Support use client id and client secret (#47)

* Support use client id and client secret * Make key_file_path optional
streamnative · May 14, 2024 · d0564d4 · d0564d4
1 parent 3d5b9fa
commit d0564d4
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 26 deletions.
diff --git a/cloud/provider.go b/cloud/provider.go
@@ -17,6 +17,7 @@ package cloud
 import (
 	"context"
 	"encoding/base64"
+	"k8s.io/utils/clock"
 	"os"
 	"path/filepath"
 
@@ -124,7 +125,7 @@ func Provider() *schema.Provider {
 		Schema: map[string]*schema.Schema{
 			"key_file_path": {
 				Type:        schema.TypeString,
-				Required:    true,
+				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("KEY_FILE_PATH", nil),
 				Description: descriptions["key_file_path"],
 			},
@@ -157,8 +158,6 @@ func Provider() *schema.Provider {
 func providerConfigure(d *schema.ResourceData, terraformVersion string) (interface{}, diag.Diagnostics) {
 	_ = terraformVersion
 
-	keyFilePath := d.Get("key_file_path").(string)
-
 	home, err := homedir.Dir()
 	if err != nil {
 		return nil, diag.FromErr(err)
@@ -181,23 +180,56 @@ func providerConfigure(d *schema.ResourceData, terraformVersion string) (interfa
 	if defaultAPIServer == "" {
 		defaultAPIServer = GlobalDefaultAPIServer
 	}
-	credsProvider := auth.NewClientCredentialsProviderFromKeyFile(keyFilePath)
-	keyFile, err := credsProvider.GetClientCredentials()
-	if err != nil {
-		return nil, diag.FromErr(err)
-	}
-	issuer := auth.Issuer{
-		IssuerEndpoint: defaultIssuer,
-		ClientID:       keyFile.ClientID,
-		Audience:       defaultAudience,
-	}
-	flow, err := auth.NewDefaultClientCredentialsFlow(issuer, keyFilePath)
-	if err != nil {
-		return nil, diag.FromErr(err)
-	}
-	grant, err := flow.Authorize()
-	if err != nil {
-		return nil, diag.FromErr(err)
+	defaultClientId := os.Getenv("GLOBAL_DEFAULT_CLIENT_ID")
+	defaultClientSecret := os.Getenv("GLOBAL_DEFAULT_CLIENT_SECRET")
+	//defaultClientEmail := os.Getenv("GLOBAL_DEFAULT_CLIENT_EMAIL")
+	var keyFile *auth.KeyFile
+	var flow *auth.ClientCredentialsFlow
+	var grant *auth.AuthorizationGrant
+	var issuer auth.Issuer
+	if defaultClientId != "" && defaultClientSecret != "" {
+		keyFile = &auth.KeyFile{
+			ClientID:     defaultClientId,
+			ClientSecret: defaultClientSecret,
+		}
+		issuer = auth.Issuer{
+			IssuerEndpoint: defaultIssuer,
+			ClientID:       keyFile.ClientID,
+			Audience:       defaultAudience,
+		}
+		authorizationGrant := &auth.AuthorizationGrant{
+			Type:              auth.GrantTypeClientCredentials,
+			ClientCredentials: keyFile,
+		}
+
+		refresher, err := auth.NewDefaultClientCredentialsGrantRefresher(issuer, clock.RealClock{})
+		if err != nil {
+			return nil, diag.FromErr(err)
+		}
+		grant, err = refresher.Refresh(authorizationGrant)
+		if err != nil {
+			return nil, diag.FromErr(err)
+		}
+	} else {
+		keyFilePath := d.Get("key_file_path").(string)
+		credsProvider := auth.NewClientCredentialsProviderFromKeyFile(keyFilePath)
+		keyFile, err = credsProvider.GetClientCredentials()
+		if err != nil {
+			return nil, diag.FromErr(err)
+		}
+		issuer = auth.Issuer{
+			IssuerEndpoint: defaultIssuer,
+			ClientID:       keyFile.ClientID,
+			Audience:       defaultAudience,
+		}
+		flow, err = auth.NewDefaultClientCredentialsFlow(issuer, keyFilePath)
+		if err != nil {
+			return nil, diag.FromErr(err)
+		}
+		grant, err = flow.Authorize()
+		if err != nil {
+			return nil, diag.FromErr(err)
+		}
 	}
 	streams := genericclioptions.IOStreams{
 		In:     os.Stdin,

diff --git a/cloud/provider_test.go b/cloud/provider_test.go
@@ -46,7 +46,11 @@ func TestProvider_impl(t *testing.T) {
 }
 
 func testAccPreCheck(t *testing.T) {
-	if v := os.Getenv("KEY_FILE_PATH"); v == "" {
-		t.Fatal("KEY_FILE_PATH must be set for acceptance tests")
+	keyFilePath := os.Getenv("KEY_FILE_PATH")
+	clientId := os.Getenv("GLOBAL_DEFAULT_CLIENT_ID")
+	clientSecret := os.Getenv("GLOBAL_DEFAULT_CLIENT_SECRET")
+	if keyFilePath == "" && clientId == "" && clientSecret == "" {
+		t.Fatal("KEY_FILE_PATH or GLOBAL_DEFAULT_CLIENT_ID," +
+			"GLOBAL_DEFAULT_CLIENT_SECRET must be set for acceptance tests")
 	}
 }
diff --git a/docs/data-sources/pulsar_cluster.md b/docs/data-sources/pulsar_cluster.md
@@ -36,6 +36,7 @@ description: |-
 - `pulsar_tls_service_url` (String) The service url of the pulsar cluster, use it to produce and consume message
 - `pulsar_version` (String) The version of the pulsar cluster
 - `ready` (String) Pulsar cluster is ready, it will be set to 'True' after the cluster is ready
+- `release_channel` (String) The release channel of the pulsar cluster subscribe to, it must to be lts or rapid, default rapid
 - `storage_unit` (Number) storage unit, 1 storage unit is 2 cpu and 8gb memory
 - `websocket_service_url` (String) If you want to connect to the pulsar cluster using the websocket protocol, use this websocket service url
 

diff --git a/docs/index.md b/docs/index.md
@@ -15,6 +15,6 @@ description: |-
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
+### Optional
 
 - `key_file_path` (String) The path of the private key file
diff --git a/go.mod b/go.mod
@@ -15,6 +15,7 @@ require (
 	k8s.io/cli-runtime v0.24.3
 	k8s.io/client-go v12.0.0+incompatible
 	k8s.io/kubectl v0.24.3
+	k8s.io/utils v0.0.0-20230505201702-9f6742963106
 )
 
 require (
@@ -165,7 +166,6 @@ require (
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
-	k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
 	sigs.k8s.io/apiserver-builder-alpha v1.18.0 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect

diff --git a/go.sum b/go.sum
@@ -519,8 +519,6 @@ github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/streamnative/apiserver-builder-alpha v0.0.0-20230717175906-0f9240887463 h1:ukAAbYtzonTxP/zNwAZhFVvsqc6A8fVWSKwH9Yfu9w0=
 github.com/streamnative/apiserver-builder-alpha v0.0.0-20230717175906-0f9240887463/go.mod h1:W1q2VCPvT9GjMUsFX4JYmdXfSAYsrmLVLALfutt5LsE=
-github.com/streamnative/cloud-api-server v1.17.1-0.20240201114855-a7d3a65094e8 h1:xBeOFWaVodZLoF0G9suB+XcV1wts3bWAyQII0bjCwSk=
-github.com/streamnative/cloud-api-server v1.17.1-0.20240201114855-a7d3a65094e8/go.mod h1:rnneB8IS0MtXXwi/HAXxBojs2qQj8w2taq48WCrYhv8=
 github.com/streamnative/cloud-api-server v1.25.3 h1:Dvr7H7tyOKCKGwj5JmO7KGN2TVlu9KrsF/Ih3zBce1c=
 github.com/streamnative/cloud-api-server v1.25.3/go.mod h1:GX9siEefhX5wq6u3ay3lh8taVVvM7TTTGnXuJrWksWw=
 github.com/streamnative/cloud-cli v0.14.3-0.20240202094224-5eec608e4680 h1:PRqjyTsfwTCAd3SGDjgPT4Nmbczeegdm/ApyDGr14PA=