enhanced token validation (#12)

* introduced client connection pooling
* removed import aliases
* token: added renew_before duration option, renew token automatically upon expiration or near (renew_before) expiration

Author: oboukili

README.md

@@ -136,11 +136,12 @@ resource "argocd_project" "myproject" {
 }
 
 resource "argocd_project_token" "secret" {
-  count       = 20
-  project     = argocd_project.myproject.metadata.0.name
-  role        = "foobar"
-  description = "short lived token"
-  expires_in  = 3600
+  count        = 20
+  project      = argocd_project.myproject.metadata.0.name
+  role         = "foobar"
+  description  = "short lived token"
+  expires_in   = "1h"
+  renew_before = "30m"
 }
 ```
 

argocd/features.go

@@ -3,7 +3,8 @@ package argocd
 import (
 	"fmt"
 	"github.com/Masterminds/semver"
-	argoCDApiClient "github.com/argoproj/argo-cd/pkg/apiclient"
+	"github.com/argoproj/argo-cd/pkg/apiclient"
+	"github.com/argoproj/argo-cd/pkg/apiclient/project"
 	"github.com/argoproj/argo-cd/pkg/apiclient/version"
 )
 
@@ -18,7 +19,8 @@ var (
 )
 
 type ServerInterface struct {
-	ApiClient            argoCDApiClient.Client
+	ApiClient            apiclient.Client
+	ProjectClient        project.ProjectServiceClient
 	ServerVersion        *semver.Version
 	ServerVersionMessage *version.VersionMessage
 }

argocd/features_test.go

@@ -101,11 +101,18 @@ func TestServerInterface_isFeatureSupported(t *testing.T) {
 			}
 			got, err := p.isFeatureSupported(tt.args.feature)
 			if (err != nil) != tt.wantErr {
-				t.Errorf("isFeatureSupported() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("isFeatureSupported() error = %v, wantErr %v",
+					err,
+					tt.wantErr,
+				)
 				return
 			}
 			if got != tt.want {
-				t.Errorf("isFeatureSupported() got = %v, want %v", got, tt.want)
+				t.Errorf("isFeatureSupported() got = %v, want %v, version %s",
+					got,
+					tt.want,
+					tt.fields.ServerVersion.String(),
+				)
 			}
 		})
 	}

argocd/provider.go

@@ -4,15 +4,18 @@ import (
 	"context"
 	"fmt"
 	"github.com/Masterminds/semver"
-	argoCDApiClient "github.com/argoproj/argo-cd/pkg/apiclient"
+	"github.com/argoproj/argo-cd/pkg/apiclient"
+	"github.com/argoproj/argo-cd/pkg/apiclient/project"
 	"github.com/argoproj/argo-cd/pkg/apiclient/session"
 	"github.com/argoproj/argo-cd/util"
 	"github.com/golang/protobuf/ptypes/empty"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/terraform"
 )
 
-func Provider() terraform.ResourceProvider {
+var apiClientConnOpts apiclient.ClientOptions
+
+func Provider(doneCh chan bool) terraform.ResourceProvider {
 	return &schema.Provider{
 		Schema: map[string]*schema.Schema{
 			"server_addr": {
@@ -99,61 +102,107 @@ func Provider() terraform.ResourceProvider {
 			"argocd_project":       resourceArgoCDProject(),
 			"argocd_project_token": resourceArgoCDProjectToken(),
 		},
+		ConfigureFunc: func(d *schema.ResourceData) (interface{}, error) {
+			apiClient, err := initApiClient(d)
+			if err != nil {
+				return nil, err
+			}
+			pcCloser, projectClient, err := apiClient.NewProjectClient()
+			if err != nil {
+				return nil, err
+			}
 
-		ConfigureFunc: providerConfigure,
+			// Clients connection pooling, close when the provider execution ends
+			go func(done chan bool) {
+				<-done
+				util.Close(pcCloser)
+			}(doneCh)
+			return initServerInterface(apiClient, projectClient)
+		},
 	}
 }
 
-func providerConfigure(d *schema.ResourceData) (interface{}, error) {
-	opts := argoCDApiClient.ClientOptions{}
+func initServerInterface(apiClient apiclient.Client, projectClient project.ProjectServiceClient) (interface{}, error) {
+	acCloser, versionClient, err := apiClient.NewVersionClient()
+	if err != nil {
+		return nil, err
+	}
+	defer util.Close(acCloser)
 
-	if d, ok := d.GetOk("server_addr"); ok {
-		opts.ServerAddr = d.(string)
+	serverVersionMessage, err := versionClient.Version(context.Background(), &empty.Empty{})
+	if err != nil {
+		return nil, err
+	}
+	if serverVersionMessage == nil {
+		return nil, fmt.Errorf("could not get server version information")
+	}
+	serverVersion, err := semver.NewVersion(serverVersionMessage.Version)
+	if err != nil {
+		return nil, fmt.Errorf("could not parse server semantic version: %s", serverVersionMessage.Version)
 	}
-	if d, ok := d.GetOk("plain_text"); ok {
-		opts.PlainText = d.(bool)
+
+	return ServerInterface{
+		apiClient,
+		projectClient,
+		serverVersion,
+		serverVersionMessage}, err
+}
+
+func initApiClient(d *schema.ResourceData) (
+	apiClient apiclient.Client,
+	err error) {
+
+	var opts apiclient.ClientOptions
+
+	if v, ok := d.GetOk("server_addr"); ok {
+		opts.ServerAddr = v.(string)
 	}
-	if d, ok := d.GetOk("insecure"); ok {
-		opts.Insecure = d.(bool)
+	if v, ok := d.GetOk("plain_text"); ok {
+		opts.PlainText = v.(bool)
 	}
-	if d, ok := d.GetOk("cert_file"); ok {
-		opts.CertFile = d.(string)
+	if v, ok := d.GetOk("insecure"); ok {
+		opts.Insecure = v.(bool)
 	}
-	if d, ok := d.GetOk("context"); ok {
-		opts.Context = d.(string)
+	if v, ok := d.GetOk("cert_file"); ok {
+		opts.CertFile = v.(string)
 	}
-	if d, ok := d.GetOk("user_agent"); ok {
-		opts.UserAgent = d.(string)
+	if v, ok := d.GetOk("context"); ok {
+		opts.Context = v.(string)
 	}
-	if d, ok := d.GetOk("grpc_web"); ok {
-		opts.GRPCWeb = d.(bool)
+	if v, ok := d.GetOk("user_agent"); ok {
+		opts.UserAgent = v.(string)
 	}
-	if d, ok := d.GetOk("port_forward"); ok {
-		opts.PortForward = d.(bool)
+	if v, ok := d.GetOk("grpc_web"); ok {
+		opts.GRPCWeb = v.(bool)
 	}
-	if d, ok := d.GetOk("port_forward_with_namespace"); ok {
-		opts.PortForwardNamespace = d.(string)
+	if v, ok := d.GetOk("port_forward"); ok {
+		opts.PortForward = v.(bool)
 	}
-	if d, ok := d.GetOk("headers"); ok {
-		opts.Headers = d.([]string)
+	if v, ok := d.GetOk("port_forward_with_namespace"); ok {
+		opts.PortForwardNamespace = v.(string)
+	}
+	if v, ok := d.GetOk("headers"); ok {
+		opts.Headers = v.([]string)
 	}
 
-	authToken, authTokenOk := d.GetOk("auth_token")
+	// Export provider API client connections options for use in other spawned api clients
+	apiClientConnOpts = opts
 
+	authToken, authTokenOk := d.GetOk("auth_token")
 	switch authTokenOk {
 	case true:
 		opts.AuthToken = authToken.(string)
 	case false:
 		userName, userNameOk := d.GetOk("username")
 		password, passwordOk := d.GetOk("password")
 		if userNameOk && passwordOk {
-			c, err := argoCDApiClient.NewClient(&opts)
+			apiClient, err = apiclient.NewClient(&opts)
 			if err != nil {
-				return c, err
+				return apiClient, err
 			}
-			closer, sc, err := c.NewSessionClient()
+			closer, sc, err := apiClient.NewSessionClient()
 			if err != nil {
-				return c, err
+				return apiClient, err
 			}
 			defer util.Close(closer)
 			sessionOpts := session.SessionCreateRequest{
@@ -162,37 +211,10 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 			}
 			resp, err := sc.Create(context.Background(), &sessionOpts)
 			if err != nil {
-				return c, err
+				return apiClient, err
 			}
 			opts.AuthToken = resp.Token
 		}
 	}
-
-	apiClient, err := argoCDApiClient.NewClient(&opts)
-	if err != nil {
-		return nil, err
-	}
-	// Get API version
-	acCloser, versionClient, err := apiClient.NewVersionClient()
-	if err != nil {
-		return nil, err
-	}
-	defer util.Close(acCloser)
-
-	serverVersionMessage, err := versionClient.Version(context.Background(), &empty.Empty{})
-	if err != nil {
-		return nil, err
-	}
-	if serverVersionMessage == nil {
-		return nil, fmt.Errorf("could not get server version information")
-	}
-	serverVersion, err := semver.NewVersion(serverVersionMessage.Version)
-	if err != nil {
-		return nil, fmt.Errorf("could not parse server semantic version: %s", serverVersionMessage.Version)
-	}
-
-	return ServerInterface{
-		apiClient,
-		serverVersion,
-		serverVersionMessage}, err
+	return apiclient.NewClient(&opts)
 }

argocd/provider_test.go

@@ -8,25 +8,25 @@ import (
 )
 
 var testAccProviders map[string]terraform.ResourceProvider
-var testAccProviderFactories func(providers *[]*schema.Provider) map[string]terraform.ResourceProviderFactory
 var testAccProvider *schema.Provider
-var testAccProviderFunc func() *schema.Provider
+var testDoneCh = make(chan bool, 1)
 
 func init() {
-	testAccProvider = Provider().(*schema.Provider)
+	testAccProvider = Provider(testDoneCh).(*schema.Provider)
 	testAccProviders = map[string]terraform.ResourceProvider{
 		"argocd": testAccProvider,
 	}
+	testDoneCh <- true
 }
 
 func TestProvider(t *testing.T) {
-	if err := Provider().(*schema.Provider).InternalValidate(); err != nil {
+	if err := Provider(testDoneCh).(*schema.Provider).InternalValidate(); err != nil {
 		t.Fatalf("err: %s", err)
 	}
 }
 
 func TestProvider_impl(t *testing.T) {
-	var _ terraform.ResourceProvider = Provider()
+	var _ = Provider(testDoneCh)
 }
 
 func testAccPreCheck(t *testing.T) {