Digital ocean api has been pretty erratic in history. They randomly keep adding new access controls to the API with zero backward compatibility.
This time what I am trying to do is these:
doctl auth remove --context default
doctl auth init
doctl kubernetes cluster kubeconfig save mycluster
But it is just failing with error:
Error:
GET https://api.digitalocean.com/v2/kubernetes/clusters/***** 403 (request "*****" ) You are not authorized to perform this operation.
Our automation which was just working so far stopped working. I will need to figure out now what permission to assign to a new token and propagate that token to all the automations.
If you know what's the setting that needs to be enabled please let me know. Thank you for your effort!
The error 403 (request "*****" ) You are not authorized to perform this operation due to the API token not having the required permissions. So you need to check if the API key has the necessary permissions.Make sure the token you are using has both read and write access permissions to kubernetes.
As per this Digital ocean blog digital ocean recently added custom scopes for tokens. If your token was created long back it might not include the new scopes automatically.
Previously, DigitalOcean personal access tokens (PATs) had two scopes: read access to all team resources or full (read and write) access to all team resources.
Custom scopes grant more specific permissions, like only creating Droplets or updating cloud firewalls, which lets you secure your workflows by granting only the permissions the token needs and restricting access to other resources and actions.
If you missed a required scope the API may reject with a 403 or 422 Unprocessable Entity errors
Refer to this update from Digital ocean about Breaking Change to Fix DigitalOcean API Incomplete Resource Authorization Issue.
To resolve your issue You may need to recreate API tokens with additional scopes to retain the same functionality, depending on your use cases.