Add kubeconfig expiration option for credentials (#1306)

* feat(kubernetes): add kubeconfig expiration option for credentials Signed-off-by: Steffen Exler <steffen@exivity.com> * refactor(kubernetes): remove default value for kubeconfig expiration Signed-off-by: Steffen Exler <steffen@exivity.com> * docs(kubernetes): add kubeconfig_expire_seconds option to documentation Signed-off-by: Steffen Exler <steffen@exivity.com> --------- Signed-off-by: Steffen Exler <steffen@exivity.com>
digitalocean · Jan 21, 2025 · 8473e52 · 8473e52
1 parent 172b96c
commit 8473e52
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/digitalocean/kubernetes/resource_kubernetes_cluster.go b/digitalocean/kubernetes/resource_kubernetes_cluster.go
@@ -191,6 +191,12 @@ func ResourceDigitalOceanKubernetesCluster() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+
+			"kubeconfig_expire_seconds": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ValidateFunc: validation.IntAtLeast(0),
+			},
 		},
 
 		Timeouts: &schema.ResourceTimeout{
@@ -424,7 +430,10 @@ func digitaloceanKubernetesClusterRead(
 		}
 	}
 	if expiresAt.IsZero() || expiresAt.Before(time.Now()) {
-		creds, _, err := client.Kubernetes.GetCredentials(context.Background(), cluster.ID, &godo.KubernetesClusterCredentialsGetRequest{})
+		expireSeconds := d.Get("kubeconfig_expire_seconds").(int)
+		creds, _, err := client.Kubernetes.GetCredentials(context.Background(), cluster.ID, &godo.KubernetesClusterCredentialsGetRequest{
+			ExpirySeconds: &expireSeconds,
+		})
 		if err != nil {
 			return diag.Errorf("Unable to fetch Kubernetes credentials: %s", err)
 		}

diff --git a/docs/resources/kubernetes_cluster.md b/docs/resources/kubernetes_cluster.md
@@ -167,6 +167,7 @@ The following arguments are supported:
   - `day` - (Required) The day of the maintenance window policy. May be one of "monday" through "sunday", or "any" to indicate an arbitrary week day.
   - `start_time` (Required) The start time in UTC of the maintenance window policy in 24-hour clock format / HH:MM notation (e.g., 15:00).
 * `destroy_all_associated_resources` - (Optional) **Use with caution.** When set to true, all associated DigitalOcean resources created via the Kubernetes API (load balancers, volumes, and volume snapshots) will be destroyed along with the cluster when it is destroyed.
+* `kubeconfig_expire_seconds` - (Optional) The duration in seconds that the returned Kubernetes credentials will be valid. If not set or 0, the credentials will have a 7 day expiry.
 
 This resource supports [customized create timeouts](https://www.terraform.io/docs/language/resources/syntax.html#operation-timeouts). The default timeout is 30 minutes.