deployment.digitalOcean.authToken has no effect

[nh2]

In

nixops/nixops/backends/digital_ocean.py

Lines 114 to 115 in da33620

	def get_auth_token(self):
	return os.environ.get('DIGITAL_OCEAN_AUTH_TOKEN', self.auth_token)

the auth token is obtained from an environment variable, with fallback to what looks like to be intended the nix property deployment.digitalOcean.authToken.

However just setting deployment.digitalOcean.authToken and not setting the env var DIGITAL_OCEAN_AUTH_TOKEN does not work. It fails with

Traceback (most recent call last):
  File "/nix/store/wzfspqbywcfwijiqzdqwf66p3h24vbl3-nixops/nixops/parallel.py", line 41, in thread_fun
    result_queue.put((worker_fun(t), None))
  File "/nix/store/wzfspqbywcfwijiqzdqwf66p3h24vbl3-nixops/nixops/deployment.py", line 917, in worker
    r.create(self.definitions[r.name], check=check, allow_reboot=allow_reboot, allow_recreate=allow_recreate)
  File "/nix/store/wzfspqbywcfwijiqzdqwf66p3h24vbl3-nixops/nixops/backends/digital_ocean.py", line 151, in create
    droplet.create()
  File "/nix/store/rcq003slawblsambn2x2mndz28r3374c-python2.7-python-digitalocean-1.10.1/lib/python2.7/site-packages/digitalocean/Droplet.py", line 539, in create
    self.name)
  File "/nix/store/rcq003slawblsambn2x2mndz28r3374c-python2.7-python-digitalocean-1.10.1/lib/python2.7/site-packages/digitalocean/Droplet.py", line 505, in __get_ssh_keys_id_or_fingerprint
    results = key.load_by_pub_key(ssh_key)
  File "/nix/store/rcq003slawblsambn2x2mndz28r3374c-python2.7-python-digitalocean-1.10.1/lib/python2.7/site-packages/digitalocean/SSHKey.py", line 51, in load_by_pub_key
    data = self.get_data("account/keys/")
  File "/nix/store/rcq003slawblsambn2x2mndz28r3374c-python2.7-python-digitalocean-1.10.1/lib/python2.7/site-packages/digitalocean/baseapi.py", line 125, in get_data
    req = self.__perform_request(url, type, params)
  File "/nix/store/rcq003slawblsambn2x2mndz28r3374c-python2.7-python-digitalocean-1.10.1/lib/python2.7/site-packages/digitalocean/baseapi.py", line 66, in __perform_request
    raise TokenError("No token provided. Please use a valid token")
TokenError: No token provided. Please use a valid token

This is because in the code above, the fallback-default self.auth_token references the corresponding field in the database, which hasn't been written yet, so it is None.

The Hetzner backend has a workaround for the same issue in create(), which I describe in https://github.com/NixOS/nixops/issues/490#issuecomment-381434938, but in general it seems this doesn't make too much sense and the general solution is as I describe in #627 (comment):

The solution appears easy:

Whenever making API requests, always check what's the correct, current API key by inspecting machine definition and environment variables.

I don't know why the API key is stored in the state (sqlite DB) at all. It seems unnecessary and the root cause of this problem.

That should also fix this issue.

[nh2]

PR that fixes the immediate problem in #927.

The general problem of #627 remains.