Cloudflare service token rotation

[BojanZelic]

This PR closes #1041

It adds support for cloudflare_access_service_token renewal if terraform is ran within the timeperiod defined in min_days_for_renewal.

See example usage:

# Generate a service token that will renew if terraform is ran within 30 days of expiration
resource "cloudflare_access_service_token" "my_app" {
  account_id = "d41d8cd98f00b204e9800998ecf8427e"
  name       = "CI/CD app renewed"
  min_days_for_renewal = 30

  lifecycle {
    create_before_destroy = true
  }
}

[jacobbednarz]

I would also like to explore an integration test for this behaviour however I don't exactly have a good approach planned out yet. Thoughts?

[BojanZelic]

I would also like to explore an integration test for this behaviour however I don't exactly have a good approach planned out yet. Thoughts?

For an integration test I see two tests possibly:

1. set min_days_for_renewal = 365... run the apply 2x and make sure that the 2nd time it regenerates the token
2. set min_days_for_renewal = 364... run the apply 2x and make sure that it doesn't regenerate the token

[BojanZelic]

@jacobbednarz I've added an acceptance test & updated a few things with the PR. Let me know if you have any further suggestions.

[jacobbednarz]

cloudflare.AccessServiceTokenCreateResponse doesn't have an ExpiresAt field - see https://github.com/cloudflare/cloudflare-go/blob/master/access_service_tokens.go#L37-L44. we'll need to get this into cloudflare-go first

[jacobbednarz]

looks like a good approach! other than adding the field into cloudflare-go, this is looking ace. thanks!

[jacobbednarz]

this is now ready to update from master to get this prepared for merge

[BojanZelic]

@jacobbednarz I've rebased from master... let me know if you need anything else to get this merged.

[jacobbednarz]

thanks, looks great and the integration tests are passing locally 🎉