TOKEN creation for circleci cli

To create a runner the docs have you

  • set up circleci cli which needs a personal token to be created via the web gui.
  • set up the namespace name against your vcs
  • create a runner class via a command with the following format

circleci runner resource-class create <name/<resource-class --generate-token
(> removed from the name/resource-class as formating goes wrong)

Unlike the personal token there does not seem to be any way to delete or list tokens created by the ‘–generate-token’ cli switch. This seems a non-issue until you try and delete a runner class as you get the error

 Error: resource class <name>/<resource-class> still has tokens in use

The cli docs do not really detail what the generated token is for or how to manage it in the future. The fact that there seems no way to delete a generated token means that there seems no way to delete a defined runner.

To expand on this report

If I setup circleci cli with a personal token as normal and then create the resource-class without the --generate-token flag I am able to delete the created resource-class without any problems.

Again the limited documentation makes this all very unclear - the personal token is far easier to use as it is managed via the web interface and is placed in .circleci/cli.yml during setup, so currently there is no clear reason to use the API token.

Yet more feedback

It seems that the key produced by using the --generate-token flag is the key that must be placed into the launch-agent-config.yaml file to get a runner to work. This does raise a few issues

  • With a system that already has an API Token for Personal and Project API access it may be better to add a little more documentation in regards to something that just gets named AUTH_TOKEN.

  • The key is not returned in a script friendly way, so it can not easily be retrieved and used during a setup process. Instead, it is output in the middle of a lot of boilerplate text and info - scraping it is possible, but the tool should just be coded better.

  • IF THIS IS A TOKEN TO THE V2 API interface (rather unclear) there needs to be a way to list and revoke keys - THE API ALLOWS FOR CONFIGURATION MODIFICATION AND DELETION.

The last issue is rather key - to create runners I must generate API tokens that gain read/write access to my environment, but it seems that I have no way to manage/revoke the resulting keys for the lifetime of my use of the service.