diff --git a/kubernetes/provider.go b/kubernetes/provider.go index b2004946d6..763381053b 100644 --- a/kubernetes/provider.go +++ b/kubernetes/provider.go @@ -101,6 +101,34 @@ func Provider() terraform.ResourceProvider { DefaultFunc: schema.EnvDefaultFunc("KUBE_LOAD_CONFIG_FILE", true), Description: "Load local kubeconfig.", }, + "exec": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "api_version": { + Type: schema.TypeString, + Required: true, + }, + "command": { + Type: schema.TypeString, + Required: true, + }, + "env": { + Type: schema.TypeMap, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "args": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + }, + Description: "", + }, }, DataSourcesMap: map[string]*schema.Resource{ @@ -181,6 +209,21 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { cfg.BearerToken = v.(string) } + if v, ok := d.GetOk("exec"); ok { + exec := &clientcmdapi.ExecConfig{} + if spec, ok := v.([]interface{})[0].(map[string]interface{}); ok { + exec.APIVersion = spec["api_version"].(string) + exec.Command = spec["command"].(string) + exec.Args = expandStringSlice(spec["args"].([]interface{})) + for kk, vv := range spec["env"].(map[string]interface{}) { + exec.Env = append(exec.Env, clientcmdapi.ExecEnvVar{Name: kk, Value: vv.(string)}) + } + } else { + return nil, fmt.Errorf("Failed to parse exec") + } + cfg.ExecProvider = exec + } + k, err := kubernetes.NewForConfig(cfg) if err != nil { return nil, fmt.Errorf("Failed to configure: %s", err) diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 29634e7f18..0039f6de30 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -109,4 +109,8 @@ The following arguments are supported: * `config_context_cluster` - (Optional) Cluster context of the kube config (name of the kubeconfig cluster, `--cluster` flag in `kubectl`). Can be sourced from `KUBE_CTX_CLUSTER`. * `token` - (Optional) Token of your service account. Can be sourced from `KUBE_TOKEN`. * `load_config_file` - (Optional) By default the local config (~/.kube/config) is loaded when you use this provider. This option at false disable this behaviour. Can be sourced from `KUBE_LOAD_CONFIG_FILE`. - +* `exec` - (Optional) Configuration block to use an [exec-based credential plugin] (https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials. + * `api_version` - (Required) API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`. + * `command` - (Required) Command to execute. + * `args` - (Optional) List of arguments to pass when executing the plugin. + * `env` - (Optional) Map of environment variables to set when executing the plugin.