From 415a860b9c9d6afc8c30c6061512c805f3eba542 Mon Sep 17 00:00:00 2001 From: Stef Forrester Date: Mon, 19 Apr 2021 17:47:46 -0700 Subject: [PATCH] Add conflictswith warning level message --- kubernetes/provider.go | 163 ++++++++++++++++++++++++----------------- 1 file changed, 95 insertions(+), 68 deletions(-) diff --git a/kubernetes/provider.go b/kubernetes/provider.go index a2153cda76..d445d3b815 100644 --- a/kubernetes/provider.go +++ b/kubernetes/provider.go @@ -7,7 +7,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/mitchellh/go-homedir" apimachineryschema "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/discovery" @@ -25,65 +24,80 @@ import ( ) func Provider() *schema.Provider { + conditionsMessage := "Specifying more than one authentication method can lead to unpredictable behavior." + + " This option will be removed in a future release. Please update your configuration." p := &schema.Provider{ Schema: map[string]*schema.Schema{ "host": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_HOST", nil), - Description: "The hostname (in form of URI) of Kubernetes master.", - ConflictsWith: []string{"config_path", "config_paths"}, - ValidateDiagFunc: validation.ToDiagFunc(validation.IsURLWithHTTPorHTTPS), + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_HOST", nil), + Description: "The hostname (in form of URI) of Kubernetes master.", + ConflictsWith: []string{"config_path", "config_paths"}, + ConditionsMode: "warning", + ConditionsMessage: conditionsMessage, // TODO: enable this when AtLeastOneOf works with optional attributes. // https://github.com/hashicorp/terraform-plugin-sdk/issues/705 // AtLeastOneOf: []string{"token", "exec", "username", "password", "client_certificate", "client_key"}, }, "username": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_USER", nil), - Description: "The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint.", - ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"}, - RequiredWith: []string{"password", "host"}, + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_USER", nil), + Description: "The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint.", + ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"}, + RequiredWith: []string{"password", "host"}, + ConditionsMode: "warning", + ConditionsMessage: conditionsMessage, }, "password": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_PASSWORD", nil), - Description: "The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.", - ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"}, - RequiredWith: []string{"username", "host"}, + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_PASSWORD", nil), + Description: "The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.", + ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"}, + RequiredWith: []string{"username", "host"}, + ConditionsMode: "warning", + ConditionsMessage: conditionsMessage, }, "insecure": { - Type: schema.TypeBool, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_INSECURE", nil), - Description: "Whether server should be accessed without verifying the TLS certificate.", - ConflictsWith: []string{"cluster_ca_certificate", "client_key", "client_certificate", "exec"}, + Type: schema.TypeBool, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_INSECURE", nil), + Description: "Whether server should be accessed without verifying the TLS certificate.", + ConflictsWith: []string{"cluster_ca_certificate", "client_key", "client_certificate", "exec"}, + ConditionsMode: "warning", + ConditionsMessage: conditionsMessage, }, "client_certificate": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_CERT_DATA", nil), - Description: "PEM-encoded client certificate for TLS authentication.", - ConflictsWith: []string{"config_path", "config_paths", "username", "password", "insecure"}, - RequiredWith: []string{"client_key", "cluster_ca_certificate", "host"}, + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_CERT_DATA", nil), + Description: "PEM-encoded client certificate for TLS authentication.", + ConflictsWith: []string{"config_path", "config_paths", "username", "password", "insecure"}, + RequiredWith: []string{"client_key", "cluster_ca_certificate", "host"}, + ConditionsMode: "warning", + ConditionsMessage: conditionsMessage, }, "client_key": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_KEY_DATA", nil), - Description: "PEM-encoded client certificate key for TLS authentication.", - ConflictsWith: []string{"config_path", "config_paths", "username", "password", "exec", "insecure"}, - RequiredWith: []string{"client_certificate", "cluster_ca_certificate", "host"}, + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_KEY_DATA", nil), + Description: "PEM-encoded client certificate key for TLS authentication.", + ConflictsWith: []string{"config_path", "config_paths", "username", "password", "exec", "insecure"}, + RequiredWith: []string{"client_certificate", "cluster_ca_certificate", "host"}, + ConditionsMode: "warning", + ConditionsMessage: conditionsMessage, }, "cluster_ca_certificate": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_CLUSTER_CA_CERT_DATA", nil), - Description: "PEM-encoded root certificates bundle for TLS authentication.", - ConflictsWith: []string{"config_path", "config_paths", "insecure"}, - RequiredWith: []string{"host"}, + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_CLUSTER_CA_CERT_DATA", nil), + Description: "PEM-encoded root certificates bundle for TLS authentication.", + ConflictsWith: []string{"config_path", "config_paths", "insecure"}, + RequiredWith: []string{"host"}, + ConditionsMode: "warning", + ConditionsMessage: conditionsMessage, // TODO: enable this when AtLeastOneOf works with optional attributes. // https://github.com/hashicorp/terraform-plugin-sdk/issues/705 // AtLeastOneOf: []string{"token", "exec", "client_certificate", "client_key"}, @@ -95,7 +109,9 @@ func Provider() *schema.Provider { Optional: true, Description: "A list of paths to kube config files. Can be set with KUBE_CONFIG_PATHS environment variable.", // config_paths conflicts with every attribute except for "insecure", since all of these options will be read from the kubeconfig. - ConflictsWith: []string{"config_path", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"}, + ConflictsWith: []string{"config_path", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"}, + ConditionsMode: "warning", + ConditionsMessage: conditionsMessage, }, "config_path": { Type: schema.TypeString, @@ -103,42 +119,51 @@ func Provider() *schema.Provider { DefaultFunc: schema.EnvDefaultFunc("KUBE_CONFIG_PATH", nil), Description: "Path to the kube config file. Can be set with KUBE_CONFIG_PATH.", // config_path conflicts with every attribute except for "insecure", since all of these options will be read from the kubeconfig. - ConflictsWith: []string{"config_paths", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"}, + ConflictsWith: []string{"config_paths", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"}, + ConditionsMode: "warning", + ConditionsMessage: conditionsMessage, }, "config_context": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX", nil), - Description: "Context to choose from the kube config file. ", - ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"}, + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX", nil), + Description: "Context to choose from the kube config file. ", + ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"}, + ConditionsMode: "warning", + ConditionsMessage: "This functionality will be removed in a later release. Please update your configuration.", // TODO: enable this when AtLeastOneOf works with optional attributes. // AtLeastOneOf: []string{"config_path", "config_paths"}, }, "config_context_auth_info": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX_AUTH_INFO", nil), - Description: "Authentication info context of the kube config (name of the kubeconfig user, --user flag in kubectl).", - ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"}, + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX_AUTH_INFO", nil), + Description: "Authentication info context of the kube config (name of the kubeconfig user, --user flag in kubectl).", + ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"}, + ConditionsMode: "warning", + ConditionsMessage: "This functionality will be removed in a later release. Please update your configuration.", // TODO: enable this when AtLeastOneOf works with optional attributes. // AtLeastOneOf: []string{"config_path", "config_paths"}, }, "config_context_cluster": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX_CLUSTER", nil), - Description: "Cluster context of the kube config (name of the kubeconfig cluster, --cluster flag in kubectl).", - ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"}, + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX_CLUSTER", nil), + Description: "Cluster context of the kube config (name of the kubeconfig cluster, --cluster flag in kubectl).", + ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"}, + ConditionsMessage: "Specifying more than one authentication method can lead to unpredictable behavior. This option will be removed in a future release. Please update your configuration.", // TODO: enable this when AtLeastOneOf works with optional attributes. // AtLeastOneOf: []string{"config_path", "config_paths"}, }, "token": { - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("KUBE_TOKEN", nil), - Description: "Bearer token for authenticating the Kubernetes API.", - ConflictsWith: []string{"config_path", "config_paths", "exec", "client_certificate", "client_key", "username", "password"}, - RequiredWith: []string{"host"}, + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("KUBE_TOKEN", nil), + Description: "Bearer token for authenticating the Kubernetes API.", + ConflictsWith: []string{"config_path", "config_paths", "exec", "client_certificate", "client_key", "username", "password"}, + ConditionsMode: "warning", + ConditionsMessage: "Specifying more than one authentication method can lead to unpredictable behavior. This option will be removed in a future release. Please update your configuration.", + RequiredWith: []string{"host"}, }, "exec": { Type: schema.TypeList, @@ -166,9 +191,11 @@ func Provider() *schema.Provider { }, }, }, - Description: "Configuration block to use an exec-based credential plugin, e.g. call an external command to receive user credentials.", - ConflictsWith: []string{"config_path", "config_paths", "token", "client_certificate", "client_key", "username", "password", "insecure"}, - RequiredWith: []string{"host", "cluster_ca_certificate"}, + Description: "Configuration block to use an exec-based credential plugin, e.g. call an external command to receive user credentials.", + ConflictsWith: []string{"config_path", "config_paths", "token", "client_certificate", "client_key", "username", "password", "insecure"}, + RequiredWith: []string{"host", "cluster_ca_certificate"}, + ConditionsMode: "warning", + ConditionsMessage: "Specifying more than one authentication method can lead to unpredictable behavior. This option will be removed in a future release. Please update your configuration.", }, },