From 8473e52167532b3626818ee3022db8907a284e98 Mon Sep 17 00:00:00 2001 From: Steffen Exler Date: Tue, 21 Jan 2025 17:01:35 +0100 Subject: [PATCH] Add kubeconfig expiration option for credentials (#1306) * feat(kubernetes): add kubeconfig expiration option for credentials Signed-off-by: Steffen Exler * refactor(kubernetes): remove default value for kubeconfig expiration Signed-off-by: Steffen Exler * docs(kubernetes): add kubeconfig_expire_seconds option to documentation Signed-off-by: Steffen Exler --------- Signed-off-by: Steffen Exler --- .../kubernetes/resource_kubernetes_cluster.go | 11 ++++++++++- docs/resources/kubernetes_cluster.md | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/digitalocean/kubernetes/resource_kubernetes_cluster.go b/digitalocean/kubernetes/resource_kubernetes_cluster.go index 2b548b3bd..92d99310e 100644 --- a/digitalocean/kubernetes/resource_kubernetes_cluster.go +++ b/digitalocean/kubernetes/resource_kubernetes_cluster.go @@ -191,6 +191,12 @@ func ResourceDigitalOceanKubernetesCluster() *schema.Resource { Optional: true, Default: false, }, + + "kubeconfig_expire_seconds": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntAtLeast(0), + }, }, Timeouts: &schema.ResourceTimeout{ @@ -424,7 +430,10 @@ func digitaloceanKubernetesClusterRead( } } if expiresAt.IsZero() || expiresAt.Before(time.Now()) { - creds, _, err := client.Kubernetes.GetCredentials(context.Background(), cluster.ID, &godo.KubernetesClusterCredentialsGetRequest{}) + expireSeconds := d.Get("kubeconfig_expire_seconds").(int) + creds, _, err := client.Kubernetes.GetCredentials(context.Background(), cluster.ID, &godo.KubernetesClusterCredentialsGetRequest{ + ExpirySeconds: &expireSeconds, + }) if err != nil { return diag.Errorf("Unable to fetch Kubernetes credentials: %s", err) } diff --git a/docs/resources/kubernetes_cluster.md b/docs/resources/kubernetes_cluster.md index 7ef8f5db3..6ab6cabca 100644 --- a/docs/resources/kubernetes_cluster.md +++ b/docs/resources/kubernetes_cluster.md @@ -167,6 +167,7 @@ The following arguments are supported: - `day` - (Required) The day of the maintenance window policy. May be one of "monday" through "sunday", or "any" to indicate an arbitrary week day. - `start_time` (Required) The start time in UTC of the maintenance window policy in 24-hour clock format / HH:MM notation (e.g., 15:00). * `destroy_all_associated_resources` - (Optional) **Use with caution.** When set to true, all associated DigitalOcean resources created via the Kubernetes API (load balancers, volumes, and volume snapshots) will be destroyed along with the cluster when it is destroyed. +* `kubeconfig_expire_seconds` - (Optional) The duration in seconds that the returned Kubernetes credentials will be valid. If not set or 0, the credentials will have a 7 day expiry. This resource supports [customized create timeouts](https://www.terraform.io/docs/language/resources/syntax.html#operation-timeouts). The default timeout is 30 minutes.