terraform-provider-grafana icon indicating copy to clipboard operation
terraform-provider-grafana copied to clipboard

Published 20 hours ago verified publisher icon grafana

[Feature Request]: Automatic token rotations via taint

Open julienduchesne opened this issue 1 year ago • 1 comments

Feature Request

Resources:

  • grafana_service_account_token
  • grafana_cloud_access_policy_token
  • grafana_cloud_stack_service_account_token

On these resources, it's possible to set a token expiration but it's up to the user to taint the resource and reapply it. For users that have automatic drift detection (and resolution), a way to automatically taint and reapply these resources would allow for rotation

I propose a rotation_time_before_expiration which will allow users to set an expiration and also a duration that will trigger a rotation if (current time - expiration timer) is lesser than that rotation time. For example, an expiration time of 30d and a rotation time of 7d means that the token will be rotated via taint after 23d (7d from expiration)

julienduchesne avatar Jul 22 '24 17:07 julienduchesne