hashicorp · alexsomesan · Oct 17, 2018 · Jun 12, 2017 · Mar 18, 2018 · Feb 28, 2018
diff --git a/.travis.yml b/.travis.yml
@@ -1,5 +1,7 @@
 dist: trusty
-sudo: false
+sudo: required
+services:
+- docker
 language: go
 go:
 - 1.9
@@ -16,6 +18,7 @@ script:
 - make test
 - make vendor-status
 - make vet
+- make website-test
 
 branches:
   only:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,26 +1,43 @@
-## 1.1.0 (Unreleased)
+## 1.3.0 (Unreleased)
+## 1.2.0 (August 15, 2018)
+
+IMPROVEMENTS:
+
+* resource/kubernetes_pod: Add timeout to pod resource create and delete ([#151](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/151))
+* resource/kubernetes_pod: Add support for init containers ([#156](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/156))
+
+BUG FIXES:
+
+* name label: All name labels will now allow DNS1123 subdomain format ex: `my.label123` ([#152](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/152))
+* resource/kubernetes_service: Switch targetPort to string ([#154](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/154))
+* data/kubernetes_service: Switch targetPort to string ([#159](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/159))
+* resource/kubernetes_pod: env var value change forces new pod ([#155](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/155))
+* Fix example in docs for an image pull secret ([#165](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/165))
+
+## 1.1.0 (March 23, 2018)
 
 NOTES:
 
 * provider: Client library updated to support Kubernetes `1.7`
 
 IMPROVEMENTS:
 
-* resource/kubernetes_persistent_volume_claim: Improve event log polling for warnings [GH-125]
-* resource/kubernetes_persistent_volume: Add support for `storage_class_name` [GH-111]
+* resource/kubernetes_persistent_volume_claim: Improve event log polling for warnings ([#125](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/125))
+* resource/kubernetes_persistent_volume: Add support for `storage_class_name` ([#111](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/111))
 
 BUG FIXES:
 
-* resource/kubernetes_secret: Prevent binary data corruption [GH-103]
-* resource/kubernetes_persistent_volume: Update `persistent_volume_reclaim_policy` correctly [GH-111]
-* resource/kubernetes_service: Update external_ips correctly on K8S 1.8+ [GH-127]
-* resource/kubernetes_*: Fix adding labels/annotations to resources when those were empty [GH-116]
-* resource/kubernetes_*: Treat non-string label values as invalid [GH-135]
-* resource/kubernetes_config_map: Fix adding `data` when it was empty [GH-116]
-* resource/kubernetes_secret: Fix adding `data` when it was empty [GH-116]
-* resource/kubernetes_limit_range: Avoid spurious diff when spec is empty [GH-132]
-* resource/kubernetes_persistent_volume: Use correct operation when updating `persistent_volume_source` (`1.8`) [GH-133]
-* resource/kubernetes_pod: Bump deletion timeout to 5 mins [GH-136]
+* resource/kubernetes_secret: Prevent binary data corruption ([#103](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/103))
+* resource/kubernetes_persistent_volume: Update `persistent_volume_reclaim_policy` correctly ([#111](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/111))
+* resource/kubernetes_service: Update external_ips correctly on K8S 1.8+ ([#127](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/127))
+* resource/kubernetes_*: Fix adding labels/annotations to resources when those were empty ([#116](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/116))
+* resource/kubernetes_*: Treat non-string label values as invalid ([#135](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/135))
+* resource/kubernetes_config_map: Fix adding `data` when it was empty ([#116](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/116))
+* resource/kubernetes_secret: Fix adding `data` when it was empty ([#116](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/116))
+* resource/kubernetes_limit_range: Avoid spurious diff when spec is empty ([#132](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/132))
+* resource/kubernetes_persistent_volume: Use correct operation when updating `persistent_volume_source` (`1.8`) ([#133](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/133))
+* resource/kubernetes_persistent_volume: Mark persistent_volume_source as ForceNew on `1.9+` ([#139](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/139))
+* resource/kubernetes_pod: Bump deletion timeout to 5 mins ([#136](https://github.com/terraform-providers/terraform-provider-kubernetes/issues/136))
 
 ## 1.0.1 (November 13, 2017)
 

diff --git a/GNUmakefile b/GNUmakefile
@@ -1,5 +1,7 @@
 TEST?=$$(go list ./... |grep -v 'vendor')
 GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
+WEBSITE_REPO=github.com/hashicorp/terraform-website
+PKG_NAME=kubernetes
 
 default: build
 
@@ -38,10 +40,24 @@ vendor-status:
 test-compile:
 	@if [ "$(TEST)" = "./..." ]; then \
 		echo "ERROR: Set TEST to a specific package. For example,"; \
-		echo "  make test-compile TEST=./aws"; \
+		echo "  make test-compile TEST=./$(PKG_NAME)"; \
 		exit 1; \
 	fi
 	go test -c $(TEST) $(TESTARGS)
 
-.PHONY: build test testacc vet fmt fmtcheck errcheck vendor-status test-compile
+website:
+ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO)))
+	echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..."
+	git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO)
+endif
+	@$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME)
+
+website-test:
+ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO)))
+	echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..."
+	git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO)
+endif
+	@$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME)
+
+.PHONY: build test testacc vet fmt fmtcheck errcheck vendor-status test-compile website website-test
 
diff --git a/README.md b/README.md
@@ -9,7 +9,9 @@
 Maintainers
 -----------
 
-This provider plugin is maintained by the Terraform team at [HashiCorp](https://www.hashicorp.com/).
+We are [actively looking for a Software Engineer](https://www.hashicorp.com/jobs/1185127)
+to work full-time in the Terraform team at [HashiCorp](https://www.hashicorp.com/)
+to maintain this provider.
 
 ## Requirements
 
@@ -19,17 +21,17 @@ This provider plugin is maintained by the Terraform team at [HashiCorp](https://
 
 ## Building The Provider
 
-Clone repository to: `$GOPATH/src/github.com/terraform-providers/terraform-provider-$PROVIDER_NAME`
+Clone repository to: `$GOPATH/src/github.com/terraform-providers/terraform-provider-kubernetes`
 
 ```sh
 $ mkdir -p $GOPATH/src/github.com/terraform-providers; cd $GOPATH/src/github.com/terraform-providers
-$ git clone git@github.com:terraform-providers/terraform-provider-$PROVIDER_NAME
+$ git clone git@github.com:terraform-providers/terraform-provider-kubernetes
 ```
 
 Enter the provider directory and build the provider
 
 ```sh
-$ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-$PROVIDER_NAME
+$ cd $GOPATH/src/github.com/terraform-providers/terraform-provider-kubernetes
 $ make build
 ```
 
@@ -52,7 +54,7 @@ To compile the provider, run `make build`. This will build the provider and put
 ```sh
 $ make build
 ...
-$ $GOPATH/bin/terraform-provider-$PROVIDER_NAME
+$ $GOPATH/bin/terraform-provider-kubernetes
 ...
 ```
 

diff --git a/kubernetes/data_source_kubernetes_service.go b/kubernetes/data_source_kubernetes_service.go
@@ -75,7 +75,7 @@ func dataSourceKubernetesService() *schema.Resource {
 										Computed:    true,
 									},
 									"target_port": {
-										Type:        schema.TypeInt,
+										Type:        schema.TypeString,
 										Description: "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. This field is ignored for services with `cluster_ip = \"None\"`. More info: http://kubernetes.io/docs/user-guide/services#defining-a-service",
 										Computed:    true,
 									},

diff --git a/kubernetes/event_helpers.go b/kubernetes/event_helpers.go
@@ -5,10 +5,10 @@ import (
 	"log"
 	"sort"
 
+	api "k8s.io/api/core/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/fields"
 	kubernetes "k8s.io/client-go/kubernetes"
-	api "k8s.io/client-go/pkg/api/v1"
 )
 
 func getLastWarningsForObject(conn *kubernetes.Clientset, metadata meta_v1.ObjectMeta, kind string, limit int) ([]api.Event, error) {

diff --git a/kubernetes/provider.go b/kubernetes/provider.go
@@ -122,6 +122,7 @@ func Provider() terraform.ResourceProvider {
 			"kubernetes_service":                   resourceKubernetesService(),
 			"kubernetes_service_account":           resourceKubernetesServiceAccount(),
 			"kubernetes_storage_class":             resourceKubernetesStorageClass(),
+			"kubernetes_cluster_role_binding":      resourceKubernetesClusterRoleBinding(),
 		},
 		ConfigureFunc: providerConfigure,
 	}

diff --git a/kubernetes/provider_test.go b/kubernetes/provider_test.go
@@ -11,9 +11,9 @@ import (
 	"github.com/hashicorp/terraform/terraform"
 	"github.com/terraform-providers/terraform-provider-aws/aws"
 	"github.com/terraform-providers/terraform-provider-google/google"
+	api "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kubernetes "k8s.io/client-go/kubernetes"
-	api "k8s.io/client-go/pkg/api/v1"
 )
 
 var testAccProviders map[string]terraform.ResourceProvider

diff --git a/kubernetes/resource_kubernetes_cluster_role_binding.go b/kubernetes/resource_kubernetes_cluster_role_binding.go
@@ -0,0 +1,158 @@
+package kubernetes
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	api "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	pkgApi "k8s.io/apimachinery/pkg/types"
+	kubernetes "k8s.io/client-go/kubernetes"
+)
+
+func resourceKubernetesClusterRoleBinding() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceKubernetesClusterRoleBindingCreate,
+		Read:   resourceKubernetesClusterRoleBindingRead,
+		Exists: resourceKubernetesClusterRoleBindingExists,
+		Update: resourceKubernetesClusterRoleBindingUpdate,
+		Delete: resourceKubernetesClusterRoleBindingDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"metadata": metadataSchema("clusterRoleBinding", false),
+			"role_ref": {
+				Type:        schema.TypeMap,
+				Description: "RoleRef references the Cluster Role for this binding",
+				Required:    true,
+				ForceNew:    true,
+				Elem: &schema.Resource{
+					Schema: rbacRoleRefSchema("ClusterRole"),
+				},
+			},
+			"subject": {
+				Type:        schema.TypeList,
+				Description: "Subjects defines the entities to bind a ClusterRole to.",
+				Required:    true,
+				MinItems:    1,
+				Elem: &schema.Resource{
+					Schema: rbacSubjectSchema(),
+				},
+			},
+		},
+	}
+}
+
+func resourceKubernetesClusterRoleBindingCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*kubernetes.Clientset)
+
+	metadata := expandMetadata(d.Get("metadata").([]interface{}))
+	binding := &api.ClusterRoleBinding{
+		ObjectMeta: metadata,
+		RoleRef:    expandRBACRoleRef(d.Get("role_ref").(interface{})),
+		Subjects:   expandRBACSubjects(d.Get("subject").([]interface{})),
+	}
+	log.Printf("[INFO] Creating new ClusterRoleBinding: %#v", binding)
+	binding, err := conn.Rbac().ClusterRoleBindings().Create(binding)
+
+	if err != nil {
+		return err
+	}
+	log.Printf("[INFO] Submitted new ClusterRoleBinding: %#v", binding)
+	d.SetId(metadata.Name)
+
+	return resourceKubernetesClusterRoleBindingRead(d, meta)
+}
+
+func resourceKubernetesClusterRoleBindingRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*kubernetes.Clientset)
+
+	name := d.Id()
+	log.Printf("[INFO] Reading ClusterRoleBinding %s", name)
+	binding, err := conn.Rbac().ClusterRoleBindings().Get(name, meta_v1.GetOptions{})
+	if err != nil {
+		log.Printf("[DEBUG] Received error: %#v", err)
+		return err
+	}
+
+	log.Printf("[INFO] Received ClusterRoleBinding: %#v", binding)
+	err = d.Set("metadata", flattenMetadata(binding.ObjectMeta))
+	if err != nil {
+		return err
+	}
+
+	flattenedRef := flattenRBACRoleRef(binding.RoleRef)
+	log.Printf("[DEBUG] Flattened ClusterRoleBinding roleRef: %#v", flattenedRef)
+	err = d.Set("role_ref", flattenedRef)
+	if err != nil {
+		return err
+	}
+
+	flattenedSubjects := flattenRBACSubjects(binding.Subjects)
+	log.Printf("[DEBUG] Flattened ClusterRoleBinding subjects: %#v", flattenedSubjects)
+	err = d.Set("subject", flattenedSubjects)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func resourceKubernetesClusterRoleBindingUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*kubernetes.Clientset)
+
+	name := d.Id()
+
+	ops := patchMetadata("metadata.0.", "/metadata/", d)
+	if d.HasChange("subject") {
+		diffOps := patchRbacSubject(d)
+		ops = append(ops, diffOps...)
+	}
+	data, err := ops.MarshalJSON()
+	if err != nil {
+		return fmt.Errorf("Failed to marshal update operations: %s", err)
+	}
+	log.Printf("[INFO] Updating ClusterRoleBinding %q: %v", name, string(data))
+	out, err := conn.Rbac().ClusterRoleBindings().Patch(name, pkgApi.JSONPatchType, data)
+	if err != nil {
+		return fmt.Errorf("Failed to update ClusterRoleBinding: %s", err)
+	}
+	log.Printf("[INFO] Submitted updated ClusterRoleBinding: %#v", out)
+	d.SetId(out.ObjectMeta.Name)
+
+	return resourceKubernetesClusterRoleBindingRead(d, meta)
+}
+
+func resourceKubernetesClusterRoleBindingDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*kubernetes.Clientset)
+
+	name := d.Id()
+	log.Printf("[INFO] Deleting ClusterRoleBinding: %#v", name)
+	err := conn.Rbac().ClusterRoleBindings().Delete(name, &meta_v1.DeleteOptions{})
+	if err != nil {
+		return err
+	}
+	log.Printf("[INFO] ClusterRoleBinding %s deleted", name)
+
+	d.SetId("")
+	return nil
+}
+
+func resourceKubernetesClusterRoleBindingExists(d *schema.ResourceData, meta interface{}) (bool, error) {
+	conn := meta.(*kubernetes.Clientset)
+
+	name := d.Id()
+	log.Printf("[INFO] Checking ClusterRoleBinding %s", name)
+	_, err := conn.Rbac().ClusterRoleBindings().Get(name, meta_v1.GetOptions{})
+	if err != nil {
+		if statusErr, ok := err.(*errors.StatusError); ok && statusErr.ErrStatus.Code == 404 {
+			return false, nil
+		}
+		log.Printf("[DEBUG] Received error: %#v", err)
+	}
+	return true, err
+}