Add support of client-go credential plugins in auth

[dh-harald]

Closes #161

[bflad]

This looks like this would close #161 so I have edited the PR description to automatically close it. I cannot provide a full review of this enhancement, but can provide some review of the Go/Terraform Provider SDK code. 👍

[alexsomesan]

Thanks for taking care of this issue. Change mostly looks good.
I've one suggestion about the type of structure used to model it. See below.

@bflad Happy to have your eyes on it too and please add any suggestions you might have.

[alexsomesan]

Can you please make this a TypeList instead?
I've found that in Terraform 0.12+ a TypeList works best for modeling a complex block, such as this.

[bflad]

With MaxItems: 1 configurations blocks, it is generally preferred to use Type: schema.TypeList to simplify handling. 👍

[bflad]

Since we are adding a new configuration block with nested arguments, we should appropriately document everything here. 👍

Suggested change

	* `exec` - (Optional) Exec-based client auth provider (https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins)
	* `exec` - (Optional) Configuration block to use an [exec-based credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials.
	* `api_version` - (Required) API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`.
	* `command` - (Required) Command to execute.
	* `args` - (Optional) List of arguments to pass when executing the plugin.
	* `env` - (Optional) Map of environment variables to set when executing the plugin.

[alexsomesan]

Also, would you mind breaking down this line into multiple steps and check for errors and nils on the type assertions. This looks like it has the potential to panic.

[dh-harald]

In theory, it should pass by the schema checker, but I've added an extra check to avoid the panic

[alexsomesan]

LGTM

[chancez]

Why wasn't this done as TypeMap?

[chancez]

Is this in a release? The code is in available at least in 1.10.0, but I'm getting:

Error: Unsupported argument

  on ../../modules/eks-cluster/main.tf line 70, in provider "kubernetes":
  70:   exec = [{

An argument named "exec" is not expected here. Did you mean to define a block
of type "exec"?

[chancez]

Ah, it's a block. I see.

  exec {
    api_version = "client.authentication.k8s.io/v1alpha1"
    command     = "aws-iam-authenticator"
    args        = concat(["token", "-i", data.aws_eks_cluster.cluster.name], local.authenticator_additional_args)
    env         = local.authenticator_env_vars
  }

[ballad89]

@chancez did the block above work for you ? what versions are you using ?

$ terraform version                                                                                         ✔  5506  17:22:08
Terraform v0.12.24
+ provider.aws v2.57.0
+ provider.external v1.2.0
+ provider.helm v1.1.1
+ provider.kubernetes v1.11.1
+ provider.local v1.4.0
+ provider.null v2.1.2
+ provider.random v2.2.1
+ provider.template v2.1.2

[chancez]

It did.

$ terraform version
Terraform v0.12.24
+ provider.aws v2.54.0
+ provider.kubernetes v1.10.0
+ provider.local v1.4.0
+ provider.null v2.1.2
+ provider.random v2.2.1
+ provider.template v2.1.2

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!