resource_token tries to renew access token instead of resource token

[peric]

In our private project, we use resource_token inside a module to setup a custom token for each of our projects (aka AWS accounts). At the moment, we have 15 projects, which means 15 different tokens.

To set up those projects, we use a parent token which has permission to create child tokens.

We use renewable = true to make tokens renewable, but code from this project does not work for us because it tries to renew "access token" instead of "resource tokens".

Maybe I am missing something, but in my opinion solution should work as described below. I will also provide a PR with that should be correct, at least in my opinion.

Actual Behavior

tokenRead function of resource_token resource currently (in a nutshell) works like:

• LookupAccessor function is called with received token accessor
• if needed, token renewal will be performed. But, instead on the received token, RenewSelf function will be called, which will try to perform renewal on a token which is currently authenticated

https://github.com/terraform-providers/terraform-provider-vault/blob/master/vault/resource_token.go#L263

Expected Behavior

tokenRead function of resource_token should work like:

• LookupAccessor function should be called with received token accessor
• if needed, token renewal will be performed. Renew function should be called instead of RenewSelf. Resource token id should be provided to the Renew function.

Terraform Version

Terraform v0.11.13

Affected Resource(s)

Please list the resources as a list, for example:

• resource_token

Terraform Configuration Files

resource "vault_token" "app_token" {
  // 180 days
  ttl              = "15552000"
  explicit_max_ttl = "15552000"

  // 90 days
  renewable       = true
  renew_min_lease = "7776000"

  no_parent = true

  policies = [
    "${vault_policy.app_policy.name}",
  ]

  display_name = "${local.postfix}"
}