wip

Author: dak1n1

kubernetes/provider.go

@@ -43,45 +43,47 @@ func Provider() *schema.Provider {
 				Optional:      true,
 				DefaultFunc:   schema.EnvDefaultFunc("KUBE_USER", nil),
 				Description:   "The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
-				ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate"},
-				RequiredWith:  []string{"password"},
+				ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
+				RequiredWith:  []string{"password", "host"},
 			},
 			"password": {
 				Type:          schema.TypeString,
 				Optional:      true,
 				DefaultFunc:   schema.EnvDefaultFunc("KUBE_PASSWORD", nil),
 				Description:   "The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
-				ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate"},
-				RequiredWith:  []string{"username"},
+				ConflictsWith: []string{"config_path", "config_paths", "exec", "token", "client_certificate", "client_key"},
+				RequiredWith:  []string{"username", "host"},
 			},
 			"insecure": {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("KUBE_INSECURE", nil),
 				Description: "Whether server should be accessed without verifying the TLS certificate.",
+				ConflictsWith: []string{"cluster_ca_certificate", "client_key", "client_certificate", "exec"},
 			},
 			"client_certificate": {
 				Type:          schema.TypeString,
 				Optional:      true,
 				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CLIENT_CERT_DATA", nil),
 				Description:   "PEM-encoded client certificate for TLS authentication.",
-				ConflictsWith: []string{"config_path", "config_paths", "username", "password"},
-				RequiredWith:  []string{"client_key"},
+				ConflictsWith: []string{"config_path", "config_paths", "username", "password", "insecure"},
+				RequiredWith:  []string{"client_key", "cluster_ca_certificate", "host"},
 			},
 			"client_key": {
 				Type:          schema.TypeString,
 				Optional:      true,
 				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CLIENT_KEY_DATA", nil),
 				Description:   "PEM-encoded client certificate key for TLS authentication.",
 				ConflictsWith: []string{"config_path", "config_paths", "username", "password", "exec", "insecure"},
-				RequiredWith:  []string{"client_certificate"},
+				RequiredWith:  []string{"client_certificate", "cluster_ca_certificate", "host"},
 			},
 			"cluster_ca_certificate": {
 				Type:          schema.TypeString,
 				Optional:      true,
 				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CLUSTER_CA_CERT_DATA", nil),
 				Description:   "PEM-encoded root certificates bundle for TLS authentication.",
 				ConflictsWith: []string{"config_path", "config_paths", "insecure"},
+				RequiredWith:  []string{"host"},
 				// TODO: enable this when AtLeastOneOf works with optional attributes.
 				// https://github.com/hashicorp/terraform-plugin-sdk/issues/705
 				// AtLeastOneOf:  []string{"token", "exec", "client_certificate", "client_key"},
@@ -109,20 +111,26 @@ func Provider() *schema.Provider {
 				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CTX", nil),
 				Description:   "Context to choose from the kube config file. ",
 				ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
+				// TODO: enable this when AtLeastOneOf works with optional attributes.
+				// AtLeastOneOf:  []string{"config_path", "config_paths"},
 			},
 			"config_context_auth_info": {
 				Type:          schema.TypeString,
 				Optional:      true,
 				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CTX_AUTH_INFO", nil),
 				Description:   "Authentication info context of the kube config (name of the kubeconfig user, --user flag in kubectl).",
 				ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
+				// TODO: enable this when AtLeastOneOf works with optional attributes.
+				// AtLeastOneOf:  []string{"config_path", "config_paths"},
 			},
 			"config_context_cluster": {
 				Type:          schema.TypeString,
 				Optional:      true,
 				DefaultFunc:   schema.EnvDefaultFunc("KUBE_CTX_CLUSTER", nil),
 				Description:   "Cluster context of the kube config (name of the kubeconfig cluster, --cluster flag in kubectl).",
 				ConflictsWith: []string{"exec", "token", "client_certificate", "client_key", "username", "password"},
+				// TODO: enable this when AtLeastOneOf works with optional attributes.
+				// AtLeastOneOf:  []string{"config_path", "config_paths"},
 			},
 			"token": {
 				Type:          schema.TypeString,
@@ -159,8 +167,8 @@ func Provider() *schema.Provider {
 					},
 				},
 				Description:   "Configuration block to use an exec-based credential plugin, e.g. call an external command to receive user credentials.",
-				ConflictsWith: []string{"config_path", "config_paths", "token", "client_certificate", "client_key", "username", "password"},
-				RequiredWith:  []string{"host"},
+				ConflictsWith: []string{"config_path", "config_paths", "token", "client_certificate", "client_key", "username", "password", "insecure"},
+				RequiredWith:  []string{"host", "cluster_ca_certificate"},
 			},
 		},
 

kubernetes/provider_test.go

@@ -717,7 +717,7 @@ func TestAccKubernetesProvider_host(t *testing.T) {
 				),
 				PlanOnly:           true,
 				ExpectNonEmptyPlan: true,
-				// "host": all of `host,token` must be specified
+				// Error: "host": all of `host,token` must be specified
 				ExpectError: regexp.MustCompile("host,token"),
 			},
 			{
@@ -726,7 +726,7 @@ func TestAccKubernetesProvider_host(t *testing.T) {
 				),
 				PlanOnly:           true,
 				ExpectNonEmptyPlan: true,
-				// "exec": all of `host,exec` must be specified
+				// Error: "exec": all of `host,exec` must be specified
 				ExpectError: regexp.MustCompile("exec,host"),
 			},
 		},