terraform-provider-kafka icon indicating copy to clipboard operation
terraform-provider-kafka copied to clipboard

Published 20 hours ago verified publisher icon Mongey

Getting DEPRECATED messages when using environment variables for provider

Open Constantin07 opened this issue 5 years ago • 3 comments
trafficstars

I'm using environment variables to pass credentials to Kafka provider, e.g.

KAFKA_CA_CERT - The CA certificate
KAFKA_CLIENT_CERT - The client certificate
KAFKA_CLIENT_KEY - The private key of client

Provider configuration :

provider "kafka" {
  version           = "0.2.4"
  bootstrap_servers = split(",", data.aws_msk_cluster.this.bootstrap_brokers_tls)
  tls_enabled       = true
  skip_tls_verify   = false
}

when I ran the plan I get this:

Warning: "ca_cert_file": [DEPRECATED] This parameter is now deprecated and will be removed in a later release, please use `ca_cert` instead.

Warning: "client_cert_file": [DEPRECATED] This parameter is now deprecated and will be removed in a later release, please use `client_cert` instead.

Warning: "client_key_file": [DEPRECATED] This parameter is now deprecated and will be removed in a later release, please use `client_key` instead.

This is confusing as I'm not using the configuration parameters in provider - neither old names nor new ones.

Looks like this is happening because both old and new config parameters are mapped to the same environment variables, e.g.

Is it supposed to work like that ?

Constantin07 avatar Mar 24 '20 16:03 Constantin07

What's strange - if I deploy kafka_acls resources - I don't get those warning but if I deploy topics - I do.

Constantin07 avatar Mar 24 '20 17:03 Constantin07

Looks like this is happening because both old and new config parameters are mapped to the same environment variables

Specifically:

  • ca_cert_file is deprecated and reads from the KAFKA_CA_CERT env var
  • Per the deprecation we should use ca_cert instead, but this also reads from KAFKA_CA_CERT

So if you set KFAKA_CA_CERT I guess both get set, resulting in a deprecation warning from ca_cert_file.

I wonder if this can be avoided by adding another env var for ca_cert (the naming is a bit unfortunate, since the deprecated var already makes use of KAFKA_CA_CERT which is what ca_cert would naturally map to):

diff --git a/kafka/provider.go b/kafka/provider.go
index 58fcabb..770380d 100644
--- a/kafka/provider.go
+++ b/kafka/provider.go
@@ -40,7 +40,7 @@ func Provider() *schema.Provider {
                        "ca_cert": {
                                Type:        schema.TypeString,
                                Optional:    true,
-                               DefaultFunc: schema.EnvDefaultFunc("KAFKA_CA_CERT", nil),
+                               DefaultFunc: schema.MultiEnvDefaultFunc([]string{"KAFKA_CA_CERT", "KAFKA_CA_CERT_FILE"}, nil),
                                Description: "CA certificate file to validate the server's certificate.",
                        },
                        "client_cert": {

EDIT: and further, the same issue for:

  • the env var KAFKA_CLIENT_KEY which is shared between client_key and the deprecated client_key_file, and
  • the env var KAFKA_CLIENT_CERT which is shared between client_cert and the deprecated client_cert_file

matthewhughes-uw avatar Mar 27 '24 15:03 matthewhughes-uw