Add conflictswith warning level message

Author: dak1n1

kubernetes/provider.go

@@ -7,7 +7,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/mitchellh/go-homedir"
 	apimachineryschema "k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/discovery"
@@ -25,65 +24,80 @@ import (
 )
 
 func Provider() *schema.Provider {
+	conditionsMessage := "Specifying more than one authentication method can lead to unpredictable behavior." +
+		" This option will be removed in a future release. Please update your configuration."
 	p := &schema.Provider{
 		Schema: map[string]*schema.Schema{
 			"host": {
-				Type:             schema.TypeString,
-				Optional:         true,
-				DefaultFunc:      schema.EnvDefaultFunc("KUBE_HOST", nil),
-				Description:      "The hostname (in form of URI) of Kubernetes master.",
-				ConflictsWith:    []string{"config_path", "config_paths"},
-				ValidateDiagFunc: validation.ToDiagFunc(validation.IsURLWithHTTPorHTTPS),
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_HOST", nil),
+				Description:       "The hostname (in form of URI) of Kubernetes master.",
+				ConflictsWith:     []string{"config_path", "config_paths"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: conditionsMessage,
 				// TODO: enable this when AtLeastOneOf works with optional attributes.
 				// https://github.com/hashicorp/terraform-plugin-sdk/issues/705
 				// AtLeastOneOf: []string{"token", "exec", "username", "password", "client_certificate", "client_key"},
 			},
 			"username": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_USER", nil),
-				Description:   "The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
-				ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
-				RequiredWith:  []string{"password", "host"},
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_USER", nil),
+				Description:       "The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
+				ConflictsWith:     []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
+				RequiredWith:      []string{"password", "host"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: conditionsMessage,
 			},
 			"password": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_PASSWORD", nil),
-				Description:   "The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
-				ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
-				RequiredWith:  []string{"username", "host"},
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_PASSWORD", nil),
+				Description:       "The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
+				ConflictsWith:     []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
+				RequiredWith:      []string{"username", "host"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: conditionsMessage,
 			},
 			"insecure": {
-				Type:          schema.TypeBool,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_INSECURE", nil),
-				Description:   "Whether server should be accessed without verifying the TLS certificate.",
-				ConflictsWith: []string{"cluster_ca_certificate", "client_key", "client_certificate", "exec"},
+				Type:              schema.TypeBool,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_INSECURE", nil),
+				Description:       "Whether server should be accessed without verifying the TLS certificate.",
+				ConflictsWith:     []string{"cluster_ca_certificate", "client_key", "client_certificate", "exec"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: conditionsMessage,
 			},
 			"client_certificate": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CLIENT_CERT_DATA", nil),
-				Description:   "PEM-encoded client certificate for TLS authentication.",
-				ConflictsWith: []string{"config_path", "config_paths", "username", "password", "insecure"},
-				RequiredWith:  []string{"client_key", "cluster_ca_certificate", "host"},
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_CLIENT_CERT_DATA", nil),
+				Description:       "PEM-encoded client certificate for TLS authentication.",
+				ConflictsWith:     []string{"config_path", "config_paths", "username", "password", "insecure"},
+				RequiredWith:      []string{"client_key", "cluster_ca_certificate", "host"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: conditionsMessage,
 			},
 			"client_key": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CLIENT_KEY_DATA", nil),
-				Description:   "PEM-encoded client certificate key for TLS authentication.",
-				ConflictsWith: []string{"config_path", "config_paths", "username", "password", "exec", "insecure"},
-				RequiredWith:  []string{"client_certificate", "cluster_ca_certificate", "host"},
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_CLIENT_KEY_DATA", nil),
+				Description:       "PEM-encoded client certificate key for TLS authentication.",
+				ConflictsWith:     []string{"config_path", "config_paths", "username", "password", "exec", "insecure"},
+				RequiredWith:      []string{"client_certificate", "cluster_ca_certificate", "host"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: conditionsMessage,
 			},
 			"cluster_ca_certificate": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CLUSTER_CA_CERT_DATA", nil),
-				Description:   "PEM-encoded root certificates bundle for TLS authentication.",
-				ConflictsWith: []string{"config_path", "config_paths", "insecure"},
-				RequiredWith:  []string{"host"},
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_CLUSTER_CA_CERT_DATA", nil),
+				Description:       "PEM-encoded root certificates bundle for TLS authentication.",
+				ConflictsWith:     []string{"config_path", "config_paths", "insecure"},
+				RequiredWith:      []string{"host"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: conditionsMessage,
 				// TODO: enable this when AtLeastOneOf works with optional attributes.
 				// https://github.com/hashicorp/terraform-plugin-sdk/issues/705
 				// AtLeastOneOf:  []string{"token", "exec", "client_certificate", "client_key"},
@@ -95,50 +109,61 @@ func Provider() *schema.Provider {
 				Optional:    true,
 				Description: "A list of paths to kube config files. Can be set with KUBE_CONFIG_PATHS environment variable.",
 				// config_paths conflicts with every attribute except for "insecure", since all of these options will be read from the kubeconfig.
-				ConflictsWith: []string{"config_path", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"},
+				ConflictsWith:     []string{"config_path", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: conditionsMessage,
 			},
 			"config_path": {
 				Type:        schema.TypeString,
 				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("KUBE_CONFIG_PATH", nil),
 				Description: "Path to the kube config file. Can be set with KUBE_CONFIG_PATH.",
 				// config_path conflicts with every attribute except for "insecure", since all of these options will be read from the kubeconfig.
-				ConflictsWith: []string{"config_paths", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"},
+				ConflictsWith:     []string{"config_paths", "exec", "token", "host", "client_certificate", "client_key", "cluster_ca_certificate", "username", "password"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: conditionsMessage,
 			},
 			"config_context": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CTX", nil),
-				Description:   "Context to choose from the kube config file. ",
-				ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_CTX", nil),
+				Description:       "Context to choose from the kube config file. ",
+				ConflictsWith:     []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: "This functionality will be removed in a later release. Please update your configuration.",
 				// TODO: enable this when AtLeastOneOf works with optional attributes.
 				// AtLeastOneOf:  []string{"config_path", "config_paths"},
 			},
 			"config_context_auth_info": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CTX_AUTH_INFO", nil),
-				Description:   "Authentication info context of the kube config (name of the kubeconfig user, --user flag in kubectl).",
-				ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_CTX_AUTH_INFO", nil),
+				Description:       "Authentication info context of the kube config (name of the kubeconfig user, --user flag in kubectl).",
+				ConflictsWith:     []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: "This functionality will be removed in a later release. Please update your configuration.",
 				// TODO: enable this when AtLeastOneOf works with optional attributes.
 				// AtLeastOneOf:  []string{"config_path", "config_paths"},
 			},
 			"config_context_cluster": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CTX_CLUSTER", nil),
-				Description:   "Cluster context of the kube config (name of the kubeconfig cluster, --cluster flag in kubectl).",
-				ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_CTX_CLUSTER", nil),
+				Description:       "Cluster context of the kube config (name of the kubeconfig cluster, --cluster flag in kubectl).",
+				ConflictsWith:     []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
+				ConditionsMessage: "Specifying more than one authentication method can lead to unpredictable behavior. This option will be removed in a future release. Please update your configuration.",
 				// TODO: enable this when AtLeastOneOf works with optional attributes.
 				// AtLeastOneOf:  []string{"config_path", "config_paths"},
 			},
 			"token": {
-				Type:          schema.TypeString,
-				Optional:      true,
-				DefaultFunc:   schema.EnvDefaultFunc("KUBE_TOKEN", nil),
-				Description:   "Bearer token for authenticating the Kubernetes API.",
-				ConflictsWith: []string{"config_path", "config_paths", "exec", "client_certificate", "client_key", "username", "password"},
-				RequiredWith:  []string{"host"},
+				Type:              schema.TypeString,
+				Optional:          true,
+				DefaultFunc:       schema.EnvDefaultFunc("KUBE_TOKEN", nil),
+				Description:       "Bearer token for authenticating the Kubernetes API.",
+				ConflictsWith:     []string{"config_path", "config_paths", "exec", "client_certificate", "client_key", "username", "password"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: "Specifying more than one authentication method can lead to unpredictable behavior. This option will be removed in a future release. Please update your configuration.",
+				RequiredWith:      []string{"host"},
 			},
 			"exec": {
 				Type:     schema.TypeList,
@@ -166,9 +191,11 @@ func Provider() *schema.Provider {
 						},
 					},
 				},
-				Description:   "Configuration block to use an exec-based credential plugin, e.g. call an external command to receive user credentials.",
-				ConflictsWith: []string{"config_path", "config_paths", "token", "client_certificate", "client_key", "username", "password", "insecure"},
-				RequiredWith:  []string{"host", "cluster_ca_certificate"},
+				Description:       "Configuration block to use an exec-based credential plugin, e.g. call an external command to receive user credentials.",
+				ConflictsWith:     []string{"config_path", "config_paths", "token", "client_certificate", "client_key", "username", "password", "insecure"},
+				RequiredWith:      []string{"host", "cluster_ca_certificate"},
+				ConditionsMode:    "warning",
+				ConditionsMessage: "Specifying more than one authentication method can lead to unpredictable behavior. This option will be removed in a future release. Please update your configuration.",
 			},
 		},