-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Kafka Credentials to ProviderConfig Secret #19
Add Kafka Credentials to ProviderConfig Secret #19
Conversation
….go; augmented e2e Signed-off-by: Dylan Moore <[email protected]>
"cloud_api_secret": "t0ps3cr3t11", | ||
"kafka_api_key": "kafka_admin", | ||
"kafka_api_secret": "P@55w0rd", | ||
"kafka_rest_endpoint": "https://abc-12345z.region.provider.confluent.cloud:443" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I noticed the confluent terraform docs also have a kafka_id
field in the provider auth block for single-cluster management option. Did you happen to know anything about that and if it's required or not?
ref: https://registry.terraform.io/providers/confluentinc/confluent/latest/docs#static-credentials
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good question.
I noticed kafka_id
on the terraform docs as well, but the specific error I was seeing with KafkaACL
s (and what @drneo-mehdi was seeing with KafkaTopic
s) only indicated that the key and secret were missing:
cannot run refresh: refresh failed: error reading Kafka Topic: one of (provider.kafka_api_key, provider.kafka_api_secret), (KAFKA_API_KEY, KAFKA_API_SECRET environment variables) or (resource.credentials.key, resource.credentials.secret) must be set:
That being said, I could try adding a kafka_id
/kafkaID
field to the ProviderConfig secret just in case I'm missing something. Let me know if you think that's warranted here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I personally haven't ran into any scenarios where I needed the kafka ID, but my team is only using the multi-cluster authentication method, which is why we never prioritized the other authentication method using kafka_rest_endpoint.
I'd say as long as it works we can get this merged and look into what role kafka_id plays at a later point 👍
Thank you for the contribution @dmvariphy! It looks good to me 🚀 One small suggestion I have is to document both provider authentication options in the example providerconfig secret, similar to how the provider's terraform docs have done it. |
… to providerconfig secret example Signed-off-by: Dylan Moore <[email protected]>
Hey @jaylevin - I added the providerconfig secret like you mentioned (d836b9d), and if you'd like me to add the |
This branch adds kafkaAPIKey, kafkaAPISecret, and kafkaRESTEndpoint to the ProviderConfig secret. This resolves #18, which affected import of resources after provider-confluent restarted. See Terraform confluent provider docs for more info about this:
Fixes #18
I have:
make reviewable test
to ensure this PR is ready for review.How has this code been tested
Successfully ran e2e test with a
kafkaacl
resource against a Confluent Cloud basic cluster. Built and deployed the changes in this branch to two control planes and verified previously out of synckafkaacl
resources are successfully re-synced.