Provider client connection rework (#34)

* feat: base client connection rework implemented and docs updated

* feat: base client connection refactored and consolidated for both modes

* feat: comments resolved

README.md

@@ -88,8 +88,9 @@ terraform {
 ```hcl
 # configure provider
 provider "conduktor" {
-  console_url = "http://localhost:8080"
-  api_token = "your-api-key" # can also use admin email/password to authenticate.
+  mode        = "console"
+  base_url    = "http://localhost:8080"
+  api_token   = "your-api-key" # can also use admin email/password to authenticate.
 }
 
 # register an external user bob with PLATFORM.userView permission

docs/index.md

@@ -16,45 +16,106 @@ The Conduktor provider is used to interact with the resources supported by Condu
 
 ## Example Usage
 
+### Console client only
+
 ```terraform
 provider "conduktor" {
+  mode = "console"
   # mandatory console URL
-  console_url = "http://localhost:8080" # or env vars CDK_CONSOLE_URL or CDK_BASE_URL
+  base_url = "http://localhost:8080" # or env vars CDK_CONSOLE_BASE_URL or CDK_BASE_URL
 
   # authentication either with api token or admin credentials
   api_token = "your-api-token" # or env var CDK_API_TOKEN or CDK_API_KEY
-  #admin_email    = "[email protected]" # or env var CDK_ADMIN_EMAIL
-  #admin_password = "admin-password"   # or env var CDK_ADMIN_PASSWORD
+  #admin_user     = "[email protected]" # or env var CDK_CONSOLE_USER or CDK_ADMIN_EMAIL or CDK_ADMIN_USER
+  #admin_password = "admin-password"   # or env var CDK_CONSOLE_PASSWORD or CDK_ADMIN_PASSWORD
+
+  # optional http client TLS configuration
+  cert     = file("path/to/cert.pem") # or env var CDK_CONSOLE_CERT or CDK_CERT
+  insecure = true                     # or env var CDK_CONSOLE_INSECURE or CDK_INSECURE
+
+  # optional authentication via certificate
+  key    = file("path/to/key.pem") # or env var CDK_CONSOLE_KEY or CDK_KEY
+  cacert = file("path/to/ca.pem")  # or env var CDK_CONSOLE_CA_CERT CDK_CA_CERT
+}
+```
+
+### Gateway client only
+
+```terraform
+provider "conduktor" {
+  mode = "gateway"
+  # mandatory gateway URL
+  base_url = "http://localhost:8888" # or env vars CDK_GATEWAY_BASE_URL or CDK_BASE_URL
+
+  # authentication with admin credentials
+  admin_user     = "admin"          # or env var CDK_GATEWAY_USER or CDK_ADMIN_USER
+  admin_password = "admin-password" # or env var CDK_GATEWAY_PASSWORD or CDK_ADMIN_PASSWORD
 
   # optional http client TLS configuration
-  cert     = file("path/to/cert.pem") # or env var CDK_CERT
-  insecure = true                     # or env var CDK_INSECURE
+  cert     = file("path/to/cert.pem") # or env var CDK_GATEWAY_CERT or CDK_CERT
+  insecure = true                     # or env var CDK_GATEWAY_INSECURE or CDK_INSECURE
 
   # optional authentication via certificate
-  key    = file("path/to/key.pem") # or env var CDK_KEY
-  cacert = file("path/to/ca.pem")  # or env var CDK_CA_CERT
+  key    = file("path/to/key.pem") # or env var CDK_GATEWAY_KEY or CDK_KEY
+  cacert = file("path/to/ca.pem")  # or env var CDK_GATEWAY_CACERT or CDK_CACERT
+}
+```
+
+### Multi client configuration using [terraform alias](https://developer.hashicorp.com/terraform/language/providers/configuration#alias-multiple-provider-configurations)
+
+```terraform
+provider "conduktor" {
+  alias    = "console"
+  mode     = "console"
+  base_url = "http://localhost:8080"
+
+  api_token = "your-api-token"
+  #admin_user     = "[email protected]"
+  #admin_password = "admin-password"
+
+  insecure = true
+}
+
+provider "conduktor" {
+  alias    = "gateway"
+  mode     = "gateway"
+  base_url = "http://localhost:8888"
+
+  admin_user     = "admin"
+  admin_password = "admin-password"
+
+  insecure = true
+}
+
+# And how to use them with example resources
+# NOTE: Console resources will be prefixed with console_ in the future to avoid confusion
+resource "conduktor_user_v2" "user" {
+  provider = conduktor.console
+  # ...
+}
+
+resource "conduktor_gateway_service_account_v2" "gateway_sa" {
+  provider = conduktor.gateway
+  # ...
 }
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
+### Required
+
+- `mode` (String) The mode that you would like to set for the terraform provider. May be set using environment variable `CDK_PROVIDER_MODE`. Can either be one of `console` or `gateway`
+
 ### Optional
 
-- `admin_email` (String) The email of the admin user. May be set using environment variable `CDK_ADMIN_EMAIL`. Required if admin_password is set. If not provided, the API token will be used to authenticate.
-- `admin_password` (String, Sensitive) The password of the admin user. May be set using environment variable `CDK_ADMIN_PASSWORD`. Required if admin_email is set. If not provided, the API token will be used to authenticater.
-- `api_token` (String, Sensitive) The API token to authenticate with the Conduktor API. May be set using environment variable `CDK_API_TOKEN` or `CDK_API_KEY`. If not provided, admin_email and admin_password will be used to authenticate. See [documentation](https://docs.conduktor.io/platform/reference/api-reference/#generate-an-api-key) for more information.
-- `cacert` (String) Root CA certificate in PEM format to verify the Conduktor Console certificate. May be set using environment variable `CDK_CACERT`. If not provided, the system's root CA certificates will be used.
-- `cert` (String) Cert in PEM format to authenticate using client certificates. May be set using environment variable `CDK_CERT`. Must be used with key. If key is provided, cert is required. Useful when Console is behind a reverse proxy with client certificate authentication.
-- `console_url` (String) The URL of the Conduktor Console. May be set using environment variable `CDK_BASE_URL` or `CDK_CONSOLE_URL`. Required either here or in the environment.
-- `gateway_cacert` (String) Root CA certificate in PEM format to verify the Conduktor Gateway certificate. May be set using environment variable `CDK_GATEWAY_CACERT`. If not provided, the system's root CA certificates will be used.
-- `gateway_cert` (String) Cert in PEM format to authenticate using client certificates. May be set using environment variable `CDK_GATEWAY_CERT`. Must be used with key. If key is provided, cert is required. Useful when Gateway is behind a reverse proxy with client certificate authentication.
-- `gateway_insecure` (Boolean) Skip TLS verification flag. May be set using environment variable `CDK_GATEWAY_INSECURE`.
-- `gateway_key` (String) Key in PEM format to authenticate using client certificates. May be set using environment variable `CDK_GATEWAY_KEY`. Must be used with cert. If cert is provided, key is required. Useful when Gateway is behind a reverse proxy with client certificate authentication.
-- `gateway_password` (String, Sensitive) The password of Gateway the admin user. May be set using environment variable `CDK_GATEWAY_PASSWORD`. Required if gateway_url is set.
-- `gateway_url` (String) The administration URL of the Conduktor Gateway. May also be set using environment variable `CDK_GATEWAY_BASE_URL`. Required either here or in the environment.
-- `gateway_user` (String) The login of a Gateway admin user. May be set using environment variable `CDK_GATEWAY_USER`. Required if gateway_url is set.
-- `insecure` (Boolean) Skip TLS verification flag. May be set using environment variable `CDK_INSECURE`.
-- `key` (String) Key in PEM format to authenticate using client certificates. May be set using environment variable `CDK_KEY`. Must be used with cert. If cert is provided, key is required. Useful when Console is behind a reverse proxy with client certificate authentication.
+- `admin_password` (String, Sensitive) The password of the admin user. May be set using environment variable `CDK_CONSOLE_PASSWORD` or `CDK_ADMIN_PASSWORD` for Console, `CDK_GATEWAY_PASSWORD` or `CDK_ADMIN_PASSWORD` for Gateway. Required if admin_email is set. If not provided, the API token will be used to authenticater.
+- `admin_user` (String) The login credentials of the admin user. May be set using environment variable `CDK_CONSOLE_USER`, `CDK_ADMIN_EMAIL` or `CDK_ADMIN_USER` for Console, `CDK_GATEWAY_USER` or `CDK_ADMIN_USER` for Gateway. Required if admin_password is set. If not provided and `mode` is Console, the API token will be used to authenticate.
+- `api_token` (String, Sensitive) The API token to authenticate with the Conduktor Console API. May be set using environment variable `CDK_API_TOKEN` or `CDK_API_KEY`. If not provided, admin_user and admin_password will be used to authenticate. See [documentation](https://docs.conduktor.io/platform/reference/api-reference/#generate-an-api-key) for more information. Not used if `mode` is Gateway.
+- `base_url` (String) The URL of either Conduktor Console or Gateway, depending on the `mode`. May be set using environment variable `CDK_CONSOLE_BASE_URL` or `CDK_BASE_URL` for Console, `CDK_GATEWAY_BASE_URL` or `CDK_BASE_URL` for Gateway. Required either here or in the environment.
+- `cacert` (String) Root CA certificate in PEM format to verify the Conduktor certificate. May be set using environment variable `CDK_CONSOLE_CACERT` or `CDK_CACERT` for Console, `CDK_GATEWAY_CACERT` or `CDK_CACERT` for Gateway. If not provided, the system's root CA certificates will be used.
+- `cert` (String) Cert in PEM format to authenticate using client certificates. May be set using environment variable `CDK_CONSOLE_CERT` or `CDK_CERT` for Console, `CDK_GATEWAY_CERT` or `CDK_CERT` for Gateway. Must be used with key. If key is provided, cert is required. Useful when Console is behind a reverse proxy with client certificate authentication.
+- `insecure` (Boolean) Skip TLS verification flag. May be set using environment variable `CDK_CONSOLE_INSECURE` or `CDK_INSECURE` for Console, `CDK_GATEWAY_INSECURE` or `CDK_INSECURE` for Gateway.
+- `key` (String) Key in PEM format to authenticate using client certificates. May be set using environment variable `CDK_CONSOLE_KEY` or `CDK_KEY` for Console, `CDK_GATEWAY_KEY` or `CDK_KEY` for Gateway. Must be used with cert. If cert is provided, key is required. Useful when Console is behind a reverse proxy with client certificate authentication.
 
 

examples/README.md

@@ -4,6 +4,8 @@ This directory contains examples that are mostly used for documentation, but can
 
 The document generation tool looks for files in the following locations by default. All other *.tf files besides the ones mentioned below are ignored by the documentation tool. This is useful for creating examples that can run and/or ar testable even if some parts are not relevant for the documentation.
 
-* **provider/provider.tf** example file for the provider index page
+* **provider/console_provider.tf** example file for the provider index page in console mode
+* **provider/gateway_provider.tf** example file for the provider index page in gateway mode
+* **provider/multi_provider.tf** example file for the provider index page in multi client configuration
 * **data-sources/`full data source name`/data-source.tf** example file for the named data source page
 * **resources/`full resource name`/resource.tf** example file for the named data source page

examples/provider/console_provider.tf

@@ -0,0 +1,18 @@
+provider "conduktor" {
+  mode = "console"
+  # mandatory console URL
+  base_url = "http://localhost:8080" # or env vars CDK_CONSOLE_BASE_URL or CDK_BASE_URL
+
+  # authentication either with api token or admin credentials
+  api_token = "your-api-token" # or env var CDK_API_TOKEN or CDK_API_KEY
+  #admin_user     = "[email protected]" # or env var CDK_CONSOLE_USER or CDK_ADMIN_EMAIL or CDK_ADMIN_USER
+  #admin_password = "admin-password"   # or env var CDK_CONSOLE_PASSWORD or CDK_ADMIN_PASSWORD
+
+  # optional http client TLS configuration
+  cert     = file("path/to/cert.pem") # or env var CDK_CONSOLE_CERT or CDK_CERT
+  insecure = true                     # or env var CDK_CONSOLE_INSECURE or CDK_INSECURE
+
+  # optional authentication via certificate
+  key    = file("path/to/key.pem") # or env var CDK_CONSOLE_KEY or CDK_KEY
+  cacert = file("path/to/ca.pem")  # or env var CDK_CONSOLE_CA_CERT CDK_CA_CERT
+}

examples/provider/gateway_provider.tf

@@ -0,0 +1,17 @@
+provider "conduktor" {
+  mode = "gateway"
+  # mandatory gateway URL
+  base_url = "http://localhost:8888" # or env vars CDK_GATEWAY_BASE_URL or CDK_BASE_URL
+
+  # authentication with admin credentials
+  admin_user     = "admin"          # or env var CDK_GATEWAY_USER or CDK_ADMIN_USER
+  admin_password = "admin-password" # or env var CDK_GATEWAY_PASSWORD or CDK_ADMIN_PASSWORD
+
+  # optional http client TLS configuration
+  cert     = file("path/to/cert.pem") # or env var CDK_GATEWAY_CERT or CDK_CERT
+  insecure = true                     # or env var CDK_GATEWAY_INSECURE or CDK_INSECURE
+
+  # optional authentication via certificate
+  key    = file("path/to/key.pem") # or env var CDK_GATEWAY_KEY or CDK_KEY
+  cacert = file("path/to/ca.pem")  # or env var CDK_GATEWAY_CACERT or CDK_CACERT
+}

examples/provider/multi_provider.tf

@@ -0,0 +1,34 @@
+provider "conduktor" {
+  alias    = "console"
+  mode     = "console"
+  base_url = "http://localhost:8080"
+
+  api_token = "your-api-token"
+  #admin_user     = "[email protected]"
+  #admin_password = "admin-password"
+
+  insecure = true
+}
+
+provider "conduktor" {
+  alias    = "gateway"
+  mode     = "gateway"
+  base_url = "http://localhost:8888"
+
+  admin_user     = "admin"
+  admin_password = "admin-password"
+
+  insecure = true
+}
+
+# And how to use them with example resources
+# NOTE: Console resources will be prefixed with console_ in the future to avoid confusion
+resource "conduktor_user_v2" "user" {
+  provider = conduktor.console
+  # ...
+}
+
+resource "conduktor_gateway_service_account_v2" "gateway_sa" {
+  provider = conduktor.gateway
+  # ...
+}