feat: add workspace config to kargo instance and kargo agent (#325)

This implements improvements based on the commits in
#323, enabling more
fine-grained workspace config for the resources. Otherwise, different
resources in the terraform file would need to be in the same workspace
to function properly.

---------

Co-authored-by: steve <[email protected]>

Author: hanxiaop

akp/data_source_akp_instance_test.go

@@ -35,8 +35,8 @@ func TestAccInstanceDataSource(t *testing.T) {
 					resource.TestCheckResourceAttr("data.akp_instance.test", "argocd.spec.instance_spec.host_aliases.0.hostnames.0", "test-1"),
 					resource.TestCheckResourceAttr("data.akp_instance.test", "argocd.spec.instance_spec.host_aliases.0.hostnames.1", "test-2"),
 
-					// argocd_cm
-					resource.TestCheckResourceAttr("data.akp_instance.test", "argocd_cm.%", "9"),
+					// argocd_cm, all fields should be computed.
+					resource.TestCheckResourceAttr("data.akp_instance.test", "argocd_cm.%", "0"),
 				),
 			},
 		},

akp/data_source_akp_kargo_schema.go

@@ -40,6 +40,10 @@ func getAKPKargoDataSourceAttributes() map[string]schema.Attribute {
 			ElementType:         types.StringType,
 			Computed:            true,
 		},
+		"workspace": schema.StringAttribute{
+			MarkdownDescription: "Workspace name for the Kargo instance",
+			Computed:            true,
+		},
 	}
 }
 

akp/data_source_akp_kargoagent_schema.go

@@ -25,6 +25,10 @@ func getAKPKargoAgentDataSourceAttributes() map[string]schema.Attribute {
 			MarkdownDescription: "The ID of the Kargo instance",
 			Required:            true,
 		},
+		"workspace": schema.StringAttribute{
+			MarkdownDescription: "Workspace name for the Kargo agent",
+			Computed:            true,
+		},
 		"name": schema.StringAttribute{
 			MarkdownDescription: "The name of the Kargo agent",
 			Required:            true,

akp/provider.go

@@ -105,6 +105,7 @@ func (p *AkpProvider) Configure(ctx context.Context, req provider.ConfigureReque
 	if ServerUrl == "" {
 		ServerUrl = "https://akuity.cloud"
 	}
+
 	if apiKeyID == "" {
 		resp.Diagnostics.AddAttributeError(
 			path.Root("api_key_id"),
@@ -159,6 +160,7 @@ func (p *AkpProvider) Configure(ctx context.Context, req provider.ConfigureReque
 	argoc := argocdv1.NewArgoCDServiceGatewayClient(gwc)
 	kargoc := kargov1.NewKargoServiceGatewayClient(gwc)
 	orgc = orgcv1.NewOrganizationServiceGatewayClient(gwc)
+
 	akpCli := &AkpCli{
 		Cli:      argoc,
 		KargoCli: kargoc,

akp/resource_akp_kargo.go

@@ -139,32 +139,26 @@ func (r *AkpKargoInstanceResource) ImportState(ctx context.Context, req resource
 
 func (r *AkpKargoInstanceResource) upsert(ctx context.Context, diagnostics *diag.Diagnostics, plan *types.KargoInstance) error {
 	ctx = httpctx.SetAuthorizationHeader(ctx, r.akpCli.Cred.Scheme(), r.akpCli.Cred.Credential())
-	workspaces, err := r.akpCli.OrgCli.ListWorkspaces(ctx, &orgcv1.ListWorkspacesRequest{
-		OrganizationId: r.akpCli.OrgId,
-	})
+
+	workspace, err := getWorkspace(ctx, r.akpCli.OrgCli, r.akpCli.OrgId, plan.Workspace.ValueString())
 	if err != nil {
-		return errors.Wrap(err, "Unable to read workspaces")
-	}
-	var workspaceId string
-	for _, w := range workspaces.GetWorkspaces() {
-		if w.GetIsDefault() {
-			workspaceId = w.GetId()
-			break
-		}
-	}
-	if workspaceId == "" {
-		return errors.New("Default workspace not found")
+		diagnostics.AddError("Client Error", fmt.Sprintf("Unable to get workspace. %s", err))
+		return errors.New("Unable to get workspace")
 	}
-	apiReq := buildKargoApplyRequest(ctx, diagnostics, plan, r.akpCli.OrgId, workspaceId)
+	apiReq := buildKargoApplyRequest(ctx, diagnostics, plan, r.akpCli.OrgId, workspace.GetId())
 	if diagnostics.HasError() {
 		return errors.New("Unable to build Kargo instance request")
 	}
 	tflog.Debug(ctx, fmt.Sprintf("Apply instance request: %s", apiReq))
+
 	_, err = r.akpCli.KargoCli.ApplyKargoInstance(ctx, apiReq)
 	if err != nil {
 		return errors.Wrap(err, "Unable to upsert Kargo instance")
 	}
 
+	if plan.Workspace.ValueString() == "" {
+		plan.Workspace = tftypes.StringValue(workspace.GetName())
+	}
 	return refreshKargoState(ctx, diagnostics, r.akpCli.KargoCli, plan, r.akpCli.OrgId)
 }
 
@@ -245,3 +239,23 @@ func refreshKargoState(ctx context.Context, diagnostics *diag.Diagnostics, clien
 	tflog.Debug(ctx, fmt.Sprintf("Export Kargo instance response: %s", exportResp))
 	return kargo.Update(ctx, diagnostics, exportResp)
 }
+
+func getWorkspace(ctx context.Context, orgc orgcv1.OrganizationServiceGatewayClient, orgid, name string) (*orgcv1.Workspace, error) {
+	workspaces, err := orgc.ListWorkspaces(ctx, &orgcv1.ListWorkspacesRequest{
+		OrganizationId: orgid,
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to read org workspaces")
+	}
+	for _, w := range workspaces.GetWorkspaces() {
+		if name == "" && w.IsDefault {
+			// if no workspace name is provided, return the default workspace
+			return w, nil
+		}
+		if w.Name == name {
+			return w, nil
+		}
+	}
+
+	return nil, fmt.Errorf("workspace %s not found", name)
+}

akp/resource_akp_kargo_schema.go

@@ -59,6 +59,14 @@ func getAKPKargoInstanceAttributes() map[string]schema.Attribute {
 			Optional:            true,
 			Sensitive:           true,
 		},
+		"workspace": schema.StringAttribute{
+			Optional:            true,
+			Computed:            true,
+			MarkdownDescription: "Workspace name for the Kargo instance",
+			PlanModifiers: []planmodifier.String{
+				stringplanmodifier.UseStateForUnknown(),
+			},
+		},
 	}
 }
 

akp/resource_akp_kargoagent.go

@@ -10,13 +10,13 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/tfsdk"
+	tftypes "github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/pkg/errors"
 	"golang.org/x/exp/slices"
 	"google.golang.org/protobuf/types/known/structpb"
 
 	kargov1 "github.com/akuity/api-client-go/pkg/api/gen/kargo/v1"
-	orgcv1 "github.com/akuity/api-client-go/pkg/api/gen/organization/v1"
 	healthv1 "github.com/akuity/api-client-go/pkg/api/gen/types/status/health/v1"
 	reconv1 "github.com/akuity/api-client-go/pkg/api/gen/types/status/reconciliation/v1"
 	httpctx "github.com/akuity/grpc-gateway-client/pkg/http/context"
@@ -179,30 +179,24 @@ func (r *AkpKargoAgentResource) ImportState(ctx context.Context, req resource.Im
 
 func (r *AkpKargoAgentResource) upsert(ctx context.Context, diagnostics *diag.Diagnostics, plan *types.KargoAgent, isCreate bool) (*types.KargoAgent, error) {
 	ctx = httpctx.SetAuthorizationHeader(ctx, r.akpCli.Cred.Scheme(), r.akpCli.Cred.Credential())
-	workspaces, err := r.akpCli.OrgCli.ListWorkspaces(ctx, &orgcv1.ListWorkspacesRequest{
-		OrganizationId: r.akpCli.OrgId,
-	})
+
+	workspace, err := getWorkspace(ctx, r.akpCli.OrgCli, r.akpCli.OrgId, plan.Workspace.ValueString())
 	if err != nil {
-		return nil, errors.Wrap(err, "Unable to read workspaces")
+		diagnostics.AddError("Client Error", fmt.Sprintf("Unable to get workspace. %s", err))
+		return nil, errors.New("Unable to get workspace")
 	}
-	var workspaceId string
-	for _, w := range workspaces.GetWorkspaces() {
-		if w.GetIsDefault() {
-			workspaceId = w.GetId()
-			break
-		}
-	}
-	if workspaceId == "" {
-		return nil, errors.New("Default workspace not found")
-	}
-	apiReq := buildKargoAgentApplyRequest(ctx, diagnostics, plan, r.akpCli.OrgId, workspaceId)
+	apiReq := buildKargoAgentApplyRequest(ctx, diagnostics, plan, r.akpCli.OrgId, workspace.Id)
 	if diagnostics.HasError() {
 		return nil, nil
 	}
 	result, err := r.applyKargoInstance(ctx, plan, apiReq, isCreate, r.akpCli.KargoCli.ApplyKargoInstance, r.upsertKubeConfig)
 	if err != nil {
 		return result, err
 	}
+
+	if plan.Workspace.ValueString() == "" {
+		plan.Workspace = tftypes.StringValue(workspace.GetName())
+	}
 	return result, refreshKargoAgentState(ctx, diagnostics, r.akpCli.KargoCli, result, r.akpCli.OrgId, nil, plan)
 }
 

akp/resource_akp_kargoagent_schema.go

@@ -38,6 +38,14 @@ func getAKPKargoAgentResourceAttributes() map[string]schema.Attribute {
 				stringplanmodifier.RequiresReplace(),
 			},
 		},
+		"workspace": schema.StringAttribute{
+			Optional:            true,
+			Computed:            true,
+			MarkdownDescription: "Workspace name for the Kargo agent",
+			PlanModifiers: []planmodifier.String{
+				stringplanmodifier.UseStateForUnknown(),
+			},
+		},
 		"name": schema.StringAttribute{
 			MarkdownDescription: "The name of the Kargo agent",
 			Required:            true,
@@ -150,15 +158,17 @@ func getAKPKargoAgentDataAttributes() map[string]schema.Attribute {
 			Optional:            true,
 			Computed:            true,
 			PlanModifiers: []planmodifier.String{
-				stringplanmodifier.RequiresReplace(),
+				stringplanmodifier.UseStateForUnknown(),
+				stringplanmodifier.RequiresReplaceIfConfigured(),
 			},
 		},
 		"akuity_managed": schema.BoolAttribute{
 			MarkdownDescription: "This means the agent is managed by Akuity",
 			Optional:            true,
 			Computed:            true,
 			PlanModifiers: []planmodifier.Bool{
-				boolplanmodifier.RequiresReplace(),
+				boolplanmodifier.UseStateForUnknown(),
+				boolplanmodifier.RequiresReplaceIfConfigured(),
 			},
 		},
 		"argocd_namespace": schema.StringAttribute{

akp/types/kargo_instance.go

@@ -20,6 +20,7 @@ type KargoInstance struct {
 	Kargo          *Kargo       `tfsdk:"kargo"`
 	KargoConfigMap types.Map    `tfsdk:"kargo_cm"`
 	KargoSecret    types.Map    `tfsdk:"kargo_secret"`
+	Workspace      types.String `tfsdk:"workspace"`
 }
 
 func (k *KargoInstance) Update(ctx context.Context, diagnostics *diag.Diagnostics, exportResp *kargov1.ExportKargoInstanceResponse) error {

akp/types/kargoagent.go

@@ -12,6 +12,7 @@ import (
 type KargoAgent struct {
 	ID                            types.String    `tfsdk:"id"`
 	InstanceID                    types.String    `tfsdk:"instance_id"`
+	Workspace                     types.String    `tfsdk:"workspace"`
 	Name                          types.String    `tfsdk:"name"`
 	Namespace                     types.String    `tfsdk:"namespace"`
 	Labels                        types.Map       `tfsdk:"labels"`

docs/data-sources/kargo_agent.md

@@ -35,6 +35,7 @@ data "akp_kargo_agent" "example" {
 - `namespace` (String) The namespace of the Kargo agent
 - `remove_agent_resources_on_destroy` (Boolean) Whether to remove agent resources on destroy
 - `spec` (Attributes) The spec of the Kargo agent (see [below for nested schema](#nestedatt--spec))
+- `workspace` (String) Workspace name for the Kargo agent
 
 <a id="nestedatt--kube_config"></a>
 ### Nested Schema for `kube_config`

docs/data-sources/kargo_agents.md

@@ -51,6 +51,7 @@ Read-Only:
 - `namespace` (String) The namespace of the Kargo agent
 - `remove_agent_resources_on_destroy` (Boolean) Whether to remove agent resources on destroy
 - `spec` (Attributes) The spec of the Kargo agent (see [below for nested schema](#nestedatt--agents--spec))
+- `workspace` (String) Workspace name for the Kargo agent
 
 <a id="nestedatt--agents--kube_config"></a>
 ### Nested Schema for `agents.kube_config`

docs/data-sources/kargo_instance.md

@@ -31,6 +31,7 @@ data "akp_kargo_instance" "example" {
 - `kargo` (Attributes) Specification of the Kargo instance (see [below for nested schema](#nestedatt--kargo))
 - `kargo_cm` (Map of String) ConfigMap to configure system account accesses. The usage can be found in the examples/resources/akp_kargo_instance/resource.tf
 - `kargo_secret` (Map of String) Secret to configure system account accesses. The usage can be found in the examples/resources/akp_kargo_instance/resource.tf
+- `workspace` (String) Workspace name for the Kargo instance
 
 <a id="nestedatt--kargo"></a>
 ### Nested Schema for `kargo`

docs/resources/kargo_agent.md

@@ -29,6 +29,7 @@ resource "akp_kargo_agent" "example-agent" {
   instance_id = akp_kargo_instance.example.id
   name        = "test-agent"
   namespace   = "test-namespace"
+  workspace   = "kargo-workspace"
   labels = {
     "app" = "kargo"
   }
@@ -54,6 +55,7 @@ resource "akp_kargo_agent" "example-agent" {
   instance_id = akp_kargo_instance.example.id
   name        = "test-agent"
   namespace   = "test-namespace"
+  workspace   = "kargo-workspace"
   labels = {
     "app" = "kargo"
   }
@@ -105,6 +107,7 @@ EOT
 - `labels` (Map of String) Labels
 - `namespace` (String) The namespace of the Kargo agent
 - `remove_agent_resources_on_destroy` (Boolean) Remove agent Kubernetes resources from the managed cluster when destroying cluster, default to `true`
+- `workspace` (String) Workspace name for the Kargo agent
 
 ### Read-Only
 

docs/resources/kargo_instance.md

@@ -26,7 +26,8 @@ resource "akp_kargo_instance" "example" {
 ## Example Usage (Exhaustive)
 ```terraform
 resource "akp_kargo_instance" "example" {
-  name = "test"
+  name      = "test"
+  workspace = "kargo-workspace"
   kargo_cm = {
     adminAccountEnabled  = "true"
     adminAccountTokenTtl = "24h"
@@ -128,6 +129,7 @@ EOT
 
 - `kargo_cm` (Map of String) ConfigMap to configure system account accesses. The usage can be found in the examples/resources/akp_kargo_instance/resource.tf
 - `kargo_secret` (Map of String, Sensitive) Secret to configure system account accesses. The usage can be found in the examples/resources/akp_kargo_instance/resource.tf
+- `workspace` (String) Workspace name for the Kargo instance
 
 ### Read-Only
 

examples/resources/akp_kargo_agent/akuity_managed.tf

@@ -2,6 +2,7 @@ resource "akp_kargo_agent" "example-agent" {
   instance_id = akp_kargo_instance.example.id
   name        = "test-agent"
   namespace   = "test-namespace"
+  workspace   = "kargo-workspace"
   labels = {
     "app" = "kargo"
   }

examples/resources/akp_kargo_agent/self_hosted.tf

@@ -2,6 +2,7 @@ resource "akp_kargo_agent" "example-agent" {
   instance_id = akp_kargo_instance.example.id
   name        = "test-agent"
   namespace   = "test-namespace"
+  workspace   = "kargo-workspace"
   labels = {
     "app" = "kargo"
   }

examples/resources/akp_kargo_instance/resource.tf

@@ -1,5 +1,6 @@
 resource "akp_kargo_instance" "example" {
-  name = "test"
+  name      = "test"
+  workspace = "kargo-workspace"
   kargo_cm = {
     adminAccountEnabled  = "true"
     adminAccountTokenTtl = "24h"