stackit-dev-tools/terraform-provider-stackitprivatepreview
2
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Get credentials in cluster read and add default to kubeconfig expiration (#259)

Browse source 
* Get credentials in cluster read and add default to expiration

* Fix docs

* Fix docs

* Update warning
This commit is contained in:
Vicente Pinto 2024-02-09 16:59:00 +00:00 committed by GitHub
parent e9b2d7aa91
commit d5bd5fa402
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 33 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
docs/data-sources/loadbalancer.md
View file

@ -40,6 +40,10 @@ data "stackit_loadbalancer" "example" {
<a id="nestedatt--listeners"></a>
### Nested Schema for `listeners`
Optional:
- `server_name_indicators` (Attributes List) A list of domain names to match in order to pass TLS traffic to the target pool in the current listener (see [below for nested schema](#nestedatt--listeners--server_name_indicators))
Read-Only:
- `display_name` (String)
@ -47,6 +51,14 @@ Read-Only:
- `protocol` (String) Protocol is the highest network protocol we understand to load balance.
- `target_pool` (String) Reference target pool by target pool name.
<a id="nestedatt--listeners--server_name_indicators"></a>
### Nested Schema for `listeners.server_name_indicators`
Optional:
- `name` (String) A domain name to match in order to pass TLS traffic to the target pool in the current listener
<a id="nestedatt--networks"></a>
### Nested Schema for `networks`

9
docs/resources/loadbalancer.md
View file

@ -202,8 +202,17 @@ Optional:
- `display_name` (String)
- `port` (Number) Port number where we listen for traffic.
- `protocol` (String) Protocol is the highest network protocol we understand to load balance.
- `server_name_indicators` (Attributes List) A list of domain names to match in order to pass TLS traffic to the target pool in the current listener (see [below for nested schema](#nestedatt--listeners--server_name_indicators))
- `target_pool` (String) Reference target pool by target pool name.
<a id="nestedatt--listeners--server_name_indicators"></a>
### Nested Schema for `listeners.server_name_indicators`
Optional:
- `name` (String) A domain name to match in order to pass TLS traffic to the target pool in the current listener
<a id="nestedatt--networks"></a>
### Nested Schema for `networks`

2
stackit/internal/services/loadbalancer/loadbalancer/datasource.go
View file

@ -78,7 +78,7 @@ func (r *loadBalancerDataSource) Configure(ctx context.Context, req datasource.C
// Schema defines the schema for the data source.
func (r *loadBalancerDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
descriptions := map[string]string{
"main": "Load Balancer resource schema.",
"main": "Load Balancer data source schema. Must have a `region` specified in the provider configuration.",
"id": "Terraform's internal resource ID. It is structured as \"`project_id`\",\"`name`\".",
"project_id": "STACKIT project ID to which the Load Balancer is associated.",
"external_address": "External Load Balancer IP address where this Load Balancer is exposed.",

10
stackit/internal/services/ske/cluster/resource.go
View file

@ -672,7 +672,7 @@ func (r *clusterResource) getCredential(ctx context.Context, diags *diag.Diagnos
if oapiErr.StatusCode == http.StatusBadRequest {
// deprecated endpoint will return 400 if the new endpoints have been used
// if that's the case, we set the field to null
core.LogAndAddWarning(ctx, diags, "The kubelogin field is set to null", "The call to GetCredentials failed, which means the new credentials rotation flow might already been triggered for this cluster. If you are already using the stackit_ske_kubeconfig resource you can ignore this warning. If not, you must start using it.")
core.LogAndAddWarning(ctx, diags, "The kubelogin field is set to null", "Failed to get static token kubeconfig, which means the new credentials rotation flow might already been triggered for this cluster. If you are already using the stackit_ske_kubeconfig resource you can ignore this warning. If not, you must use it to access this cluster's short-lived admin kubeconfig.")
model.KubeConfig = types.StringPointerValue(nil)
return nil
}
@ -1386,6 +1386,14 @@ func (r *clusterResource) Read(ctx context.Context, req resource.ReadRequest, re
core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading cluster", fmt.Sprintf("Processing API payload: %v", err))
return
}
// Handle credential
err = r.getCredential(ctx, &resp.Diagnostics, &state)
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading cluster", fmt.Sprintf("Getting credential: %v", err))
return
}
diags = resp.State.Set(ctx, state)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {

2
stackit/internal/services/ske/kubeconfig/resource.go
View file

@ -17,6 +17,7 @@ import (
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/resource/schema"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/boolplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64default"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64planmodifier"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
@ -153,6 +154,7 @@ func (r *kubeconfigResource) Schema(_ context.Context, _ resource.SchemaRequest,
Description: descriptions["expiration"],
Optional: true,
Computed: true,
Default: int64default.StaticInt64(3600), // the default value is not returned by the API so we set a default value here, otherwise we would have to compute the expiration based on the expires_at field
PlanModifiers: []planmodifier.Int64{
int64planmodifier.RequiresReplace(),
int64planmodifier.UseStateForUnknown(),