Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use provider credentials if they are set in extractClusterApiKeyAndApiSecret #328

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: use provider credentials if they are set in extractClusterApiKeyAndApiSecret #328

wants to merge 1 commit into from

Conversation

jaylevin
Copy link

@jaylevin jaylevin commented Nov 14, 2023
edited
Loading

Current behavior:
With the following API Key based provider authentication:

# Option #1: Manage multiple clusters in the same Terraform workspace
provider "confluent" {
  cloud_api_key    = var.confluent_cloud_api_key    # optionally use CONFLUENT_CLOUD_API_KEY env var
  cloud_api_secret = var.confluent_cloud_api_secret # optionally use CONFLUENT_CLOUD_API_SECRET env var
}

Any CRUD operations on a kafka_acl results in the ACL's referenced credentials being used for authentication instead of the cloud_api_key and cloud_api_secret defined in the provider block.

Expected behavior:

I would expect the creation, reading, deletion, or update of a kafka_acl to use the provider's configured APIKey/secret defined in the provider "confluent" { .. } block.

However, because isKafkaMetadataSet checks for the kafka_rest_endpoint to be set in order for the provider's APIkey/secret to be used for CRUD of a kafka_acl, this is not happening. Instead the CRUD operations of a KafkaACL are using the API Key referenced in the kafka_acl's credentials block. Essentially this block is executed instead of this one.

I am wondering if there is a specific reason why the confluent provider is using the ACL's referenced credentials for authentication versus the credentials defined in the provider block? If there is no special reason for this, I think #328 would be a good solution for this problem.

fixes #329

@jaylevin jaylevin requested a review from a team as a code owner November 14, 2023 20:55
@cla-assistant CLA Assistant
Copy link

cla-assistant bot commented Nov 14, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@jaylevin jaylevin changed the title feat: use provider credentials if they are set during api key extraction feat: use provider credentials if they are set in extractClusterApiKeyAndApiSecret Nov 14, 2023
@jaylevin jaylevin mentioned this pull request Nov 14, 2023
Open
@jaylevin jaylevin changed the title feat: use provider credentials if they are set in extractClusterApiKeyAndApiSecret fix: use provider credentials if they are set in extractClusterApiKeyAndApiSecret Nov 14, 2023
@jaylevin
Copy link
Author

@linouk23 Let me know if this change makes sense to you, or if you have any questions/concerns regarding the change. Thanks!

Lucatronlk pushed a commit to Lucatronlk/terraform-provider-confluent that referenced this pull request Dec 28, 2023
@linouk23
Fix a typo (confluentinc#328)
80d1cce
andrewjc03
andrewjc03 approved these changes Mar 6, 2024
View reviewed changes
Copy link

@andrewjc03 andrewjc03 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very useful for me, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewjc03 andrewjc03 andrewjc03 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CRUD operations of kafka_acl uses the APIKey in the credentials block instead of provider block
2 participants
@jaylevin @andrewjc03