Add org token roate and permissions acl to signalfx_org_token

[leij-splunk]

Add org token rotation to TF provider
https://api.{REALM}.signalfx.com/v2/token/{name}/rotate
Add org token permissions to TF provider
https://dev.splunk.com/observability/reference/api/org_tokens/latest

[anelson-splunk]

It would be nice if state can store the original token as well as the new token so there is a way to access it before it actually expires if the 30 day overlap is set in the API...

[navtej-splunk]

Hi @leij-splunk & @anelson-splunk,

Thank You for bringing up the issues regarding org token rotation and permissions. Can you help add more details on the specific use cases or scenarios where org token rotation and permissions are needed? This will help us in addressing your request more effectively.
Looking forward to your inputs!

Best,
Navtej

[leij-splunk]

Hi @navtej-splunk

1. permissions acl
   Currently, with the Terraform provider we are using, there is no built-in way to grant a team/user access to the tokens created by Terraform.

• API Doc

  permissions : objectList of authorizations for this org token, in the form of a JSON array of JSON objects. Each object specifies an authorization, the ID that can perform the action, and the type of ID.
  

• UI:
  

2. Token rotate
   The Terraform provider does not offer an automatic rotation capability to handle the token rotation process.

• API Doc
  • token rotate: Generates a new token secret for the token specified by the name path parameter, and de-authorizes the previous token secret.
  • graceful : Time interval, in seconds, during which the old secret continues to function