Require one of kubeconfig_path or kubeconfig_raw fix #90

This commit changes the provider to require exactly one of
`kubeconfig_path` or `kubeconfig_raw` set. The environment variable
`KUBECONFIG_PATH` is available to set `kubeconfig_path`.

Previously, the provider tried to find a valid configuration
in either `kubeconfig_raw` or `kubeconfig_path` and would fall
back to `kubectl` default environment variables and paths if
no configuration was given.

Author: pst

.github/workflows/main.yml

@@ -35,14 +35,14 @@ jobs:
 
     - name: 'Run TF acceptance tests (${{ matrix.runner }})'
       if: startsWith(matrix.runner, 'ubuntu-')
-      run: |
-        export KUBECONFIG="$(kind get kubeconfig-path --name="kind")"
-        make test
       env:
-        TF_ACC: '1'
+        KUBECONFIG_PATH: ~/.kube/config
+      run: make test
 
     - name: 'Run TF unit tests (${{ matrix.runner }})'
       if: startsWith(matrix.runner, 'ubuntu-') == false
+      env:
+        KUBECONFIG_PATH: ~/.kube/config
       run: go test -v ./kustomize
 
   compile_provider:
@@ -86,6 +86,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: [compile_provider]
 
+    env:
+      KUBECONFIG_PATH: ~/.kube/config
+
     steps:
     - name: 'Checkout'
       uses: actions/checkout@v1
@@ -110,10 +113,6 @@ jobs:
       with:
         version: "v0.9.0"
 
-    - name: 'Set KUBECONFIG env var'
-      run: |
-        export KUBECONFIG="$(kind get kubeconfig-path --name="kind")"
-
     - name: 'Terraform Init'
       run: terraform init
 
@@ -150,10 +149,9 @@ jobs:
 
     - name: 'Create provider.tf with kubeconfig_raw'
       run: |
-        unset KUBECONFIG
         echo "provider "kustomization" {" > provider.tf
         echo "  kubeconfig_raw = <<EOT" >> provider.tf
-        cat $(kind get kubeconfig-path --name="kind") >> provider.tf
+        kind get kubeconfig --name kind >> provider.tf
         echo "EOT" >> provider.tf
         echo "}" >> provider.tf
 
@@ -167,6 +165,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: [compile_provider]
 
+    env:
+      KUBECONFIG_PATH: ~/.kube/config
+
     steps:
     - name: 'Checkout'
       uses: actions/checkout@v1
@@ -191,10 +192,6 @@ jobs:
     - name: 'Ensure provider is executable'
       run: chmod +x terraform.d/plugins/registry.terraform.io/kbst/kustomization/1.0.0/linux_amd64/terraform-provider-kustomization_v1.0.0
 
-    - name: 'Set KUBECONFIG env var'
-      run: |
-        export KUBECONFIG="$(kind get kubeconfig-path --name="kind")"
-
     - name: 'Download kustomize'
       run: |
         wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv3.5.4/kustomize_v3.5.4_linux_amd64.tar.gz

README.md

@@ -2,17 +2,7 @@
 
 ![Run Tests](https://github.com/kbst/terraform-provider-kustomize/workflows/Run%20Tests/badge.svg?branch=master&event=push)
 
-This provider aims to solve 3 common issues of applying a kustomization using kubectl by integrating Kustomize and Terraform.
-
-1. Lack of feedback what changes will be applied.
-1. Resources from a previous apply not in the current apply are not purged.
-1. Immutable changes like e.g. changing a deployment's selector cause the apply to fail mid way.
-
-To solve this the provider uses the Terraform state to show changes to each resource individually during plan as well as track resources in need of purging.
-
-It also uses [server side dry runs](https://kubernetes.io/docs/reference/using-api/api-concepts/#dry-run) to validate changes to the desired state and translate this into a Terraform plan that will show if a resource will be updated in-place or requires a delete and recreate to apply the changes.
-
-As such it can be useful both to replace kustomize/kubectl integrated into a Terraform configuration as a provisioner as well as standalone `kubectl diff/apply` steps in CI/CD.
+This provider is maintained as part of the [Terraform GitOps framework Kubestack](https://www.kubestack.com/).
 
 ## Using the Provider
 
@@ -25,16 +15,16 @@ The Terraform provider for Kustomize is available from the [Terraform registry](
 
 ## Building and Developing the Provider
 
-To work on the provider, you need go installed on your machine (version 1.13.x tested). The provider uses go mod to manage its dependencies, so GOPATH is not required.
+To work on the provider, you need go installed on your machine. The provider uses go mod to manage its dependencies, so GOPATH is not required.
 
 To compile the provider, run `make build` as shown below. This will build the provider and put the provider binary in the `terraform.d/plugins/linux_amd64/` directory.
 
 ```sh
-$ make build
+make build
 ```
 
-In order to test the provider, you can simply run the acceptance tests using `make test`. You can set the `KUBECONFIG` environment variable to point the tests to a specific cluster or set the context of your current config accordingly. The tests create namespaces on the current context. [Kind](https://github.com/kubernetes-sigs/kind) or [Minikube](https://github.com/kubernetes/minikube) clusters work well for testing.
+In order to test the provider, run the acceptance tests using `make test`. You have to set the `KUBECONFIG_PATH` environment variable to point the tests to a valid config file. Each tests uses an individual namespaces. [Kind](https://github.com/kubernetes-sigs/kind) or [Minikube](https://github.com/kubernetes/minikube) clusters work well for testing.
 
 ```sh
-$ make test
+make test
 ```

docs/index.md

@@ -1,16 +1,18 @@
 # Kustomize Provider
 
-This provider aims to solve 3 common issues of applying a kustomization using kubectl by integrating Kustomize and Terraform.
+This provider allows building existing kustomizations using the `kustomization_build` data source or defining
+dynamic kustomizations in HCL using the `kustomization_overlay` data source and applying the resources from
+either kustomization against a Kubernetes cluster using the `kustomization_resource` resource.
 
-1. Lack of feedback what changes will be applied.
-1. Resources from a previous apply not in the current apply are not purged.
-1. Immutable changes like e.g. changing a deployment's selector cause the apply to fail mid way.
+The provider is maintained as part of the [Terraform GitOps framework Kubestack](https://www.kubestack.com/).
 
-To solve this the provider uses the Terraform state to show changes to each resource individually during plan as well as track resources in need of purging.
+Using this Kustomize provider and Terraform has three main benefits compared to applying a kustomization using `kubectl`:
 
-It also uses [server side dry runs](https://kubernetes.io/docs/reference/using-api/api-concepts/#dry-run) to validate changes to the desired state and translate this into a Terraform plan that will show if a resource will be updated in-place or requires a delete and recreate to apply the changes.
+1. Running `terraform plan` will show a diff of the changes to be applied.
+1. Deleted resources from a previous configuration will be purged.
+1. Changes to immutable fields will generate a destroy and re-create plan.
 
-As such it can be useful both to replace kustomize/kubectl integrated into a Terraform configuration as a provisioner as well as standalone `kubectl diff/apply` steps in CI/CD. The provider was primarily developed for Kubestack, the [Terraform GitOps framework](https://www.kubestack.com/), but is supported and tested to be used standalone.
+As such the provider can be useful to replace kustomize/kubectl integrated into a Terraform configuration as a provisioner or to replace standalone `kubectl diff/apply` steps in CI/CD.
 
 ## Example Usage
 
@@ -19,21 +21,28 @@ terraform {
   required_providers {
     kustomization = {
       source  = "kbst/kustomization"
-      version = ">= 0.2"
+      version = "0.5.0"
     }
   }
-  required_version = ">= 0.12"
 }
 
-provider "kustomization" {}
+provider "kustomization" {
+  # one of kubeconfig_path or kubeconfig_raw is required
+
+  # kubeconfig_path = "~/.kube/config"
+  # can also be set using KUBECONFIG_PATH environment variable
+
+  # kubeconfig_raw = data.template_file.kubeconfig.rendered
+  # kubeconfig_raw = yamlencode(local.kubeconfig)
+}
 
 ```
 
 ## Argument Reference
 
-- `kubeconfig_path` - (Optional) Path to a kubeconfig file. Defaults to `KUBECONFIG`, `KUBE_CONFIG` or `~/.kube/config`.
-- `kubeconfig_raw` - (Optional) Raw kubeconfig file. If kubeconfig_raw is set, kubeconfig_path is ignored.
-- `context` - (Optional) Context to use in kubeconfig with multiple contexts, if not specified the default context is to be used.
+- `kubeconfig_path` - (One of `kubeconfig_path` or `kubeconfig_raw` required) Path to a kubeconfig file. Can be set using `KUBECONFIG_PATH` environment variable.
+- `kubeconfig_raw` - (One of `kubeconfig_path` or `kubeconfig_raw` required) Raw kubeconfig file. If `kubeconfig_raw` is set, `kubeconfig_path` is ignored.
+- `context` - (Optional) Context to use in kubeconfig with multiple contexts, if not specified the default context is used.
 
 ## Imports
 

kustomize/provider.go

@@ -27,8 +27,6 @@ type Config struct {
 	Mutex                  *sync.Mutex
 }
 
-const kubeconfigDefault = "~/.kube/config"
-
 // Provider ...
 func Provider() *schema.Provider {
 	p := &schema.Provider{
@@ -48,21 +46,17 @@ func Provider() *schema.Provider {
 
 		Schema: map[string]*schema.Schema{
 			"kubeconfig_path": {
-				Type:     schema.TypeString,
-				Optional: true,
-				DefaultFunc: schema.MultiEnvDefaultFunc(
-					[]string{
-						"KUBE_CONFIG",
-						"KUBECONFIG",
-					},
-					kubeconfigDefault),
-				Description: fmt.Sprintf("Path to a kubeconfig file. Defaults to '%s'.", kubeconfigDefault),
+				Type:         schema.TypeString,
+				Optional:     true,
+				DefaultFunc:  schema.EnvDefaultFunc("KUBECONFIG_PATH", nil),
+				ExactlyOneOf: []string{"kubeconfig_path", "kubeconfig_raw"},
+				Description:  fmt.Sprintf("Path to a kubeconfig file. Can be set using KUBECONFIG_PATH env var. Either kubeconfig_path or kubeconfig_raw is required."),
 			},
 			"kubeconfig_raw": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				Default:     "",
-				Description: "Raw kubeconfig file. If kubeconfig_raw is set,  kubeconfig_path is ignored.",
+				Type:         schema.TypeString,
+				Optional:     true,
+				ExactlyOneOf: []string{"kubeconfig_path", "kubeconfig_raw"},
+				Description:  "Raw kube config. If kubeconfig_raw is set, kubeconfig_path is ignored.",
 			},
 			"context": {
 				Type:        schema.TypeString,
@@ -78,36 +72,44 @@ func Provider() *schema.Provider {
 		var config *rest.Config
 		var err error
 
-		context := d.Get("context").(string)
 		raw := d.Get("kubeconfig_raw").(string)
-		data = []byte(raw)
+		path := d.Get("kubeconfig_path").(string)
+		context := d.Get("context").(string)
 
-		// try to get a config from kubeconfig_raw
-		config, err = getClientConfig(data, context)
-		if err != nil {
-			// if kubeconfig_raw did not work, try kubeconfig_path
-			path := d.Get("kubeconfig_path").(string)
-			data, _ = readKubeconfigFile(path)
+		if raw != "" {
+			config, err = getClientConfig([]byte(raw), context)
+			if err != nil {
+				return nil, fmt.Errorf("provider kustomization: kubeconfig_raw: %s", err)
+			}
+		}
 
+		if raw == "" && path != "" {
+			data, _ = readKubeconfigFile(path)
 			config, err = getClientConfig(data, context)
 			if err != nil {
-				// if neither worked we fall back to an empty default config
-				config = &rest.Config{}
+				return nil, fmt.Errorf("provider kustomization: kubeconfig_path: %s", err)
 			}
 		}
 
+		// empty default config required to support
+		// using a cluster resource or data source
+		// that may not exist yet, to configure the provider
+		if config == nil {
+			config = &rest.Config{}
+		}
+
 		// Increase QPS and Burst rate limits
 		config.QPS = 120
 		config.Burst = 240
 
 		client, err := dynamic.NewForConfig(config)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("provider kustomization: %s", err)
 		}
 
 		clientset, err := kubernetes.NewForConfig(config)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("provider kustomization: %s", err)
 		}
 
 		cgvk := newCachedGroupVersionKind(clientset)