Provider Config / Secret ?

[milkpirate]

Could you please add an example of what to put in the provider configs secret? Sadly this detail, most provider documentations are missing 😞

[cdloh]

I'll gather this for you later this week :)

Are you looking to actively use this @milkpirate ?

I haven't updated this for a while but happy to give it a dust off if you want.

[milkpirate]

Yes 😄, I have quite a cloudflare setup and would like to put that in code. I already tired other providers (namely: https://github.com/crossplane-contrib/provider-cloudflare) but it seems to be totally outdated and under-featured.

[milkpirate]

Ok, realized there are example and found the one for the provider config's secret. This works like a charm ❤️ (with the global API key).

Though is it possible to use the API tokens with finer grained / less permissions?

Replaced the credentials JSON in the secret data with just:

    {
      "api_token": "<token>"
    }

and it "kinda" works, but though the token has edit permissions, the provider cannot observe the resources at CF:

...
status:
  conditions:
  - lastTransitionTime: "2024-04-01T21:56:02Z"
    message: 'observe failed: cannot run refresh: refresh failed: unable to find Access
      Identity Provider "daceeda4-e214-4ba6-8952-3f9c0ab68157": Authentication error
      (10000): '
    reason: ReconcileError
    status: "False"
...

even adding read permissions does not resolve the issue.

[cdloh]

What resource are you trying that with @milkpirate ?

[milkpirate]

Trying to manage IdPs: https://doc.crds.dev/github.com/cdloh/provider-cloudflare/access.cloudflare.upbound.io/IdentityProvider/v1alpha1@v0.1.0

[cdloh]

Can you confirm what API permissions you've given the token? Preferably a screenshot of the API settings from the dashboard

I'll try to find some time tomorrow to test and fix if needed

[milkpirate]

EDIT:
Realized that there is another more suiting permission. Its a but unclear how the WebUI "paths" map to the permissions in the selection, but thats not your problem. Anyway, with the following it works! 👍

[cdloh]

Great news @milkpirate!

I'm still going to work on getting a version of the provider out that supports V4 of the Terraform Provider. But its a bit more work to support the Plugin Framework.

[milkpirate]

Hmh... I see, the source here is generated right? From the the TF provider source. Hm... I guess the upbound generator is just having a look at the resources part, not additional stuff like the plugin framework. Sadly I was hardly using any of the code-to-code generation so far. Just once wrote some providers in Go... like manually. Are you related to Cloudflare or is it just for fun?

[cdloh]

It's fine support was recently added in upjet ( https://github.com/crossplane/upjet/releases/tag/v1.1.0 ) I've just gotta figure out how to configure it correctly