Add proxy_url attribute to provider configuration block (#1441)

Co-authored-by: John Houston <[email protected]>
Co-authored-by: Peter Hrvola <[email protected]>

Author: jrhouston

kubernetes/provider.go

@@ -107,6 +107,12 @@ func Provider() *schema.Provider {
 				DefaultFunc: schema.EnvDefaultFunc("KUBE_TOKEN", ""),
 				Description: "Token to authenticate an service account",
 			},
+			"proxy_url": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "URL to the proxy to be used for all API requests",
+				DefaultFunc: schema.EnvDefaultFunc("KUBE_PROXY_URL", ""),
+			},
 			"exec": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -410,6 +416,10 @@ func initializeConfiguration(d *schema.ResourceData) (*restclient.Config, error)
 		overrides.AuthInfo.Exec = exec
 	}
 
+	if v, ok := d.GetOk("proxy_url"); ok {
+		overrides.ClusterDefaults.ProxyURL = v.(string)
+	}
+
 	cc := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loader, overrides)
 	cfg, err := cc.ClientConfig()
 	if err != nil {

manifest/provider/configure.go

@@ -486,6 +486,24 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
 		overrides.AuthInfo.Token = token
 	}
 
+	var proxyURL string
+	if !providerConfig["proxy_url"].IsNull() && providerConfig["proxy_url"].IsKnown() {
+		err = providerConfig["proxy_url"].As(&proxyURL)
+		if err != nil {
+			// invalid attribute type - this shouldn't happen, bail out for now
+			response.Diagnostics = append(response.Diagnostics, &tfprotov5.Diagnostic{
+				Severity: tfprotov5.DiagnosticSeverityError,
+				Summary:  "Provider configuration: failed to assert type of 'proxy_url' value",
+				Detail:   err.Error(),
+			})
+			return response, nil
+		}
+		overrides.ClusterDefaults.ProxyURL = proxyURL
+	}
+	if proxyUrl, ok := os.LookupEnv("KUBE_PROXY_URL"); ok && proxyUrl != "" {
+		overrides.ClusterDefaults.ProxyURL = proxyURL
+	}
+
 	if !providerConfig["exec"].IsNull() && providerConfig["exec"].IsKnown() {
 		var execBlock []tftypes.Value
 		err = providerConfig["exec"].As(&execBlock)

manifest/provider/provider_config.go

@@ -153,6 +153,17 @@ func GetProviderConfigSchema() *tfprotov5.Schema {
 				DescriptionKind: 0,
 				Deprecated:      false,
 			},
+			{
+				Name:            "proxy_url",
+				Type:            tftypes.String,
+				Description:     "URL to the proxy to be used for all API requests",
+				Required:        false,
+				Optional:        true,
+				Computed:        false,
+				Sensitive:       false,
+				DescriptionKind: 0,
+				Deprecated:      false,
+			},
 		},
 		BlockTypes: []*tfprotov5.SchemaNestedBlock{
 			{

website/docs/index.html.markdown

@@ -148,6 +148,7 @@ The following arguments are supported:
 * `config_context_auth_info` - (Optional) Authentication info context of the kube config (name of the kubeconfig user, `--user` flag in `kubectl`). Can be sourced from `KUBE_CTX_AUTH_INFO`.
 * `config_context_cluster` - (Optional) Cluster context of the kube config (name of the kubeconfig cluster, `--cluster` flag in `kubectl`). Can be sourced from `KUBE_CTX_CLUSTER`.
 * `token` - (Optional) Token of your service account.  Can be sourced from `KUBE_TOKEN`.
+* `proxy_url` - (Optional) URL to the proxy to be used for all API requests. URLs with "http", "https", and "socks5" schemes are supported. Can be sourced from `KUBE_PROXY_URL`.
 * `exec` - (Optional) Configuration block to use an [exec-based credential plugin] (https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials.
     * `api_version` - (Required) API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`.
     * `command` - (Required) Command to execute.