From c7f6728ad46c568263d29436bd734b979cc523d4 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 20 Dec 2024 17:24:16 +0100 Subject: [PATCH 01/11] eks: add ephemeral `aws_eks_cluster_auth` resource --- .../service/eks/cluster_auth_ephemeral.go | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 internal/service/eks/cluster_auth_ephemeral.go diff --git a/internal/service/eks/cluster_auth_ephemeral.go b/internal/service/eks/cluster_auth_ephemeral.go new file mode 100644 index 00000000000..4ad4a66f52f --- /dev/null +++ b/internal/service/eks/cluster_auth_ephemeral.go @@ -0,0 +1,85 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package eks + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework/ephemeral" + "github.com/hashicorp/terraform-plugin-framework/ephemeral/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-provider-aws/internal/create" + "github.com/hashicorp/terraform-provider-aws/internal/framework" + fwflex "github.com/hashicorp/terraform-provider-aws/internal/framework/flex" + "github.com/hashicorp/terraform-provider-aws/names" +) + +const ( + ERNameClusterAuth = "Ephemeral Resource Cluster Auth" +) + +// @EphemeralResource(aws_eks_cluster_auth, name="ClusterAuth") +func newEphemeralClusterAuth(_ context.Context) (ephemeral.EphemeralResourceWithConfigure, error) { + return &ephemeralClusterAuth{}, nil +} + +type ephemeralClusterAuth struct { + framework.EphemeralResourceWithConfigure +} + +func (e *ephemeralClusterAuth) Metadata(_ context.Context, _ ephemeral.MetadataRequest, response *ephemeral.MetadataResponse) { + response.TypeName = "aws_eks_cluster_auth" +} + +func (e *ephemeralClusterAuth) Schema(ctx context.Context, _ ephemeral.SchemaRequest, response *ephemeral.SchemaResponse) { + response.Schema = schema.Schema{ + Attributes: map[string]schema.Attribute{ + + names.AttrName: schema.StringAttribute{ + Computed: true, + }, + "token": schema.BoolAttribute{ + Computed: true, + Sensitive: true, + }, + }, + } +} + +func (e *ephemeralClusterAuth) Open(ctx context.Context, request ephemeral.OpenRequest, response *ephemeral.OpenResponse) { + var data epClusterAuthData + conn := e.Meta().STSClient(ctx) + + response.Diagnostics.Append(request.Config.Get(ctx, &data)...) + if response.Diagnostics.HasError() { + return + } + + generator, err := NewGenerator(false, false) + if err != nil { + response.Diagnostics.AddError( + create.ProblemStandardMessage(names.EKS, create.ErrActionReading, ERNameClusterAuth, data.Name.String(), err), + err.Error(), + ) + } + output, err := generator.GetWithSTS(ctx, data.Name.String(), conn) + if err != nil { + response.Diagnostics.AddError( + create.ProblemStandardMessage(names.EKS, create.ErrActionReading, ERNameClusterAuth, data.Name.String(), err), + err.Error(), + ) + } + + response.Diagnostics.Append(fwflex.Flatten(ctx, output, &data)...) + if response.Diagnostics.HasError() { + return + } + + response.Diagnostics.Append(response.Result.Set(ctx, &data)...) +} + +type epClusterAuthData struct { + Name types.String `tfsdk:"name"` + Token types.String `tfsdk:"token"` +} From 608e987dcf98e4eae436aecda1714576813c1dd4 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 20 Dec 2024 17:45:49 +0100 Subject: [PATCH 02/11] eks: make gen --- internal/service/eks/service_package_gen.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/internal/service/eks/service_package_gen.go b/internal/service/eks/service_package_gen.go index c2d15e9b7d0..4772d0fcdfc 100644 --- a/internal/service/eks/service_package_gen.go +++ b/internal/service/eks/service_package_gen.go @@ -14,6 +14,15 @@ import ( type servicePackage struct{} +func (p *servicePackage) EphemeralResources(ctx context.Context) []*types.ServicePackageEphemeralResource { + return []*types.ServicePackageEphemeralResource{ + { + Factory: newEphemeralClusterAuth, + Name: "ClusterAuth", + }, + } +} + func (p *servicePackage) FrameworkDataSources(ctx context.Context) []*types.ServicePackageFrameworkDataSource { return []*types.ServicePackageFrameworkDataSource{} } From e1fefed9d024e5c51fefd974bad2e523e506e072 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 20 Dec 2024 17:47:36 +0100 Subject: [PATCH 03/11] eks: add change log entry --- .changelog/40660.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/40660.txt diff --git a/.changelog/40660.txt b/.changelog/40660.txt new file mode 100644 index 00000000000..7fa12cf70a9 --- /dev/null +++ b/.changelog/40660.txt @@ -0,0 +1,3 @@ +```release-note:new-ephemeral +aws_eks_cluster_auth +``` From d7034b2af2cc06256555a02c960c36888157a62d Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 20 Dec 2024 18:10:31 +0100 Subject: [PATCH 04/11] eks: add ephemeral `aws_eks_cluster_auth` resource tests --- .../eks/cluster_auth_ephemeral_test.go | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 internal/service/eks/cluster_auth_ephemeral_test.go diff --git a/internal/service/eks/cluster_auth_ephemeral_test.go b/internal/service/eks/cluster_auth_ephemeral_test.go new file mode 100644 index 00000000000..e32ea7866a3 --- /dev/null +++ b/internal/service/eks/cluster_auth_ephemeral_test.go @@ -0,0 +1,55 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package eks_test + +import ( + "fmt" + "testing" + + sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/knownvalue" + "github.com/hashicorp/terraform-plugin-testing/statecheck" + "github.com/hashicorp/terraform-plugin-testing/tfjsonpath" + "github.com/hashicorp/terraform-plugin-testing/tfversion" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" + "github.com/hashicorp/terraform-provider-aws/names" +) + +func TestAccEKSClusterAuthEphemeral_basic(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + echoResourceName := "echo.test" + dataPath := tfjsonpath.New("data") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.SSMServiceID), + TerraformVersionChecks: []tfversion.TerraformVersionCheck{ + tfversion.SkipBelow(tfversion.Version1_10_0), + }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories(ctx, acctest.ProviderNameEcho), + CheckDestroy: acctest.CheckDestroyNoop, + Steps: []resource.TestStep{ + { + Config: testAccClusterAuthEphemeralResourceConfig_basic(rName), + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue(echoResourceName, dataPath.AtMapKey(names.AttrName), knownvalue.NotNull()), + statecheck.ExpectKnownValue(echoResourceName, dataPath.AtMapKey("token"), knownvalue.NotNull()), + }, + }, + }, + }) +} + +func testAccClusterAuthEphemeralResourceConfig_basic(clusterName string) string { + return acctest.ConfigCompose( + acctest.ConfigWithEchoProvider("ephemeral.aws_eks_cluster_auth.test"), + fmt.Sprintf(` +ephemeral "aws_eks_cluster_auth" "test" { + name = %[1]q +} +`, clusterName)) +} From 6a7dc3adc6bb14ba41f641cd9de87c7ec0914de2 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 20 Dec 2024 18:12:15 +0100 Subject: [PATCH 05/11] eks: mark `name` required --- internal/service/eks/cluster_auth_ephemeral.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/eks/cluster_auth_ephemeral.go b/internal/service/eks/cluster_auth_ephemeral.go index 4ad4a66f52f..6a947f1fb25 100644 --- a/internal/service/eks/cluster_auth_ephemeral.go +++ b/internal/service/eks/cluster_auth_ephemeral.go @@ -37,7 +37,7 @@ func (e *ephemeralClusterAuth) Schema(ctx context.Context, _ ephemeral.SchemaReq Attributes: map[string]schema.Attribute{ names.AttrName: schema.StringAttribute{ - Computed: true, + Required: true, }, "token": schema.BoolAttribute{ Computed: true, From 72dcaa7f4b3f948c6c9f3a9a63a49093b8350fc5 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 20 Dec 2024 18:13:39 +0100 Subject: [PATCH 06/11] eks: change `token` attribute type --- internal/service/eks/cluster_auth_ephemeral.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/eks/cluster_auth_ephemeral.go b/internal/service/eks/cluster_auth_ephemeral.go index 6a947f1fb25..fb112b6e769 100644 --- a/internal/service/eks/cluster_auth_ephemeral.go +++ b/internal/service/eks/cluster_auth_ephemeral.go @@ -39,7 +39,7 @@ func (e *ephemeralClusterAuth) Schema(ctx context.Context, _ ephemeral.SchemaReq names.AttrName: schema.StringAttribute{ Required: true, }, - "token": schema.BoolAttribute{ + "token": schema.StringAttribute{ Computed: true, Sensitive: true, }, From cf38b07afeded7d375e121f8d5497f48a6d530e9 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 20 Dec 2024 19:33:14 +0100 Subject: [PATCH 07/11] eks: remove redundant newline --- internal/service/eks/cluster_auth_ephemeral.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/service/eks/cluster_auth_ephemeral.go b/internal/service/eks/cluster_auth_ephemeral.go index fb112b6e769..7ebc43fcde6 100644 --- a/internal/service/eks/cluster_auth_ephemeral.go +++ b/internal/service/eks/cluster_auth_ephemeral.go @@ -35,7 +35,6 @@ func (e *ephemeralClusterAuth) Metadata(_ context.Context, _ ephemeral.MetadataR func (e *ephemeralClusterAuth) Schema(ctx context.Context, _ ephemeral.SchemaRequest, response *ephemeral.SchemaResponse) { response.Schema = schema.Schema{ Attributes: map[string]schema.Attribute{ - names.AttrName: schema.StringAttribute{ Required: true, }, From 414776f236e20d20be6937f361c410a95e941da7 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Mon, 23 Dec 2024 15:33:10 +0100 Subject: [PATCH 08/11] eks: clean up ephemeral cluster auth resource implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add return statements in error paths, and reference the EKS cluster name using ValueString to ensure it produces a literal value. This avoids generating the underlying framework’s string literal, which includes quotes and leads to incorrect token generation. --- internal/service/eks/cluster_auth_ephemeral.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/internal/service/eks/cluster_auth_ephemeral.go b/internal/service/eks/cluster_auth_ephemeral.go index 7ebc43fcde6..21caa5e5016 100644 --- a/internal/service/eks/cluster_auth_ephemeral.go +++ b/internal/service/eks/cluster_auth_ephemeral.go @@ -47,8 +47,8 @@ func (e *ephemeralClusterAuth) Schema(ctx context.Context, _ ephemeral.SchemaReq } func (e *ephemeralClusterAuth) Open(ctx context.Context, request ephemeral.OpenRequest, response *ephemeral.OpenResponse) { - var data epClusterAuthData conn := e.Meta().STSClient(ctx) + data := epClusterAuthData{} response.Diagnostics.Append(request.Config.Get(ctx, &data)...) if response.Diagnostics.HasError() { @@ -61,16 +61,19 @@ func (e *ephemeralClusterAuth) Open(ctx context.Context, request ephemeral.OpenR create.ProblemStandardMessage(names.EKS, create.ErrActionReading, ERNameClusterAuth, data.Name.String(), err), err.Error(), ) + return } - output, err := generator.GetWithSTS(ctx, data.Name.String(), conn) + + token, err := generator.GetWithSTS(ctx, data.Name.ValueString(), conn) if err != nil { response.Diagnostics.AddError( create.ProblemStandardMessage(names.EKS, create.ErrActionReading, ERNameClusterAuth, data.Name.String(), err), err.Error(), ) + return } - response.Diagnostics.Append(fwflex.Flatten(ctx, output, &data)...) + response.Diagnostics.Append(fwflex.Flatten(ctx, token, &data)...) if response.Diagnostics.HasError() { return } From ff76ec8f24050337d0bab47fefb9fab4e0e2d3ee Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 10 Jan 2025 21:28:04 +0100 Subject: [PATCH 09/11] eks: add ephemeral cluster auth documentation --- .../eks_cluster_auth.html.markdown | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 website/docs/ephemeral-resources/eks_cluster_auth.html.markdown diff --git a/website/docs/ephemeral-resources/eks_cluster_auth.html.markdown b/website/docs/ephemeral-resources/eks_cluster_auth.html.markdown new file mode 100644 index 00000000000..35bf44f141e --- /dev/null +++ b/website/docs/ephemeral-resources/eks_cluster_auth.html.markdown @@ -0,0 +1,45 @@ +--- +subcategory: "EKS (Elastic Kubernetes)" +layout: "aws" +page_title: "AWS: aws_eks_cluster_auth" +description: |- + Retrieve an authentication token to communicate with an EKS cluster. +--- + +# Ephemeral: aws_eks_cluster_auth + +Retrieve an authentication token to communicate with an EKS cluster. + +~> **NOTE:** Ephemeral resources are a new feature and may evolve as we continue to explore their most effective uses. [Learn more](https://developer.hashicorp.com/terraform/language/v1.10.x/resources/ephemeral). + +## Example Usage + +```terraform +ephemeral "aws_eks_cluster_auth" "example" { + name = data.aws_eks_cluster.example.id +} + +provider "kubernetes" { + host = data.aws_eks_cluster.example.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.example.certificate_authority[0].data) + token = ephemeral.aws_eks_cluster_auth.example.token +} + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.example.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.example.certificate_authority[0].data) + token = ephemeral.aws_eks_cluster_auth.example.token + } +} +``` + +## Argument Reference + +* `name` - (Required) Name of the EKS cluster. + +## Attribute Reference + +This resource exports the following attributes in addition to the arguments above: + +* `token` - Token to use to authenticate with the cluster. From 867cbedb93cc79a9506964d1c45f7c462f47a69c Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Wed, 15 Jan 2025 14:50:15 -0600 Subject: [PATCH 10/11] fix serviceID in errorCheck --- internal/service/eks/cluster_auth_ephemeral_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/eks/cluster_auth_ephemeral_test.go b/internal/service/eks/cluster_auth_ephemeral_test.go index e32ea7866a3..f2ec6e5a4e2 100644 --- a/internal/service/eks/cluster_auth_ephemeral_test.go +++ b/internal/service/eks/cluster_auth_ephemeral_test.go @@ -25,7 +25,7 @@ func TestAccEKSClusterAuthEphemeral_basic(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, - ErrorCheck: acctest.ErrorCheck(t, names.SSMServiceID), + ErrorCheck: acctest.ErrorCheck(t, names.EKSServiceID), TerraformVersionChecks: []tfversion.TerraformVersionCheck{ tfversion.SkipBelow(tfversion.Version1_10_0), }, From 43b596b103fadcb72057fc2a8415e4b20c756042 Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Wed, 15 Jan 2025 15:03:22 -0600 Subject: [PATCH 11/11] make gen --- internal/service/eks/service_package_gen.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/service/eks/service_package_gen.go b/internal/service/eks/service_package_gen.go index 1ee0a5f0e53..19d10416c3b 100644 --- a/internal/service/eks/service_package_gen.go +++ b/internal/service/eks/service_package_gen.go @@ -17,8 +17,9 @@ type servicePackage struct{} func (p *servicePackage) EphemeralResources(ctx context.Context) []*types.ServicePackageEphemeralResource { return []*types.ServicePackageEphemeralResource{ { - Factory: newEphemeralClusterAuth, - Name: "ClusterAuth", + Factory: newEphemeralClusterAuth, + TypeName: "aws_eks_cluster_auth", + Name: "ClusterAuth", }, } }