Resource identity support in SDKv2 Resources (#2751)

This commit adds ResourceIdentity support to the following SDKv2 resources:
* kubernetes_secret_v1
* kubernetes_namespace_v1
* kubernetes_service_account_v1
* kubernetes_service_v1
* kubernetes_pod_v1
* kubernetes_deployment_v1
* kubernetes_stateful_set_v1
* kubernetes_daemon_set_v1
* kubernetes_job_v1
* kubernetes_cron_job_v1
* kubernetes_horizontal_pod_autoscaler_v2
* kubernetes_ingress_v1
* kubernetes_ingress_class_v1
* kubernetes_network_policy_v1
* kubernetes_mutating_webhook_configuration_v1
* kubernetes_validating_webhook_configuration_v1
* kubernetes_cluster_role_v1
* kubernetes_cluster_role_binding_v1
* kubernetes_role_binding_v1
* kubernetes_role_v1

Author: jrhouston

.changelog/2751.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+Add support for ResourceIdentity to SDKv2 resources
+```

.github/workflows/checkers-and-linters.yml

@@ -21,7 +21,7 @@ jobs:
         go-version-file: 'go.mod'
     # Secrets are not available on pull requests.
     - name: Login to Docker Hub
-      if: github.ref == 'refs/heads/main'
+      if: ${{ github.event_name != 'pull_request' }}
       uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
       with:
         username: ${{ secrets.RO_DOCKERHUB_USER }}

kubernetes/resource_kubernetes_cluster_role_binding_v1.go

@@ -23,9 +23,9 @@ func resourceKubernetesClusterRoleBindingV1() *schema.Resource {
 		UpdateContext: resourceKubernetesClusterRoleBindingV1Update,
 		DeleteContext: resourceKubernetesClusterRoleBindingV1Delete,
 		Importer: &schema.ResourceImporter{
-			StateContext: schema.ImportStatePassthroughContext,
+			StateContext: resourceIdentityImportNonNamespaced,
 		},
-
+		Identity: resourceIdentitySchemaNonNamespaced(),
 		Schema: map[string]*schema.Schema{
 			"metadata": metadataSchemaRBAC("clusterRoleBinding", true, false),
 			"role_ref": {
@@ -65,7 +65,6 @@ func resourceKubernetesClusterRoleBindingV1Create(ctx context.Context, d *schema
 	}
 	log.Printf("[INFO] Creating new ClusterRoleBinding: %#v", binding)
 	binding, err = conn.RbacV1().ClusterRoleBindings().Create(ctx, binding, metav1.CreateOptions{})
-
 	if err != nil {
 		return diag.FromErr(err)
 	}
@@ -117,6 +116,11 @@ func resourceKubernetesClusterRoleBindingV1Read(ctx context.Context, d *schema.R
 		return diag.FromErr(err)
 	}
 
+	err = setResourceIdentityNonNamespaced(d, "rbac.authorization.k8s.io/v1", "ClusterRoleBinding", name)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	return nil
 }
 

kubernetes/resource_kubernetes_cluster_role_binding_v1_test.go

@@ -14,6 +14,10 @@ import (
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/hashicorp/terraform-plugin-testing/knownvalue"
+	"github.com/hashicorp/terraform-plugin-testing/statecheck"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
 )
 
 func TestAccKubernetesClusterRoleBindingV1_basic(t *testing.T) {
@@ -123,6 +127,39 @@ func TestAccKubernetesClusterRoleBindingV1_basic(t *testing.T) {
 	})
 }
 
+func TestAccKubernetesClusterRoleBindingV1_identity(t *testing.T) {
+	resourceName := "kubernetes_cluster_role_binding_v1.test"
+	name := fmt.Sprintf("tf-acc-test:%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckKubernetesClusterRoleBindingV1Destroy,
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.SkipBelow(tfversion.Version1_12_0),
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesClusterRoleBindingV1Config_basic(name),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectIdentity(
+						resourceName, map[string]knownvalue.Check{
+							"name":        knownvalue.StringExact(name),
+							"api_version": knownvalue.StringExact("rbac.authorization.k8s.io/v1"),
+							"kind":        knownvalue.StringExact("ClusterRoleBinding"),
+						},
+					),
+				},
+			},
+			{
+				ResourceName:    resourceName,
+				ImportState:     true,
+				ImportStateKind: resource.ImportBlockWithResourceIdentity,
+			},
+		},
+	})
+}
+
 func TestAccKubernetesClusterRoleBindingV1_generatedName(t *testing.T) {
 	var conf rbacv1.ClusterRoleBinding
 	prefix := "tf-acc-test-gen:"
@@ -313,7 +350,6 @@ func TestAccKubernetesClusterRoleBindingV1_UpdatePatchOperationsOrderWithRemoval
 
 func testAccCheckKubernetesClusterRoleBindingV1Destroy(s *terraform.State) error {
 	conn, err := testAccProvider.Meta().(KubeClientsets).MainClientset()
-
 	if err != nil {
 		return err
 	}

kubernetes/resource_kubernetes_cluster_role_v1.go

@@ -23,9 +23,9 @@ func resourceKubernetesClusterRoleV1() *schema.Resource {
 		UpdateContext: resourceKubernetesClusterRoleV1Update,
 		DeleteContext: resourceKubernetesClusterRoleV1Delete,
 		Importer: &schema.ResourceImporter{
-			StateContext: schema.ImportStatePassthroughContext,
+			StateContext: resourceIdentityImportNonNamespaced,
 		},
-
+		Identity: resourceIdentitySchemaNonNamespaced(),
 		Schema: map[string]*schema.Schema{
 			"metadata": metadataSchemaRBAC("clusterRole", true, false),
 			"rule": {
@@ -159,6 +159,10 @@ func resourceKubernetesClusterRoleV1Read(ctx context.Context, d *schema.Resource
 			return diag.FromErr(err)
 		}
 	}
+	err = setResourceIdentityNonNamespaced(d, "rbac.authorization.k8s.io/v1", "ClusterRole", name)
+	if err != nil {
+		return diag.FromErr(err)
+	}
 	return nil
 }
 

kubernetes/resource_kubernetes_cluster_role_v1_test.go

@@ -14,6 +14,10 @@ import (
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/hashicorp/terraform-plugin-testing/knownvalue"
+	"github.com/hashicorp/terraform-plugin-testing/statecheck"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
 )
 
 func TestAccKubernetesClusterRoleV1_basic(t *testing.T) {
@@ -68,6 +72,39 @@ func TestAccKubernetesClusterRoleV1_basic(t *testing.T) {
 	})
 }
 
+func TestAccKubernetesClusterRoleV1_identity(t *testing.T) {
+	resourceName := "kubernetes_cluster_role_v1.test"
+	name := acctest.RandomWithPrefix("tf-acc-test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckKubernetesClusterRoleV1Destroy,
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.SkipBelow(tfversion.Version1_12_0),
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesClusterRoleConfigV1_basic(name),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectIdentity(
+						resourceName, map[string]knownvalue.Check{
+							"name":        knownvalue.StringExact(name),
+							"api_version": knownvalue.StringExact("rbac.authorization.k8s.io/v1"),
+							"kind":        knownvalue.StringExact("ClusterRole"),
+						},
+					),
+				},
+			},
+			{
+				ResourceName:    resourceName,
+				ImportState:     true,
+				ImportStateKind: resource.ImportBlockWithResourceIdentity,
+			},
+		},
+	})
+}
+
 func TestAccKubernetesClusterRoleV1_generatedName(t *testing.T) {
 	var conf rbacv1.ClusterRole
 	prefix := "tf-acc-test-gen:"
@@ -287,7 +324,6 @@ func TestAccKubernetesClusterRoleV1_aggregationRuleRuleAggregation(t *testing.T)
 
 func testAccCheckKubernetesClusterRoleV1Destroy(s *terraform.State) error {
 	conn, err := testAccProvider.Meta().(KubeClientsets).MainClientset()
-
 	if err != nil {
 		return err
 	}

kubernetes/resource_kubernetes_config_map_v1.go

@@ -5,7 +5,6 @@ package kubernetes
 
 import (
 	"context"
-	"fmt"
 	"log"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -26,29 +25,7 @@ func resourceKubernetesConfigMapV1() *schema.Resource {
 		UpdateContext: resourceKubernetesConfigMapV1Update,
 		DeleteContext: resourceKubernetesConfigMapV1Delete,
 		Importer: &schema.ResourceImporter{
-			StateContext: func(ctx context.Context, rd *schema.ResourceData, i interface{}) ([]*schema.ResourceData, error) {
-				if rd.Id() != "" {
-					return []*schema.ResourceData{rd}, nil
-				}
-
-				rid, err := rd.Identity()
-				if err != nil {
-					return nil, err
-				}
-
-				namespace, ok := rid.Get("namespace").(string)
-				if !ok {
-					return nil, fmt.Errorf("could not get namespace from resource identity")
-				}
-				name, ok := rid.Get("name").(string)
-				if !ok {
-					return nil, fmt.Errorf("could not get name from resource identity")
-				}
-
-				rd.SetId(fmt.Sprintf("%s/%s", namespace, name))
-
-				return []*schema.ResourceData{rd}, nil
-			},
+			StateContext: resourceIdentityImportNamespaced,
 		},
 		CustomizeDiff: func(ctx context.Context, diff *schema.ResourceDiff, meta interface{}) error {
 			if diff.Id() == "" {
@@ -73,29 +50,7 @@ func resourceKubernetesConfigMapV1() *schema.Resource {
 
 			return nil
 		},
-		Identity: &schema.ResourceIdentity{
-			Version: 1,
-			SchemaFunc: func() map[string]*schema.Schema {
-				return map[string]*schema.Schema{
-					"namespace": {
-						Type:              schema.TypeString,
-						OptionalForImport: true,
-					},
-					"name": {
-						Type:              schema.TypeString,
-						RequiredForImport: true,
-					},
-					"api_version": {
-						Type:              schema.TypeString,
-						RequiredForImport: true,
-					},
-					"kind": {
-						Type:              schema.TypeString,
-						RequiredForImport: true,
-					},
-				}
-			},
-		},
+		Identity: resourceIdentitySchemaNamespaced(),
 		Schema: map[string]*schema.Schema{
 			"metadata": namespacedMetadataSchema("config map", true),
 			"binary_data": {

kubernetes/resource_kubernetes_cron_job_v1.go

@@ -27,8 +27,9 @@ func resourceKubernetesCronJobV1() *schema.Resource {
 		UpdateContext: resourceKubernetesCronJobV1Update,
 		DeleteContext: resourceKubernetesCronJobV1Delete,
 		Importer: &schema.ResourceImporter{
-			StateContext: schema.ImportStatePassthroughContext,
+			StateContext: resourceIdentityImportNamespaced,
 		},
+		Identity: resourceIdentitySchemaNamespaced(),
 		Timeouts: &schema.ResourceTimeout{
 			Delete: schema.DefaultTimeout(1 * time.Minute),
 		},
@@ -160,6 +161,10 @@ func resourceKubernetesCronJobV1Read(ctx context.Context, d *schema.ResourceData
 		return diag.FromErr(err)
 	}
 
+	err = setResourceIdentityNamespaced(d, "batch/v1", "CronJob", namespace, name)
+	if err != nil {
+		return diag.FromErr(err)
+	}
 	return nil
 }
 

kubernetes/resource_kubernetes_cron_job_v1_test.go

@@ -14,6 +14,10 @@ import (
 
 	batchv1 "k8s.io/api/batch/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/hashicorp/terraform-plugin-testing/knownvalue"
+	"github.com/hashicorp/terraform-plugin-testing/statecheck"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
 )
 
 func TestAccKubernetesCronJobV1_basic(t *testing.T) {
@@ -126,6 +130,43 @@ func TestAccKubernetesCronJobV1_extra(t *testing.T) {
 	})
 }
 
+func TestAccKubernetesCronJobV1_identity(t *testing.T) {
+	name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	imageName := busyboxImage
+	resourceName := "kubernetes_cron_job_v1.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.SkipBelow(tfversion.Version1_12_0),
+		},
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckKubernetesCronJobV1Destroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesCronJobV1Config_basic(name, imageName),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectIdentity(
+						resourceName, map[string]knownvalue.Check{
+							"namespace":   knownvalue.StringExact("default"),
+							"name":        knownvalue.StringExact(name),
+							"api_version": knownvalue.StringExact("batch/v1"),
+							"kind":        knownvalue.StringExact("CronJob"),
+						},
+					),
+				},
+			},
+			{
+				ResourceName:    resourceName,
+				ImportState:     true,
+				ImportStateKind: resource.ImportBlockWithResourceIdentity,
+			},
+		},
+	})
+}
+
 func TestAccKubernetesCronJobV1_minimalWithTemplateNamespace(t *testing.T) {
 	var conf1, conf2 batchv1.CronJob
 
@@ -273,7 +314,6 @@ func TestAccKubernetesCronJobV1_minimalWithBackoffLimitPerIndex(t *testing.T) {
 
 func testAccCheckKubernetesCronJobV1Destroy(s *terraform.State) error {
 	conn, err := testAccProvider.Meta().(KubeClientsets).MainClientset()
-
 	if err != nil {
 		return err
 	}

kubernetes/resource_kubernetes_daemon_set_v1.go

@@ -30,8 +30,9 @@ func resourceKubernetesDaemonSetV1() *schema.Resource {
 		UpdateContext: resourceKubernetesDaemonSetV1Update,
 		DeleteContext: resourceKubernetesDaemonSetV1Delete,
 		Importer: &schema.ResourceImporter{
-			StateContext: schema.ImportStatePassthroughContext,
+			StateContext: resourceIdentityImportNamespaced,
 		},
+		Identity: resourceIdentitySchemaNamespaced(),
 		StateUpgraders: []schema.StateUpgrader{
 			{
 				Version: 0,
@@ -277,6 +278,10 @@ func resourceKubernetesDaemonSetV1Read(ctx context.Context, d *schema.ResourceDa
 		return diag.FromErr(err)
 	}
 
+	err = setResourceIdentityNamespaced(d, "apps/v1", "DaemonSet", namespace, name)
+	if err != nil {
+		return diag.FromErr(err)
+	}
 	return nil
 }