docs: add documentation for using portal service accounts

[scottd018]

What this PR does / why we need it:

There is currently no information on using the client_id and client_secret parameters when using portal service accounts. This creates confusion when customers are trying to use the access tokens, described at https://docs.redhat.com/en/documentation/red_hat_customer_portal/1/html/creating_and_managing_service_accounts/ref-ciam-svc-acct-api-creating-service-acct, and causes a timeout when provisioning clusters, which is hard-coded at 15 minutes.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story (OCM-xxxx):
Fixes #

Change type

• New feature
• Bug fix
• Build
• CI
• Documentation
• Performance
• Refactor
• Style
• Unit tests
• Subsystem tests

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jneczypor for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• docs/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @scottd018. Thanks for your PR.

I'm waiting for a terraform-redhat member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[marcolan018]

@hunterkepley Please help to review this pr, which adds the missing part for the tf, thanks

[EricPonvelle]

This looks pretty good at explaining the client ID and secret, but I did have a point of clarification surrounding the OCM offline token with regards to the new SSO login method for ROSA.

[EricPonvelle]

Is this still the case? When I go to that URL, I now see the new SSO login method. I see an option to still use API keys via a link:

But going there notes that the keys are deprecated:

[fjcloud]

You right; i will create a new PR, i cannot modify that one. OCM offline token will be deprecated, so the only supported method will be using portal service accounts.

[hunterkepley]

@fjcloud please ping me on here or preferably slack for review on that new MR :)

[EricPonvelle]

Suggested change

	These values allow the Terraform provider to refresh the token prior to the 15-minute expiry time and allow avoiding the use of a single, hard-coded access token against the OCM API. Like the offline OCM token, the purpose of this token is to verify that you have access and permission to create and upgrade clusters.
	These values allow the Terraform provider to refresh the token prior to the 15-minute expiry time and avoid using a single, hard-coded access token against the OCM API. Like the offline OCM token, the purpose of this token is to verify that you have access and permission to create and upgrade clusters.