internal/provider: add SCYLLADB_CLOUD_TOKEN env (#157)

This PR adds support for reading the SCYLLADB_CLOUD_TOKEN env var. This makes it possible to pass authentication token via env, and not require to always embed it in the terraform file. This makes it possible to just define scylladb_cloud provider as just: provider "scylladbcloud" { } and pass the token with terraform execution or store it in .envrc file. Even-though the token is marked as optional now, the behavior of failing the provider init is preserved via the ValidateDiagFunc: ╷ │ Error: token is required │ │ with provider["registry.terraform.io/scylladb/scylladbcloud"], │ on main.tf line 9, in provider "scylladbcloud": │ 9: provider "scylladbcloud" { } │ │ A token must be provided to authenticate with the Scylla Cloud API.
scylladb · Jul 11, 2024 · aca8656 · aca8656
1 parent 7017d3c
commit aca8656
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 11 deletions.
diff --git a/docs/index.md b/docs/index.md
@@ -3,13 +3,13 @@
 page_title: "scylladbcloud Provider"
 subcategory: ""
 description: |-
-  
+
 ---
 
 # ScyllaDB Cloud Provider
 
 This provider allows you to manage [ScyllaDB Cloud](https://cloud.scylladb.com/) resources using Terraform.
-You must configure the provider with proper credentials before you can use it. See 
+You must configure the provider with proper credentials before you can use it. See
 [Obtaining an API Key](https://cloud.docs.scylladb.com/stable/api-docs/api-get-started.html#obtaining-an-api-key-beta) for instructions on getting an API access token.
 
 Use the navigation menu on the left to read about the available data sources and resources.
@@ -32,12 +32,16 @@ provider "scylladbcloud" {
 }
 ```
 
+### Environment Variables
+
+Authentication token can be provided by using the `SCYLLADB_CLOUD_TOKEN` environment variable.
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- `token` (String, Sensitive) Bearer token used to authenticate with the API.
+- `token` (String, Sensitive) Bearer token used to authenticate with the API. If not provided, the `SCYLLADB_CLOUD_TOKEN` environment variable is used.
 
 ### Optional
 

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -3,6 +3,7 @@ package provider
 import (
 	"context"
 	"net/url"
+	"os"
 	"runtime"
 
 	"github.com/scylladb/terraform-provider-scylladbcloud/internal/provider/allowlistrule"
@@ -15,28 +16,45 @@ import (
 
 	"github.com/scylladb/terraform-provider-scylladbcloud/internal/scylla"
 
+	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
-var defaultEndpoint = &url.URL{
-	Scheme: "https",
-	Host:   "api.cloud.scylladb.com",
+var defaultEndpoint = "https://api.cloud.scylladb.com"
+
+func envToken() string {
+	return os.Getenv("SCYLLADB_CLOUD_TOKEN")
+}
+
+func envEndpoint() string {
+	return os.Getenv("SCYLLADB_CLOUD_ENDPOINT")
 }
 
-func New(_ context.Context) (*schema.Provider, error) {
+func New(context.Context) (*schema.Provider, error) {
 	p := &schema.Provider{
 		Schema: map[string]*schema.Schema{
 			"endpoint": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Default:     defaultEndpoint.String(),
+				Default:     nonempty(envEndpoint(), defaultEndpoint),
 				Description: "URL of the Scylla Cloud endpoint.",
 			},
 			"token": {
-				Type:        schema.TypeString,
-				Required:    true,
-				Sensitive:   true,
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+				Default:   envToken(),
+				ValidateDiagFunc: func(v any, _ cty.Path) diag.Diagnostics {
+					if tok, ok := v.(string); !ok || tok == "" {
+						return diag.Diagnostics{{
+							Severity: diag.Error,
+							Summary:  "token is required",
+							Detail:   "A token must be provided to authenticate with the Scylla Cloud API.",
+						}}
+					}
+					return nil
+				},
 				Description: "Bearer token used to authenticate with the API.",
 			},
 		},
@@ -101,3 +119,13 @@ func userAgent(tfVersion string) string {
 
 	return "Terraform/0.11+compatible (" + sysinfo + ")"
 }
+
+func nonempty[T comparable](t ...T) T {
+	var zero T
+	for _, v := range t {
+		if v != zero {
+			return v
+		}
+	}
+	return zero
+}