Skip to content

Commit

Permalink
Add conflictswith warning level message
Browse files Browse the repository at this point in the history
  • Loading branch information
dak1n1 committed Apr 21, 2021
1 parent 211009c commit 415a860
Showing 1 changed file with 95 additions and 68 deletions.
163 changes: 95 additions & 68 deletions kubernetes/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
"github.com/mitchellh/go-homedir"
apimachineryschema "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/discovery"
Expand All @@ -25,65 +24,80 @@ import (
)

func Provider() *schema.Provider {
conditionsMessage := "Specifying more than one authentication method can lead to unpredictable behavior." +
" This option will be removed in a future release. Please update your configuration."
p := &schema.Provider{
Schema: map[string]*schema.Schema{
"host": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_HOST", nil),
Description: "The hostname (in form of URI) of Kubernetes master.",
ConflictsWith: []string{"config_path", "config_paths"},
ValidateDiagFunc: validation.ToDiagFunc(validation.IsURLWithHTTPorHTTPS),
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_HOST", nil),
Description: "The hostname (in form of URI) of Kubernetes master.",
ConflictsWith: []string{"config_path", "config_paths"},
ConditionsMode: "warning",
ConditionsMessage: conditionsMessage,
// TODO: enable this when AtLeastOneOf works with optional attributes.
// https://github.com/hashicorp/terraform-plugin-sdk/issues/705
// AtLeastOneOf: []string{"token", "exec", "username", "password", "client_certificate", "client_key"},
},
"username": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_USER", nil),
Description: "The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
RequiredWith: []string{"password", "host"},
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_USER", nil),
Description: "The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
RequiredWith: []string{"password", "host"},
ConditionsMode: "warning",
ConditionsMessage: conditionsMessage,
},
"password": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_PASSWORD", nil),
Description: "The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
RequiredWith: []string{"username", "host"},
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_PASSWORD", nil),
Description: "The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
RequiredWith: []string{"username", "host"},
ConditionsMode: "warning",
ConditionsMessage: conditionsMessage,
},
"insecure": {
Type: schema.TypeBool,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_INSECURE", nil),
Description: "Whether server should be accessed without verifying the TLS certificate.",
ConflictsWith: []string{"cluster_ca_certificate", "client_key", "client_certificate", "exec"},
Type: schema.TypeBool,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_INSECURE", nil),
Description: "Whether server should be accessed without verifying the TLS certificate.",
ConflictsWith: []string{"cluster_ca_certificate", "client_key", "client_certificate", "exec"},
ConditionsMode: "warning",
ConditionsMessage: conditionsMessage,
},
"client_certificate": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_CERT_DATA", nil),
Description: "PEM-encoded client certificate for TLS authentication.",
ConflictsWith: []string{"config_path", "config_paths", "username", "password", "insecure"},
RequiredWith: []string{"client_key", "cluster_ca_certificate", "host"},
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_CERT_DATA", nil),
Description: "PEM-encoded client certificate for TLS authentication.",
ConflictsWith: []string{"config_path", "config_paths", "username", "password", "insecure"},
RequiredWith: []string{"client_key", "cluster_ca_certificate", "host"},
ConditionsMode: "warning",
ConditionsMessage: conditionsMessage,
},
"client_key": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_KEY_DATA", nil),
Description: "PEM-encoded client certificate key for TLS authentication.",
ConflictsWith: []string{"config_path", "config_paths", "username", "password", "exec", "insecure"},
RequiredWith: []string{"client_certificate", "cluster_ca_certificate", "host"},
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_KEY_DATA", nil),
Description: "PEM-encoded client certificate key for TLS authentication.",
ConflictsWith: []string{"config_path", "config_paths", "username", "password", "exec", "insecure"},
RequiredWith: []string{"client_certificate", "cluster_ca_certificate", "host"},
ConditionsMode: "warning",
ConditionsMessage: conditionsMessage,
},
"cluster_ca_certificate": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CLUSTER_CA_CERT_DATA", nil),
Description: "PEM-encoded root certificates bundle for TLS authentication.",
ConflictsWith: []string{"config_path", "config_paths", "insecure"},
RequiredWith: []string{"host"},
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CLUSTER_CA_CERT_DATA", nil),
Description: "PEM-encoded root certificates bundle for TLS authentication.",
ConflictsWith: []string{"config_path", "config_paths", "insecure"},
RequiredWith: []string{"host"},
ConditionsMode: "warning",
ConditionsMessage: conditionsMessage,
// TODO: enable this when AtLeastOneOf works with optional attributes.
// https://github.com/hashicorp/terraform-plugin-sdk/issues/705
// AtLeastOneOf: []string{"token", "exec", "client_certificate", "client_key"},
Expand All @@ -95,50 +109,61 @@ func Provider() *schema.Provider {
Optional: true,
Description: "A list of paths to kube config files. Can be set with KUBE_CONFIG_PATHS environment variable.",
// config_paths conflicts with every attribute except for "insecure", since all of these options will be read from the kubeconfig.
ConflictsWith: []string{"config_path", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"},
ConflictsWith: []string{"config_path", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"},
ConditionsMode: "warning",
ConditionsMessage: conditionsMessage,
},
"config_path": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CONFIG_PATH", nil),
Description: "Path to the kube config file. Can be set with KUBE_CONFIG_PATH.",
// config_path conflicts with every attribute except for "insecure", since all of these options will be read from the kubeconfig.
ConflictsWith: []string{"config_paths", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"},
ConflictsWith: []string{"config_paths", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"},
ConditionsMode: "warning",
ConditionsMessage: conditionsMessage,
},
"config_context": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX", nil),
Description: "Context to choose from the kube config file. ",
ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX", nil),
Description: "Context to choose from the kube config file. ",
ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
ConditionsMode: "warning",
ConditionsMessage: "This functionality will be removed in a later release. Please update your configuration.",
// TODO: enable this when AtLeastOneOf works with optional attributes.
// AtLeastOneOf: []string{"config_path", "config_paths"},
},
"config_context_auth_info": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX_AUTH_INFO", nil),
Description: "Authentication info context of the kube config (name of the kubeconfig user, --user flag in kubectl).",
ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX_AUTH_INFO", nil),
Description: "Authentication info context of the kube config (name of the kubeconfig user, --user flag in kubectl).",
ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
ConditionsMode: "warning",
ConditionsMessage: "This functionality will be removed in a later release. Please update your configuration.",
// TODO: enable this when AtLeastOneOf works with optional attributes.
// AtLeastOneOf: []string{"config_path", "config_paths"},
},
"config_context_cluster": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX_CLUSTER", nil),
Description: "Cluster context of the kube config (name of the kubeconfig cluster, --cluster flag in kubectl).",
ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX_CLUSTER", nil),
Description: "Cluster context of the kube config (name of the kubeconfig cluster, --cluster flag in kubectl).",
ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
ConditionsMessage: "Specifying more than one authentication method can lead to unpredictable behavior. This option will be removed in a future release. Please update your configuration.",
// TODO: enable this when AtLeastOneOf works with optional attributes.
// AtLeastOneOf: []string{"config_path", "config_paths"},
},
"token": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_TOKEN", nil),
Description: "Bearer token for authenticating the Kubernetes API.",
ConflictsWith: []string{"config_path", "config_paths", "exec", "client_certificate", "client_key", "username", "password"},
RequiredWith: []string{"host"},
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_TOKEN", nil),
Description: "Bearer token for authenticating the Kubernetes API.",
ConflictsWith: []string{"config_path", "config_paths", "exec", "client_certificate", "client_key", "username", "password"},
ConditionsMode: "warning",
ConditionsMessage: "Specifying more than one authentication method can lead to unpredictable behavior. This option will be removed in a future release. Please update your configuration.",
RequiredWith: []string{"host"},
},
"exec": {
Type: schema.TypeList,
Expand Down Expand Up @@ -166,9 +191,11 @@ func Provider() *schema.Provider {
},
},
},
Description: "Configuration block to use an exec-based credential plugin, e.g. call an external command to receive user credentials.",
ConflictsWith: []string{"config_path", "config_paths", "token", "client_certificate", "client_key", "username", "password", "insecure"},
RequiredWith: []string{"host", "cluster_ca_certificate"},
Description: "Configuration block to use an exec-based credential plugin, e.g. call an external command to receive user credentials.",
ConflictsWith: []string{"config_path", "config_paths", "token", "client_certificate", "client_key", "username", "password", "insecure"},
RequiredWith: []string{"host", "cluster_ca_certificate"},
ConditionsMode: "warning",
ConditionsMessage: "Specifying more than one authentication method can lead to unpredictable behavior. This option will be removed in a future release. Please update your configuration.",
},
},

Expand Down

0 comments on commit 415a860

Please sign in to comment.