feat: Move kubeconfig to the provider and fix empty metadata bug (#93)

Author: maciaszczykm

docs/index.md

@@ -19,4 +19,39 @@ description: |-
 
 - `access_token` (String, Sensitive) Plural Console access token. Can be sourced from `PLURAL_ACCESS_TOKEN`.
 - `console_url` (String) Plural Console URL, i.e. `https://console.demo.onplural.sh`. Can be sourced from `PLURAL_CONSOLE_URL`.
+- `kubeconfig` (Attributes) Kubeconfig for cluster access. In order to source its fields from environment variables it has to be defined, at least as an empty object. (see [below for nested schema](#nestedatt--kubeconfig))
 - `use_cli` (Boolean) Use Plural CLI `plural cd login` command for authentication. Can be sourced from `PLURAL_USE_CLI`.
+
+<a id="nestedatt--kubeconfig"></a>
+### Nested Schema for `kubeconfig`
+
+Optional:
+
+- `client_certificate` (String) The path to a client cert file for TLS. Can be sourced from `PLURAL_KUBE_CLIENT_CERT_DATA`.
+- `client_key` (String, Sensitive) The path to a client key file for TLS. Can be sourced from `PLURAL_KUBE_CLIENT_KEY_DATA`.
+- `cluster_ca_certificate` (String) The path to a cert file for the certificate authority. Can be sourced from `PLURAL_KUBE_CLUSTER_CA_CERT_DATA`.
+- `config_context` (String) kubeconfig context to use. Can be sourced from `PLURAL_KUBE_CTX`.
+- `config_context_auth_info` (String) Can be sourced from `PLURAL_KUBE_CTX_AUTH_INFO`.
+- `config_context_cluster` (String) Can be sourced from `PLURAL_KUBE_CTX_CLUSTER`.
+- `config_path` (String) Path to the kubeconfig file. Can be sourced from `PLURAL_KUBE_CONFIG_PATH`.
+- `exec` (Attributes List) Specifies a command to provide client credentials (see [below for nested schema](#nestedatt--kubeconfig--exec))
+- `host` (String) The complete address of the Kubernetes cluster, using scheme://hostname:port format. Can be sourced from `PLURAL_KUBE_HOST`.
+- `insecure` (Boolean) Skips the validity check for the server's certificate. This will make your HTTPS connections insecure. Can be sourced from `PLURAL_KUBE_INSECURE`.
+- `password` (String, Sensitive) The password for basic authentication to the Kubernetes cluster. Can be sourced from `PLURAL_KUBE_PASSWORD`.
+- `proxy_url` (String) The URL to the proxy to be used for all requests made by this client. Can be sourced from `PLURAL_KUBE_PROXY_URL`.
+- `tls_server_name` (String) TLS server name is used to check server certificate. If it is empty, the hostname used to contact the server is used. Can be sourced from `PLURAL_KUBE_TLS_SERVER_NAME`.
+- `token` (String, Sensitive) Token is the bearer token for authentication to the Kubernetes cluster. Can be sourced from `PLURAL_KUBE_TOKEN`.
+- `username` (String) The username for basic authentication to the Kubernetes cluster. Can be sourced from `PLURAL_KUBE_USER`.
+
+<a id="nestedatt--kubeconfig--exec"></a>
+### Nested Schema for `kubeconfig.exec`
+
+Required:
+
+- `api_version` (String) Preferred input version.
+- `command` (String) Command to execute.
+
+Optional:
+
+- `args` (List of String) Arguments to pass to the command when executing it.
+- `env` (Map of String) Defines environment variables to expose to the process.

docs/resources/cluster.md

@@ -26,7 +26,7 @@ A representation of a cluster you can deploy to.
 - `handle` (String) A short, unique human-readable name used to identify this cluster. Does not necessarily map to the cloud resource name.
 - `helm_repo_url` (String) Helm repository URL you'd like to use in deployment agent Helm install.
 - `helm_values` (String) Additional Helm values you'd like to use in deployment agent Helm installs. This is useful for BYOK clusters that need to use custom images or other constructs.
-- `kubeconfig` (Attributes) (see [below for nested schema](#nestedatt--kubeconfig))
+- `kubeconfig` (Attributes, Deprecated) (see [below for nested schema](#nestedatt--kubeconfig))
 - `metadata` (String) Arbitrary JSON metadata to store user-specific state of this cluster (e.g. IAM roles for add-ons). Use `jsonencode` and `jsondecode` methods to encode and decode data.
 - `project_id` (String) ID of the project that this cluster belongs to.
 - `protect` (Boolean) If set to `true` then this cluster cannot be deleted.
@@ -71,21 +71,21 @@ Optional:
 
 Optional:
 
-- `client_certificate` (String) The path to a client cert file for TLS. Can be sourced from `PLURAL_KUBE_CLIENT_CERT_DATA`.
-- `client_key` (String, Sensitive) The path to a client key file for TLS. Can be sourced from `PLURAL_KUBE_CLIENT_KEY_DATA`.
-- `cluster_ca_certificate` (String) The path to a cert file for the certificate authority. Can be sourced from `PLURAL_KUBE_CLUSTER_CA_CERT_DATA`.
-- `config_context` (String) kubeconfig context to use. Can be sourced from `PLURAL_KUBE_CTX`.
-- `config_context_auth_info` (String) Can be sourced from `PLURAL_KUBE_CTX_AUTH_INFO`.
-- `config_context_cluster` (String) Can be sourced from `PLURAL_KUBE_CTX_CLUSTER`.
-- `config_path` (String) Path to the kubeconfig file. Can be sourced from `PLURAL_KUBE_CONFIG_PATH`.
+- `client_certificate` (String) The path to a client cert file for TLS.
+- `client_key` (String, Sensitive) The path to a client key file for TLS.
+- `cluster_ca_certificate` (String) The path to a cert file for the certificate authority.
+- `config_context` (String) kubeconfig context to use.
+- `config_context_auth_info` (String)
+- `config_context_cluster` (String)
+- `config_path` (String) Path to the kubeconfig file.
 - `exec` (Attributes List) Specifies a command to provide client credentials (see [below for nested schema](#nestedatt--kubeconfig--exec))
-- `host` (String) The complete address of the Kubernetes cluster, using scheme://hostname:port format. Can be sourced from `PLURAL_KUBE_HOST`.
-- `insecure` (Boolean) Skips the validity check for the server's certificate. This will make your HTTPS connections insecure. Can be sourced from `PLURAL_KUBE_INSECURE`.
-- `password` (String, Sensitive) The password for basic authentication to the Kubernetes cluster. Can be sourced from `PLURAL_KUBE_PASSWORD`.
-- `proxy_url` (String) The URL to the proxy to be used for all requests made by this client. Can be sourced from `PLURAL_KUBE_PROXY_URL`.
-- `tls_server_name` (String) TLS server name is used to check server certificate. If it is empty, the hostname used to contact the server is used. Can be sourced from `PLURAL_KUBE_TLS_SERVER_NAME`.
-- `token` (String, Sensitive) Token is the bearer token for authentication to the Kubernetes cluster. Can be sourced from `PLURAL_KUBE_TOKEN`.
-- `username` (String) The username for basic authentication to the Kubernetes cluster. Can be sourced from `PLURAL_KUBE_USER`.
+- `host` (String) The complete address of the Kubernetes cluster, using scheme://hostname:port format.
+- `insecure` (Boolean) Skips the validity check for the server's certificate. This will make your HTTPS connections insecure.
+- `password` (String, Sensitive) The password for basic authentication to the Kubernetes cluster.
+- `proxy_url` (String) The URL to the proxy to be used for all requests made by this client.
+- `tls_server_name` (String) TLS server name is used to check server certificate. If it is empty, the hostname used to contact the server is used.
+- `token` (String, Sensitive) Token is the bearer token for authentication to the Kubernetes cluster.
+- `username` (String) The username for basic authentication to the Kubernetes cluster.
 
 <a id="nestedatt--kubeconfig--exec"></a>
 ### Nested Schema for `kubeconfig.exec`

example/cluster/byok/main.tf

@@ -0,0 +1,46 @@
+terraform {
+  required_providers {
+    plural = {
+      source  = "pluralsh/plural"
+      version = "0.2.25"
+    }
+  }
+}
+
+#####################################
+######### Deprecated method #########
+#####################################
+# provider "plural" {
+#   alias   = "deprecated"
+#   use_cli = true
+# }
+#
+# resource "plural_cluster" "deprecated" {
+#   provider = plural.deprecated
+#   name     = "byok"
+#   protect  = "false"
+#   detach   = true
+#   kubeconfig = {
+#     # It can no longer be sourced from environment variables.
+#     config_path = pathexpand("~/.kube/config")
+#   }
+# }
+
+#####################################
+############ New method #############
+#####################################
+provider "plural" {
+  alias   = "new"
+  use_cli = true
+  kubeconfig = {
+    # It can be sourced from environment variables instead, i.e.: export PLURAL_KUBE_CONFIG_PATH=$KUBECONFIG
+    config_path = pathexpand("~/.kube/config")
+  }
+}
+
+resource "plural_cluster" "new" {
+  provider = plural.new
+  name     = "byok"
+  protect  = "false"
+  detach   = true
+}

example/kubeconfig/main.tf

@@ -1,4 +1,4 @@
-package resource
+package common
 
 import (
 	"bytes"
@@ -23,23 +23,23 @@ import (
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 )
 
-type KubeConfig struct {
+type KubeClient struct {
 	ClientConfig clientcmd.ClientConfig
 }
 
-func (k *KubeConfig) ToClientSet() (*kubernetes.Clientset, error) {
+func (k *KubeClient) ToClientSet() (*kubernetes.Clientset, error) {
 	config, err := k.ToRawKubeConfigLoader().ClientConfig()
 	if err != nil {
 		return nil, err
 	}
 	return kubernetes.NewForConfig(config)
 }
 
-func (k *KubeConfig) ToRESTConfig() (*rest.Config, error) {
+func (k *KubeClient) ToRESTConfig() (*rest.Config, error) {
 	return k.ToRawKubeConfigLoader().ClientConfig()
 }
 
-func (k *KubeConfig) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, error) {
+func (k *KubeClient) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, error) {
 	config, err := k.ToRESTConfig()
 	if err != nil {
 		return nil, err
@@ -48,7 +48,7 @@ func (k *KubeConfig) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, er
 	return disk.NewCachedDiscoveryClientForConfig(config, os.TempDir(), os.TempDir(), 1*time.Minute)
 }
 
-func (k *KubeConfig) ToRESTMapper() (meta.RESTMapper, error) {
+func (k *KubeClient) ToRESTMapper() (meta.RESTMapper, error) {
 	client, err := k.ToDiscoveryClient()
 	if err != nil {
 		return nil, err
@@ -57,11 +57,11 @@ func (k *KubeConfig) ToRESTMapper() (meta.RESTMapper, error) {
 	return restmapper.NewShortcutExpander(restmapper.NewDeferredDiscoveryRESTMapper(client), client, nil), nil
 }
 
-func (k *KubeConfig) ToRawKubeConfigLoader() clientcmd.ClientConfig {
+func (k *KubeClient) ToRawKubeConfigLoader() clientcmd.ClientConfig {
 	return k.ClientConfig
 }
 
-func newKubeconfig(ctx context.Context, kubeconfig *Kubeconfig, namespace *string) (*KubeConfig, error) {
+func NewKubeClient(ctx context.Context, kubeconfig *Kubeconfig, namespace *string) (*KubeClient, error) {
 	overrides := &clientcmd.ConfigOverrides{}
 	loader := &clientcmd.ClientConfigLoadingRules{}
 
@@ -186,5 +186,5 @@ func newKubeconfig(ctx context.Context, kubeconfig *Kubeconfig, namespace *strin
 	}
 
 	tflog.Trace(ctx, "successfully initialized kubernetes config")
-	return &KubeConfig{ClientConfig: client}, nil
+	return &KubeClient{ClientConfig: client}, nil
 }