We are encountering a consistent failure when running terraform plan on our Genesys Cloud environment using the official genesyscloud provider. The issue appears to be related to the OAuth access token lifecycle. Our infrastructure state is substantial, comprising over 400 resources including users, skill groups, and routing configurations.
The execution proceeds without issue for approximately 12 minutes. At this point, the provider throws an authentication error, causing the entire plan to abort. The error message is as follows:
Error: Error retrieving user data: [401 Unauthorized] [401] Unauthorized
I have reviewed the provider configuration in our main.tf. We are utilizing the standard genesyscloud data source with client_id and client_secret stored in environment variables. The provider block is configured as expected:
provider "genesyscloud" {
client_id = var.genesys_client_id
client_secret = var.genesys_client_secret
region = "eu-west-1"
}
The default access token TTL for our OAuth client is set to 3600 seconds. The plan execution time exceeds this threshold when processing the full state. I attempted to mitigate this by reducing the batch size of resources, but the provider does not seem to have a configurable retry mechanism for token refresh within a single execution context. The token is fetched at the start of the run and does not appear to be refreshed automatically when it expires mid-execution.
Is there a recommended configuration or workaround for handling long-running Terraform operations that exceed the token lifetime? We are unable to modify the OAuth client settings to extend the TTL beyond the current limit due to security policies. The goal is to ensure the plan completes successfully without manual intervention or splitting the state into multiple smaller modules, which would complicate our CI/CD pipeline.