Add resource identity to kubernetes_manifest (#2737)

Author: jrhouston

.changelog/2737.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+Add ResourceIdentity support to kubernetes_manifest
+```

manifest/provider/apply.go

@@ -20,9 +20,11 @@ import (
 	"k8s.io/client-go/dynamic"
 )
 
-var defaultCreateTimeout = "10m"
-var defaultUpdateTimeout = "10m"
-var defaultDeleteTimeout = "10m"
+var (
+	defaultCreateTimeout = "10m"
+	defaultUpdateTimeout = "10m"
+	defaultDeleteTimeout = "10m"
+)
 
 // ApplyResourceChange function
 func (s *RawProviderServer) ApplyResourceChange(ctx context.Context, req *tfprotov5.ApplyResourceChangeRequest) (*tfprotov5.ApplyResourceChangeResponse, error) {
@@ -482,6 +484,15 @@ func (s *RawProviderServer) ApplyResourceChange(ctx context.Context, req *tfprot
 			return resp, err
 		}
 		resp.NewState = &newResState
+
+		// set resource identity data
+		idData, err := createIdentityData(result)
+		if err != nil {
+			return resp, err
+		}
+		resp.NewIdentity = &tfprotov5.ResourceIdentityData{
+			IdentityData: &idData,
+		}
 	case applyPlannedState.IsNull():
 		// Delete the resource
 		priorStateVal := make(map[string]tftypes.Value)

manifest/provider/import.go

@@ -15,6 +15,7 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
 // ImportResourceState function
@@ -49,7 +50,14 @@ func (s *RawProviderServer) ImportResourceState(ctx context.Context, req *tfprot
 		return resp, nil
 	}
 
-	gvk, name, namespace, err := util.ParseResourceID(req.ID)
+	var gvk schema.GroupVersionKind
+	var name, namespace string
+	var err error
+	if req.Identity != nil {
+		gvk, name, namespace, err = parseResourceIdentityData(req.Identity)
+	} else {
+		gvk, name, namespace, err = util.ParseResourceID(req.ID)
+	}
 	if err != nil {
 		resp.Diagnostics = append(resp.Diagnostics, &tfprotov5.Diagnostic{
 			Severity: tfprotov5.DiagnosticSeverityError,
@@ -58,6 +66,7 @@ func (s *RawProviderServer) ImportResourceState(ctx context.Context, req *tfprot
 		})
 	}
 	s.logger.Trace("[ImportResourceState]", "[ID]", gvk, name, namespace)
+
 	rt, err := GetResourceType(req.TypeName)
 	if err != nil {
 		resp.Diagnostics = append(resp.Diagnostics, &tfprotov5.Diagnostic{
@@ -196,16 +205,24 @@ func (s *RawProviderServer) ImportResourceState(ctx context.Context, req *tfprot
 			Detail:   err.Error(),
 		})
 	}
+	idData, err := createIdentityData(ro)
+	if err != nil {
+		return resp, err
+	}
 	nr := &tfprotov5.ImportedResource{
 		TypeName: req.TypeName,
 		State:    &impState,
 		Private:  fb,
+		Identity: &tfprotov5.ResourceIdentityData{
+			IdentityData: &idData,
+		},
 	}
 	resp.ImportedResources = append(resp.ImportedResources, nr)
 	resp.Diagnostics = append(resp.Diagnostics, &tfprotov5.Diagnostic{
 		Severity: tfprotov5.DiagnosticSeverityWarning,
 		Summary:  "Apply needed after 'import'",
 		Detail:   "Please run apply after a successful import to realign the resource state to the configuration in Terraform.",
 	})
+
 	return resp, nil
 }

manifest/provider/read.go

@@ -194,5 +194,15 @@ func (s *RawProviderServer) ReadResource(ctx context.Context, req *tfprotov5.Rea
 		return resp, err
 	}
 	resp.NewState = &newState
+
+	// set resource identity data
+	idData, err := createIdentityData(ro)
+	if err != nil {
+		return resp, err
+	}
+	resp.NewIdentity = &tfprotov5.ResourceIdentityData{
+		IdentityData: &idData,
+	}
+
 	return resp, nil
 }

manifest/provider/resourceidentity.go

@@ -0,0 +1,81 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-go/tfprotov5"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+func (s *RawProviderServer) GetResourceIdentitySchemas(ctx context.Context, req *tfprotov5.GetResourceIdentitySchemasRequest) (*tfprotov5.GetResourceIdentitySchemasResponse, error) {
+	s.logger.Trace("[GetResourceIdentitySchemas][Request]\n%s\n", dump(*req))
+	resp := &tfprotov5.GetResourceIdentitySchemasResponse{
+		IdentitySchemas: map[string]*tfprotov5.ResourceIdentitySchema{
+			"kubernetes_manifest": {
+				Version: 1,
+				IdentityAttributes: []*tfprotov5.ResourceIdentitySchemaAttribute{
+					{Name: "api_version", RequiredForImport: true, Type: tftypes.String},
+					{Name: "kind", RequiredForImport: true, Type: tftypes.String},
+					{Name: "name", RequiredForImport: true, Type: tftypes.String},
+					{Name: "namespace", OptionalForImport: true, Type: tftypes.String},
+				},
+			},
+		},
+	}
+	return resp, nil
+}
+
+func (s *RawProviderServer) UpgradeResourceIdentity(ctx context.Context, req *tfprotov5.UpgradeResourceIdentityRequest) (*tfprotov5.UpgradeResourceIdentityResponse, error) {
+	s.logger.Trace("[UpgradeResourceIdentity][Request]\n%s\n", dump(*req))
+	resp := &tfprotov5.UpgradeResourceIdentityResponse{}
+	return resp, nil
+}
+
+func parseResourceIdentityData(rid *tfprotov5.ResourceIdentityData) (schema.GroupVersionKind, string, string, error) {
+	namespace := "default"
+	var apiVersion, kind, name string
+
+	iddata, err := rid.IdentityData.Unmarshal(getIdentityType())
+	if err != nil {
+		return schema.GroupVersionKind{}, "", "",
+			fmt.Errorf("could not unmarshal identity data: %v", err.Error())
+	}
+
+	var idvals map[string]tftypes.Value
+	iddata.As(&idvals)
+
+	idvals["api_version"].As(&apiVersion)
+	idvals["kind"].As(&kind)
+	idvals["namespace"].As(&namespace)
+	idvals["name"].As(&name)
+
+	gvk := schema.FromAPIVersionAndKind(apiVersion, kind)
+	return gvk, name, namespace, nil
+}
+
+func getIdentityType() tftypes.Type {
+	return tftypes.Object{
+		AttributeTypes: map[string]tftypes.Type{
+			"namespace":   tftypes.String,
+			"name":        tftypes.String,
+			"api_version": tftypes.String,
+			"kind":        tftypes.String,
+		},
+	}
+}
+
+func createIdentityData(obj *unstructured.Unstructured) (tfprotov5.DynamicValue, error) {
+	idVal := tftypes.NewValue(getIdentityType(), map[string]tftypes.Value{
+		"namespace":   tftypes.NewValue(tftypes.String, obj.GetNamespace()),
+		"name":        tftypes.NewValue(tftypes.String, obj.GetName()),
+		"api_version": tftypes.NewValue(tftypes.String, obj.GetAPIVersion()),
+		"kind":        tftypes.NewValue(tftypes.String, obj.GetKind()),
+	})
+	return tfprotov5.NewDynamicValue(idVal.Type(), idVal)
+}

manifest/provider/server.go

@@ -23,9 +23,11 @@ func init() {
 	install.Install(scheme.Scheme)
 }
 
-var _ tfprotov5.ProviderServer = &RawProviderServer{}
-var _ tfprotov5.ResourceServer = &RawProviderServer{}
-var _ tfprotov5.DataSourceServer = &RawProviderServer{}
+var (
+	_ tfprotov5.ProviderServer   = &RawProviderServer{}
+	_ tfprotov5.ResourceServer   = &RawProviderServer{}
+	_ tfprotov5.DataSourceServer = &RawProviderServer{}
+)
 
 // RawProviderServer implements the ProviderServer interface as exported from ProtoBuf.
 type RawProviderServer struct {
@@ -136,15 +138,3 @@ func (s *RawProviderServer) ValidateEphemeralResourceConfig(ctx context.Context,
 	resp := &tfprotov5.ValidateEphemeralResourceConfigResponse{}
 	return resp, nil
 }
-
-func (s *RawProviderServer) GetResourceIdentitySchemas(ctx context.Context, req *tfprotov5.GetResourceIdentitySchemasRequest) (*tfprotov5.GetResourceIdentitySchemasResponse, error) {
-	s.logger.Trace("[GetResourceIdentitySchemas][Request]\n%s\n", dump(*req))
-	resp := &tfprotov5.GetResourceIdentitySchemasResponse{}
-	return resp, nil
-}
-
-func (s *RawProviderServer) UpgradeResourceIdentity(ctx context.Context, req *tfprotov5.UpgradeResourceIdentityRequest) (*tfprotov5.UpgradeResourceIdentityResponse, error) {
-	s.logger.Trace("[UpgradeResourceIdentity][Request]\n%s\n", dump(*req))
-	resp := &tfprotov5.UpgradeResourceIdentityResponse{}
-	return resp, nil
-}

manifest/test/acceptance/configmap_test.go

@@ -11,6 +11,7 @@ import (
 	"testing"
 
 	"github.com/hashicorp/go-hclog"
+	version "github.com/hashicorp/go-version"
 	"github.com/hashicorp/terraform-provider-kubernetes/manifest/provider"
 	"github.com/hashicorp/terraform-provider-kubernetes/manifest/test/helper/kubernetes"
 	tfstatehelper "github.com/hashicorp/terraform-provider-kubernetes/manifest/test/helper/state"
@@ -87,4 +88,18 @@ func TestKubernetesManifest_ConfigMap(t *testing.T) {
 	tfstate.AssertAttributeNotEmpty(t, "kubernetes_manifest.test.object.metadata.labels.test")
 
 	tfstate.AssertAttributeDoesNotExist(t, "kubernetes_manifest.test.spec")
+
+	tfversion, err := tf.Version(ctx)
+	if err != nil {
+		t.Fatalf("Failed to retrieve terraform version: %v", err)
+	}
+	constraint, _ := version.NewConstraint(">= 1.12.0")
+	if constraint.Check(tfversion) {
+		tfstate.AssertIdentityValueEqual(t, "kubernetes_manifest.test", "api_version", "v1")
+		tfstate.AssertIdentityValueEqual(t, "kubernetes_manifest.test", "kind", "ConfigMap")
+		tfstate.AssertIdentityValueEqual(t, "kubernetes_manifest.test", "name", name)
+		tfstate.AssertIdentityValueEqual(t, "kubernetes_manifest.test", "namespace", namespace)
+	} else {
+		t.Logf("Skipping identity assertions because terraform version %s is less than 1.12.0", tfversion)
+	}
 }

manifest/test/helper/state/state_helper.go

@@ -26,6 +26,7 @@ type Helper struct {
 func NewHelper(tfstate *tfjson.State) *Helper {
 	return &Helper{tfstate}
 }
+
 func (s *Helper) ResourceExists(t *testing.T, resourceAddress string) bool {
 	t.Helper()
 	_, err := getAttributesValuesFromResource(s, resourceAddress)
@@ -42,6 +43,16 @@ func getAttributesValuesFromResource(state *Helper, address string) (interface{}
 	return nil, fmt.Errorf("Could not find resource %q in state", address)
 }
 
+// getIdentityValues pulls out the getIdentityValues field from the resource at the given address
+func getIdentityValuesFromResource(state *Helper, address string) (map[string]any, error) {
+	for _, r := range state.Values.RootModule.Resources {
+		if r.Address == address {
+			return r.IdentityValues, nil
+		}
+	}
+	return nil, fmt.Errorf("Could not find resource %q in state", address)
+}
+
 // getOutputValues gets the given output name value from the state
 func getOutputValues(state *Helper, name string) (interface{}, error) {
 	for n, v := range state.Values.Outputs {
@@ -95,10 +106,10 @@ func parseStateAddress(address string) (string, string) {
 	switch parts[0] {
 	case "data":
 		resourceAddress = strings.Join(parts[0:3], ".")
-		attributeAddress = strings.Join(parts[3:len(parts)], ".")
+		attributeAddress = strings.Join(parts[3:], ".")
 	default:
 		resourceAddress = strings.Join(parts[0:2], ".")
-		attributeAddress = strings.Join(parts[2:len(parts)], ".")
+		attributeAddress = strings.Join(parts[2:], ".")
 	}
 
 	return resourceAddress, attributeAddress
@@ -123,6 +134,22 @@ func (s *Helper) GetAttributeValue(t *testing.T, address string) interface{} {
 	return value
 }
 
+// GetIdentityValue will get the identity value at the given resource address from the state
+func (s *Helper) GetIdentityValue(t *testing.T, address string, identitykey string) interface{} {
+	t.Helper()
+
+	identityvals, err := getIdentityValuesFromResource(s, address)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	val, ok := identityvals[identitykey]
+	if !ok {
+		t.Fatalf("resource identity value %q does not exist for %q", identitykey, address)
+	}
+	return val
+}
+
 // GetOutputValue gets the given output name value from the state
 func (s *Helper) GetOutputValue(t *testing.T, name string) interface{} {
 	t.Helper()
@@ -157,6 +184,14 @@ func (s *Helper) AssertAttributeEqual(t *testing.T, address string, expectedValu
 		fmt.Sprintf("Address: %q", address))
 }
 
+// AssertIdentityValueEqual will fail the test if the identity value does not equal expectedValue
+func (s *Helper) AssertIdentityValueEqual(t *testing.T, address string, identitykey string, expectedValue interface{}) {
+	t.Helper()
+
+	assert.EqualValues(t, expectedValue, s.GetIdentityValue(t, address, identitykey),
+		fmt.Sprintf("Resource: %q, Identity key: %q", address, identitykey))
+}
+
 // AssertAttributeNotEqual will fail the test if the attribute is equal to expectedValue
 func (s *Helper) AssertAttributeNotEqual(t *testing.T, address string, expectedValue interface{}) {
 	t.Helper()

manifest/test/plugintest/working_dir.go

@@ -12,6 +12,8 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/hashicorp/go-version"
+
 	"github.com/hashicorp/terraform-exec/tfexec"
 	tfjson "github.com/hashicorp/terraform-json"
 	"github.com/hashicorp/terraform-provider-kubernetes/manifest/test/logging"
@@ -84,7 +86,7 @@ func (wd *WorkingDir) SetConfig(ctx context.Context, cfg string) error {
 	if err := os.Remove(rmFilename); err != nil && !os.IsNotExist(err) {
 		return fmt.Errorf("unable to remove %q: %w", rmFilename, err)
 	}
-	err := os.WriteFile(outFilename, bCfg, 0700)
+	err := os.WriteFile(outFilename, bCfg, 0o700)
 	if err != nil {
 		return err
 	}
@@ -326,3 +328,16 @@ func (wd *WorkingDir) Schemas(ctx context.Context) (*tfjson.ProviderSchemas, err
 
 	return providerSchemas, err
 }
+
+// Version returns the current version of Terraform
+//
+// If the version cannot be read, Version returns an error.
+func (wd *WorkingDir) Version(ctx context.Context) (*version.Version, error) {
+	logging.HelperResourceTrace(ctx, "Calling Terraform CLI providers version command")
+
+	version, _, err := wd.tf.Version(context.Background(), false)
+
+	logging.HelperResourceTrace(ctx, "Called Terraform CLI providers version command")
+
+	return version, err
+}