfe-ci.yml#L108
As an example, you can see that this run https://github.com/hashicorp/go-tfe/actions/runs/3878869728/jobs/6615534375 is showing that some tests are failing with "unauthorized", which is a symptom of a token that is querying for an organization or other resource that is does not have privileges to.
This token, is an admin token, that is coming from the state outputs https://github.com/hashicorp/go-tfe/blob/main/.github/scripts/fetch_outputs/main.go#L42, that should have privileges to all the resources that are being managed on the tflocal instance.
Why would the tests sometimes run with the right token and not other times? The value is clearly not empty otherwise we would see another error, which means that the token must switching in the middle of the process.
This issue is not reproducible locally. Every time that I grab the token and the hostname from the state outputs and place them into my environment before running the tests, I get the regular test results, not the
unauthorized
errors.My goal, for next time that we run into "unauthorized", is to check against that the last digits of the token to either match them to the one we see in our workspace's state outputs or to another workspace.
Description
Testing plan
External links
Output from tests
Including output from tests may require access to a TFE instance. Ignore this section if you have no environment to test against.