Skip to content

Commit a3ec3b3

Browse files
jrhoustonjrhouston
authored
kubernetes_manifest: Only use environment variables if there is no configuration (#2788)
1 parent ea438d0 commit a3ec3b3

File tree

2 files changed

+19
-35
lines changed

2 files changed

+19
-35
lines changed

.changelog/2788.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:bug
2+
Environment variables should not override configuration when using `kubernetes_manifest`.
3+
```

manifest/provider/configure.go

Lines changed: 16 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -84,9 +84,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
8484
})
8585
return response, nil
8686
}
87-
}
88-
// check environment - this overrides any value found in provider configuration
89-
if configPathEnv, ok := os.LookupEnv("KUBE_CONFIG_PATH"); ok && configPathEnv != "" {
87+
} else if configPathEnv, ok := os.LookupEnv("KUBE_CONFIG_PATH"); ok && configPathEnv != "" {
9088
configPath = configPathEnv
9189
}
9290
if len(configPath) > 0 {
@@ -122,12 +120,10 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
122120
p.As(&pp)
123121
precedence = append(precedence, pp)
124122
}
125-
}
126-
//
127-
// check environment for KUBE_CONFIG_PATHS
128-
if configPathsEnv, ok := os.LookupEnv("KUBE_CONFIG_PATHS"); ok && configPathsEnv != "" {
123+
} else if configPathsEnv, ok := os.LookupEnv("KUBE_CONFIG_PATHS"); ok && configPathsEnv != "" {
129124
precedence = filepath.SplitList(configPathsEnv)
130125
}
126+
131127
if len(precedence) > 0 {
132128
for i, p := range precedence {
133129
absPath, err := homedir.Expand(p)
@@ -159,8 +155,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
159155
})
160156
return response, nil
161157
}
162-
}
163-
if clientCrtEnv, ok := os.LookupEnv("KUBE_CLIENT_CERT_DATA"); ok && clientCrtEnv != "" {
158+
} else if clientCrtEnv, ok := os.LookupEnv("KUBE_CLIENT_CERT_DATA"); ok && clientCrtEnv != "" {
164159
clientCertificate = clientCrtEnv
165160
}
166161
if len(clientCertificate) > 0 {
@@ -189,8 +184,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
189184
})
190185
return response, nil
191186
}
192-
}
193-
if clusterCAEnv, ok := os.LookupEnv("KUBE_CLUSTER_CA_CERT_DATA"); ok && clusterCAEnv != "" {
187+
} else if clusterCAEnv, ok := os.LookupEnv("KUBE_CLUSTER_CA_CERT_DATA"); ok && clusterCAEnv != "" {
194188
clusterCaCertificate = clusterCAEnv
195189
}
196190
if len(clusterCaCertificate) > 0 {
@@ -219,8 +213,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
219213
})
220214
return response, nil
221215
}
222-
}
223-
if insecureEnv, ok := os.LookupEnv("KUBE_INSECURE"); ok && insecureEnv != "" {
216+
} else if insecureEnv, ok := os.LookupEnv("KUBE_INSECURE"); ok && insecureEnv != "" {
224217
iv, err := strconv.ParseBool(insecureEnv)
225218
if err != nil {
226219
diags = append(diags, &tfprotov5.Diagnostic{
@@ -249,8 +242,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
249242
return response, nil
250243
}
251244
overrides.ClusterInfo.TLSServerName = tlsServerName
252-
}
253-
if tlsServerName, ok := os.LookupEnv("KUBE_TLS_SERVER_NAME"); ok && tlsServerName != "" {
245+
} else if tlsServerName, ok := os.LookupEnv("KUBE_TLS_SERVER_NAME"); ok && tlsServerName != "" {
254246
overrides.ClusterInfo.TLSServerName = tlsServerName
255247
}
256248

@@ -272,9 +264,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
272264
})
273265
return response, nil
274266
}
275-
}
276-
// check environment - this overrides any value found in provider configuration
277-
if hostEnv, ok := os.LookupEnv("KUBE_HOST"); ok && hostEnv != "" {
267+
} else if hostEnv, ok := os.LookupEnv("KUBE_HOST"); ok && hostEnv != "" {
278268
host = hostEnv
279269
}
280270
if len(host) > 0 {
@@ -316,9 +306,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
316306
})
317307
return response, nil
318308
}
319-
}
320-
// check environment - this overrides any value found in provider configuration
321-
if clientKeyEnv, ok := os.LookupEnv("KUBE_CLIENT_KEY_DATA"); ok && clientKeyEnv != "" {
309+
} else if clientKeyEnv, ok := os.LookupEnv("KUBE_CLIENT_KEY_DATA"); ok && clientKeyEnv != "" {
322310
clientKey = clientKeyEnv
323311
}
324312
if len(clientKey) > 0 {
@@ -353,8 +341,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
353341
return response, nil
354342
}
355343
overrides.CurrentContext = cfgContext
356-
}
357-
if cfgContext, ok := os.LookupEnv("KUBE_CTX"); ok && cfgContext != "" {
344+
} else if cfgContext, ok := os.LookupEnv("KUBE_CTX"); ok && cfgContext != "" {
358345
overrides.CurrentContext = cfgContext
359346
}
360347

@@ -375,8 +362,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
375362
return response, nil
376363
}
377364
overrides.Context.Cluster = cfgCtxCluster
378-
}
379-
if cfgCtxCluster, ok := os.LookupEnv("KUBE_CTX_CLUSTER"); ok && cfgCtxCluster != "" {
365+
} else if cfgCtxCluster, ok := os.LookupEnv("KUBE_CTX_CLUSTER"); ok && cfgCtxCluster != "" {
380366
overrides.Context.Cluster = cfgCtxCluster
381367
}
382368

@@ -397,8 +383,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
397383
if cfgContextAuthInfo != nil {
398384
overrides.Context.AuthInfo = *cfgContextAuthInfo
399385
}
400-
}
401-
if cfgContextAuthInfoEnv, ok := os.LookupEnv("KUBE_CTX_AUTH_INFO"); ok && cfgContextAuthInfoEnv != "" {
386+
} else if cfgContextAuthInfoEnv, ok := os.LookupEnv("KUBE_CTX_AUTH_INFO"); ok && cfgContextAuthInfoEnv != "" {
402387
overrides.Context.AuthInfo = cfgContextAuthInfoEnv
403388
}
404389

@@ -415,8 +400,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
415400
return response, nil
416401
}
417402
overrides.AuthInfo.Username = username
418-
}
419-
if username, ok := os.LookupEnv("KUBE_USERNAME"); ok && username != "" {
403+
} else if username, ok := os.LookupEnv("KUBE_USERNAME"); ok && username != "" {
420404
overrides.AuthInfo.Username = username
421405
}
422406

@@ -433,8 +417,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
433417
return response, nil
434418
}
435419
overrides.AuthInfo.Password = password
436-
}
437-
if password, ok := os.LookupEnv("KUBE_PASSWORD"); ok && password != "" {
420+
} else if password, ok := os.LookupEnv("KUBE_PASSWORD"); ok && password != "" {
438421
overrides.AuthInfo.Password = password
439422
}
440423

@@ -451,8 +434,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
451434
return response, nil
452435
}
453436
overrides.AuthInfo.Token = token
454-
}
455-
if token, ok := os.LookupEnv("KUBE_TOKEN"); ok && token != "" {
437+
} else if token, ok := os.LookupEnv("KUBE_TOKEN"); ok && token != "" {
456438
overrides.AuthInfo.Token = token
457439
}
458440

@@ -469,8 +451,7 @@ func (s *RawProviderServer) ConfigureProvider(ctx context.Context, req *tfprotov
469451
return response, nil
470452
}
471453
overrides.ClusterDefaults.ProxyURL = proxyURL
472-
}
473-
if proxyURL, ok := os.LookupEnv("KUBE_PROXY_URL"); ok && proxyURL != "" {
454+
} else if proxyURL, ok := os.LookupEnv("KUBE_PROXY_URL"); ok && proxyURL != "" {
474455
overrides.ClusterDefaults.ProxyURL = proxyURL
475456
}
476457

0 commit comments

Comments
 (0)