wip

Author: dak1n1

_examples/gke/gke-cluster/main.tf

@@ -1,9 +1,3 @@
-provider "google" {
-  # Provider is configured using environment variables: GOOGLE_REGION, GOOGLE_PROJECT, GOOGLE_CREDENTIALS.
-  # This can be set statically, if preferred. See docs for details.
-  # https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#full-reference
-}
-
 # This is used to set local variable google_zone.
 # This can be replaced with a statically-configured zone, if preferred.
 data "google_compute_zones" "available" {

_examples/gke/kubernetes-config/main.tf

@@ -1,15 +1,3 @@
-# Configure kubernetes provider with Oauth2 access token.
-# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
-# This fetches a new token, which will expire in 1 hour.
-data "google_client_config" "default" {
-}
-
-provider "kubernetes" {
-  host = var.cluster_endpoint
-  token = data.google_client_config.default.access_token
-  cluster_ca_certificate = base64decode(var.cluster_ca_cert)
-}
-
 resource "kubernetes_namespace" "test" {
   metadata {
     name = "test"
@@ -55,14 +43,6 @@ resource "kubernetes_deployment" "test" {
   }
 }
 
-provider "helm" {
-  kubernetes {
-    host = var.cluster_endpoint
-    token = data.google_client_config.default.access_token
-    cluster_ca_certificate = base64decode(var.cluster_ca_cert)
-  }
-}
-
 resource helm_release nginx_ingress {
   name       = "nginx-ingress-controller"
 
@@ -82,12 +62,11 @@ data "template_file" "kubeconfig" {
     cluster_name    = var.cluster_name
     endpoint        = var.cluster_endpoint
     cluster_ca      = var.cluster_ca_cert
-    cluster_token   = data.google_client_config.default.access_token
+    cluster_token   = var.cluster_token
   }
 }
 
 resource "local_file" "kubeconfig" {
-  depends_on = [var.cluster_id]
   content  = data.template_file.kubeconfig.rendered
   filename = "${path.root}/kubeconfig"
 }

_examples/gke/kubernetes-config/variables.tf

@@ -14,3 +14,6 @@ variable "cluster_ca_cert" {
   type = string
 }
 
+variable "cluster_token" {
+  type = string
+}

_examples/gke/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     kubernetes = {
       source = "hashicorp/kubernetes"
-      version = ">= 2.0.0"
+      version = ">= 2.0.1"
     }
     google = {
       source  = "hashicorp/google"
@@ -15,22 +15,53 @@ terraform {
   }
 }
 
-resource "random_id" "cluster_name" {
-  byte_length = 5
+# Provider is configured using environment variables: GOOGLE_REGION, GOOGLE_PROJECT, GOOGLE_CREDENTIALS.
+# This can be set statically, if preferred. See docs for details.
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#full-reference
+provider "google" {}
+
+# Configure kubernetes provider with Oauth2 access token.
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
+# This fetches a new token, which will expire in 1 hour.
+data "google_client_config" "default" {
+  depends_on = [module.gke-cluster.cluster_id]
+}
+
+data "google_container_cluster" "default" {
+  name = local.cluster_name
+  depends_on = [module.gke-cluster.cluster_id]
 }
 
-locals {
-  cluster_name = "tf-k8s-${random_id.cluster_name.hex}"
+provider "kubernetes" {
+  host  = "https://${data.google_container_cluster.default.endpoint}"
+  token = data.google_client_config.default.access_token
+  cluster_ca_certificate = base64decode(
+    data.google_container_cluster.default.master_auth[0].cluster_ca_certificate,
+  )
+}
+
+provider "helm" {
+  kubernetes {
+    host  = "https://${data.google_container_cluster.default.endpoint}"
+    token = data.google_client_config.default.access_token
+    cluster_ca_certificate = base64decode(
+      data.google_container_cluster.default.master_auth[0].cluster_ca_certificate,
+    )
+  }
 }
 
 module "gke-cluster" {
+  providers    = { google = google }
   source       = "./gke-cluster"
   cluster_name = local.cluster_name
 }
 
 module "kubernetes-config" {
+  depends_on       = [module.gke-cluster]
+  providers        = { kubernetes = kubernetes, helm = helm }
   source           = "./kubernetes-config"
-  cluster_name     = module.gke-cluster.cluster_name
+  cluster_name     = local.cluster_name
+  cluster_token    = data.google_client_config.default.access_token
   cluster_id       = module.gke-cluster.cluster_id # creates dependency on cluster creation
   cluster_endpoint = module.gke-cluster.cluster_endpoint
   cluster_ca_cert  = module.gke-cluster.cluster_ca_cert

_examples/gke/variables.tf

@@ -0,0 +1,7 @@
+resource "random_id" "cluster_name" {
+  byte_length = 5
+}
+
+locals {
+  cluster_name = "tf-k8s-${random_id.cluster_name.hex}"
+}

kubernetes/provider_test.go

@@ -222,6 +222,21 @@ func testAccPreCheckInternal(t *testing.T) {
 	return
 }
 
+// testAccPreCheckInternal_setEnv is used for internal testing where
+// specific environment variables are needed to configure the provider.
+func testAccPreCheckInternal_setEnv(t *testing.T, envVars map[string]string) {
+	ctx := context.TODO()
+	unsetEnv(t)
+	for k, v := range envVars {
+		os.Setenv(k, v)
+	}
+	diags := testAccProvider.Configure(ctx, terraform.NewResourceConfigRaw(nil))
+	if diags.HasError() {
+		t.Fatal(diags[0].Summary)
+	}
+	return
+}
+
 func getClusterVersion() (*gversion.Version, error) {
 	meta := testAccProvider.Meta()
 
@@ -483,43 +498,54 @@ func TestAccKubernetesProvider_config_path(t *testing.T) {
 }
 
 func TestAccKubernetesProvider_config_paths(t *testing.T) {
-	wantError := `"config_path": conflicts with config_paths`
-
 	resource.Test(t, resource.TestCase{
-		// Unset env vars to prevent them from being used in the test.
 		PreCheck:          func() { testAccPreCheckInternal(t) },
 		ProviderFactories: testAccProviderFactoriesInternal,
 		Steps: []resource.TestStep{
 			{
 				Config: testAccKubernetesProviderConfig(
-					providerConfig_config_paths(`["./testdata/kubeconfig", "./testdata/kubeconfig"]`),
+					providerConfig_config_paths(`["./missing/file", "./testdata/kubeconfig"]`),
 				),
-				Check: resource.TestCheckResourceAttr("data.kubernetes_namespace.test", "metadata.0.name", "default"),
+				Check:       resource.TestCheckResourceAttr("data.kubernetes_namespace.test", "metadata.0.name", "default"),
+				ExpectError: regexp.MustCompile("could not open kubeconfig"),
 			},
 			{
 				Config: testAccKubernetesProviderConfig(
 					providerConfig_config_path("./internal/testdata/kubeconfig") +
 						providerConfig_config_paths(`["./testdata/kubeconfig", "./testdata/kubeconfig"]`),
 				),
-				ExpectError: regexp.MustCompile(wantError),
+				ExpectError: regexp.MustCompile(`"config_path": conflicts with config_paths`),
+			},
+			{
+				Config: testAccKubernetesProviderConfig(
+					providerConfig_config_paths(`["./testdata/kubeconfig", "./testdata/kubeconfig"]`),
+				),
+				Check: resource.TestCheckResourceAttr("data.kubernetes_namespace.test", "metadata.0.name", "default"),
 			},
 		},
 	})
 }
 
 func TestAccKubernetesProvider_config_paths_env(t *testing.T) {
-	os.Setenv("KUBE_CONFIG_PATHS", strings.Join([]string{
-		"./testdata/kubeconfig",
-		"./testdata/kubeconfig",
-	}, string(os.PathListSeparator)))
 
 	resource.Test(t, resource.TestCase{
-		PreCheck:          func() { testAccPreCheckInternal(t) },
+		PreCheck: func() {
+			testAccPreCheckInternal_setEnv(t, map[string]string{
+				"KUBE_CONFIG_PATHS": strings.Join([]string{
+					"./testdata/kubeconfig",
+					"./testdata/kubeconfig",
+				}, string(os.PathListSeparator)),
+			})
+		},
 		ProviderFactories: testAccProviderFactoriesInternal,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccKubernetesProviderConfig("# empty"),
-				Check:  resource.TestCheckResourceAttr("data.kubernetes_namespace.test", "metadata.0.name", "default"),
+				Config:   testAccKubernetesProviderConfig("# empty"),
+				PlanOnly: true,
+			},
+			{
+				Config:   testAccKubernetesProviderConfig("# empty"),
+				PlanOnly: true,
 			},
 		},
 	})
@@ -528,15 +554,15 @@ func TestAccKubernetesProvider_config_paths_env(t *testing.T) {
 func TestAccKubernetesProvider_config_paths_env_wantError(t *testing.T) {
 	wantError := `"config_path": conflicts with config_paths`
 
-	unsetEnv(t)
-	os.Setenv("KUBE_CONFIG_PATHS", strings.Join([]string{
-		"testdata/kubeconfig",
-		"testdata/kubeconfig",
-	}, string(os.PathListSeparator)))
-
-	os.Setenv("KUBE_CONFIG_PATH", "testdata/kubeconfig")
 	resource.Test(t, resource.TestCase{
-		PreCheck:          func() { testAccPreCheckInternal(t) },
+		PreCheck: func() {
+			testAccPreCheckInternal_setEnv(t, map[string]string{
+				"KUBE_CONFIG_PATHS": strings.Join([]string{
+					"./testdata/kubeconfig",
+					"./testdata/kubeconfig",
+				}, string(os.PathListSeparator)),
+			})
+		},
 		ProviderFactories: testAccProviderFactoriesInternal,
 		Steps: []resource.TestStep{
 			{
@@ -554,11 +580,11 @@ func testAccKubernetesProviderConfig(providerConfig string) string {
   %s
 }
 
-data kubernetes_namespace "test" {
-  metadata {
-    name = "default"
-  }
-}
+#data kubernetes_namespace "test" {
+#  metadata {
+#    name = "default"
+#  }
+#}
 `, providerConfig)
 }