gitlab_personal_access_token requires forces recreation when setting a rotation_configuration
PAT rotation can be managed through the API by the user owning the PAT, or by an instance admin user.
However, when trying to import a gitlab_personal_access_token and allow it to be rotated automatically through terraform the token is revoked and a recreation attempted as both fields in rotation_configuration are marked as requiring recreation.
As rotation_configuration are virtual attributes and only used by the provider, rather than passed into the API, this only serves to restrict the usage of this resource to admins and those creating tokens with the k8s_proxy scope.
This request could also partially fulfil #6360, though it would only enable a workflow bootstrapped by importing an already created token, rather than enabling wider token creation through this resource.
e.g.
resource "gitlab_personal_access_token" "token" {
user_id = var.gitlab_user_id
name = "tf renewal token test"
rotation_configuration = {
expiration_days = 60
rotate_before_days = 7
}
scopes = ["api"]
}
import {
id = "${var.gitlab_user_id}:${token_id}"
to = gitlab_personal_access_token.token
}I have validated that if I skip the recreation of the token by manually editing the terraform state after importing the resource the token is rotated as expected.
Relates to: