Add Kafka Credentials to ProviderConfig Secret #19
Conversation
….go; augmented e2e Signed-off-by: Dylan Moore <[email protected]>
| "cloud_api_secret": "t0ps3cr3t11", | ||
| "kafka_api_key": "kafka_admin", | ||
| "kafka_api_secret": "P@55w0rd", | ||
| "kafka_rest_endpoint": "https://abc-12345z.region.provider.confluent.cloud:443" |
There was a problem hiding this comment.
I noticed the confluent terraform docs also have a kafka_id field in the provider auth block for single-cluster management option. Did you happen to know anything about that and if it's required or not?
ref: https://registry.terraform.io/providers/confluentinc/confluent/latest/docs#static-credentials
There was a problem hiding this comment.
That's a good question.
I noticed kafka_id on the terraform docs as well, but the specific error I was seeing with KafkaACLs (and what @drneo-mehdi was seeing with KafkaTopics) only indicated that the key and secret were missing:
cannot run refresh: refresh failed: error reading Kafka Topic: one of (provider.kafka_api_key, provider.kafka_api_secret), (KAFKA_API_KEY, KAFKA_API_SECRET environment variables) or (resource.credentials.key, resource.credentials.secret) must be set:
That being said, I could try adding a kafka_id/kafkaID field to the ProviderConfig secret just in case I'm missing something. Let me know if you think that's warranted here.
There was a problem hiding this comment.
I personally haven't ran into any scenarios where I needed the kafka ID, but my team is only using the multi-cluster authentication method, which is why we never prioritized the other authentication method using kafka_rest_endpoint.
I'd say as long as it works we can get this merged and look into what role kafka_id plays at a later point 👍
|
Thank you for the contribution @dmvariphy! It looks good to me 🚀 One small suggestion I have is to document both provider authentication options in the example providerconfig secret, similar to how the provider's terraform docs have done it. |
… to providerconfig secret example Signed-off-by: Dylan Moore <[email protected]>
|
Hey @jaylevin - I added the providerconfig secret like you mentioned (d836b9d), and if you'd like me to add the |
This branch adds kafkaAPIKey, kafkaAPISecret, and kafkaRESTEndpoint to the ProviderConfig secret. This resolves #18, which affected import of resources after provider-confluent restarted. See Terraform confluent provider docs for more info about this:
Fixes #18
I have:
make reviewable testto ensure this PR is ready for review.How has this code been tested
Successfully ran e2e test with a
kafkaaclresource against a Confluent Cloud basic cluster. Built and deployed the changes in this branch to two control planes and verified previously out of synckafkaaclresources are successfully re-synced.