Skip to content

refactor: retire env-var credential path for proxmox and opnsense providers#562

Merged
endavis merged 1 commit intomainfrom
refactor/554-retire-env-var-credentials
Apr 12, 2026
Merged

refactor: retire env-var credential path for proxmox and opnsense providers#562
endavis merged 1 commit intomainfrom
refactor/554-retire-env-var-credentials

Conversation

@endavis
Copy link
Copy Markdown
Owner

@endavis endavis commented Apr 12, 2026

Description

Retire the environment-variable credential path for Proxmox and OPNsense providers. Both providers now receive credentials exclusively through SOPS-decrypted .tfvars files, eliminating the redundant CredentialLoader -> os.environ -> TF_VAR_* pipeline that was a legacy holdover.

Addresses #554

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Code refactoring
  • Performance improvement
  • Test improvement

Changes Made

  • Deleted proxmox_loader.py and opnsense_loader.py credential loaders
  • Removed _CREDENTIAL_ENV_MAPPING and os.environ lookup from ProxmoxProvider.get_terraform_env_vars() and OPNsenseProvider.get_terraform_env_vars()
  • Removed Proxmox/OPNsense entries from CredentialLoader.PROVIDER_LOADERS registry
  • Cleaned up credential_loader/__init__.py exports
  • Simplified Proxmox variables.tf.j2 descriptions (removed stale env-var references)
  • Updated documentation: credential-loader-system.md, ci-cd-deployment.md, ci-cd-with-separate-config-repo.md, ENV_EXAMPLE.md, ENVRC_LOCAL.md, direnv.md
  • Updated tests to use Kubernetes provider examples instead of removed Proxmox/OPNsense loaders

Testing

  • All existing tests pass (doit check passes)
  • Updated test_credential_loader.py and test_cli_credentials.py to remove references to deleted loaders
  • Manually verified no remaining references to the deleted modules

Checklist

  • My code follows the code style of this project (ran doit format)
  • I have run linting checks (doit lint)
  • I have run type checking (doit type_check)
  • I have added tests that prove my fix is effective or that my feature works
  • All new and existing tests pass (doit test)
  • I have updated the documentation accordingly
  • I have updated the CHANGELOG.md
  • My changes generate no new warnings

Additional Notes

This is a breaking change for anyone relying on PROXMOX_API_URL, PROXMOX_API_TOKEN_ID, PROXMOX_API_TOKEN_SECRET, OPNSENSE_API_URL, OPNSENSE_API_KEY, or OPNSENSE_API_SECRET environment variables to pass credentials. The .tfvars-based path (via SOPS secrets) is now the only supported mechanism.

@endavis @claude
refactor: retire env-var credential path for proxmox and opnsense pro…
b461d86 
…viders

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 12, 2026

⚠️ API Breaking Changes Detected

The following breaking changes were detected by griffe:

src/infrafoundry/core/credential_loader/credential_loader.py:41: CredentialLoader.PROVIDER_LOADERS:
Attribute value was changed:
  Old: {'proxmox': ProxmoxCredentialLoader, 'opnsense': OPNsenseCredentialLoader, 'kubernetes': KubernetesCredentialLoader}
  New: {'kubernetes': KubernetesCredentialLoader}

src/infrafoundry/core/credential_loader/__init__.py:0: OPNsenseCredentialLoader:
Public object was removed

src/infrafoundry/core/credential_loader/__init__.py:0: ProxmoxCredentialLoader:
Public object was removed

src/infrafoundry/core/credential_loader/proxmox_loader.py:0: <module>:
Public object was removed

src/infrafoundry/core/credential_loader/opnsense_loader.py:0: <module>:
Public object was removed

✅ Breaking Change Documented

This PR includes breaking change documentation.

Before merging, verify:

  • Migration guide in CHANGELOG.md
  • Documentation updated
  • Version will be bumped appropriately (major version)

github-actions[bot]
github-actions bot reviewed Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Benchmark

Details
Benchmark suite Current: b461d86 Previous: 75f3d27 Ratio
tests/benchmarks/test_placeholder.py::test_import_time 7454.4991992532505 iter/sec (stddev: 0.000009200307612621936) 9439.317642212467 iter/sec (stddev: 0.000016589072149731227) 1.27

This comment was automatically generated by workflow using github-action-benchmark.

github-actions[bot]
github-actions bot reviewed Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.10.

Benchmark suite Current: b461d86 Previous: 75f3d27 Ratio
tests/benchmarks/test_placeholder.py::test_import_time 7454.4991992532505 iter/sec (stddev: 0.000009200307612621936) 9439.317642212467 iter/sec (stddev: 0.000016589072149731227) 1.27

This comment was automatically generated by workflow using github-action-benchmark.

@endavis endavis added the ready-to-merge PR is reviewed and ready to merge label Apr 12, 2026
@endavis endavis merged commit 286d6bb into main Apr 12, 2026
16 of 17 checks passed
@endavis endavis deleted the refactor/554-retire-env-var-credentials branch April 12, 2026 10:38
@endavis endavis mentioned this pull request Apr 12, 2026
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

ready-to-merge PR is reviewed and ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@endavis