Merge pull request #182 from ulucinar/fix-tj-261

Switch to shared gRPC server implementation

cluster/images/provider-jet-aws-controller/Dockerfile

@@ -41,6 +41,7 @@ ADD provider /usr/local/bin/crossplane-provider
 ENV TERRAFORM_VERSION ${TERRAFORM_VERSION}
 ENV TERRAFORM_PROVIDER_SOURCE ${TERRAFORM_PROVIDER_SOURCE}
 ENV TERRAFORM_PROVIDER_VERSION ${TERRAFORM_PROVIDER_VERSION}
+ENV TERRAFORM_NATIVE_PROVIDER_PATH ${PLUGIN_DIR}/${TERRAFORM_PROVIDER_DOWNLOAD_NAME}_v${TERRAFORM_PROVIDER_VERSION}_x5
 ENV TF_APPEND_USER_AGENT crossplane-provider-jet-aws/${CROSSPLANE_PROVIDER_VERSION}
 
 USER ${USER_ID}

cmd/provider/main.go

@@ -47,14 +47,15 @@ import (
 
 func main() {
 	var (
-		app              = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars()
-		debug            = app.Flag("debug", "Run with debug logging.").Short('d').Bool()
-		syncPeriod       = app.Flag("sync", "Controller manager sync period such as 300ms, 1.5h, or 2h45m").Short('s').Default("1h").Duration()
-		leaderElection   = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool()
-		terraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String()
-		providerSource   = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String()
-		providerVersion  = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String()
-		maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may checked for drift from the desired state.").Default("10").Int()
+		app                = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars()
+		debug              = app.Flag("debug", "Run with debug logging.").Short('d').Bool()
+		syncPeriod         = app.Flag("sync", "Controller manager sync period such as 300ms, 1.5h, or 2h45m").Short('s').Default("1h").Duration()
+		leaderElection     = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool()
+		terraformVersion   = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String()
+		providerSource     = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String()
+		providerVersion    = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String()
+		nativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String()
+		maxReconcileRate   = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may checked for drift from the desired state.").Default("10").Int()
 
 		namespace                  = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String()
 		enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool()
@@ -86,6 +87,17 @@ func main() {
 	kingpin.FatalIfError(err, "Cannot create controller manager")
 	kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme")
 
+	// if the native Terraform provider plugin's path is not configured via
+	// the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or
+	// the `--terraform-native-provider-path` command-line option,
+	// we do not use the shared gRPC server and default to the regular
+	// Terraform CLI behaviour (of forking a plugin process per invocation).
+	// This removes some complexity for setting up development environments.
+	var runner terraform.ProviderRunner = terraform.NewNoOpProviderRunner()
+	if len(*nativeProviderPath) != 0 {
+		runner = terraform.NewSharedProvider(log, *nativeProviderPath, "registry.terraform.io/"+*providerSource)
+	}
+
 	o := tjcontroller.Options{
 		Options: xpcontroller.Options{
 			Logger:                  log,
@@ -95,7 +107,7 @@ func main() {
 			Features:                &feature.Flags{},
 		},
 		Provider:       config.GetProvider(),
-		WorkspaceStore: terraform.NewWorkspaceStore(log),
+		WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithProviderRunner(runner)),
 		SetupFn:        clients.TerraformSetupBuilder(*terraformVersion, *providerSource, *providerVersion),
 	}
 

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/crossplane/crossplane-runtime v0.15.1-0.20220315141414-988c9ba9c255
 	github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e
 	github.com/crossplane/provider-aws v0.23.0
-	github.com/crossplane/terrajet v0.4.0-rc.0.0.20220325143246-6142eefbcf5b
+	github.com/crossplane/terrajet v0.4.0-rc.0.0.20220421012850-4f9db892a4ae
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.7.0
 	github.com/pkg/errors v0.9.1
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6

go.sum

@@ -212,8 +212,8 @@ github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e h1:HqL
 github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e/go.mod h1:xFf30hwHd5n0/a0D4ZomId8nxQTTjE0Hc1j4/rWxefc=
 github.com/crossplane/provider-aws v0.23.0 h1:PK5SfgEYY4mu/BrP+AkH5jRG/B/XYF06E+k55NdX6f4=
 github.com/crossplane/provider-aws v0.23.0/go.mod h1:+seFgtg4gbUEhtdYPD7xqlNKkLncGcUFwU/nU2uOM8Y=
-github.com/crossplane/terrajet v0.4.0-rc.0.0.20220325143246-6142eefbcf5b h1:/tYXJht21yzbR0vLEYMGYv01KIPGMYE6kk4c+17ByTY=
-github.com/crossplane/terrajet v0.4.0-rc.0.0.20220325143246-6142eefbcf5b/go.mod h1:PY1geRNxxNXs2RFhGC36N7dDu3wZPhUZmAk6c4gQxAI=
+github.com/crossplane/terrajet v0.4.0-rc.0.0.20220421012850-4f9db892a4ae h1:16m4myvQjkUxx8Rai4CePbrjKZnivLPD8VQ++J8HRyU=
+github.com/crossplane/terrajet v0.4.0-rc.0.0.20220421012850-4f9db892a4ae/go.mod h1:PY1geRNxxNXs2RFhGC36N7dDu3wZPhUZmAk6c4gQxAI=
 github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw=
 github.com/dave/jennifer v1.4.1/go.mod h1:7jEdnm+qBcxl8PC0zyp7vxcpSRnzXSt9r39tpTVGlwA=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

internal/clients/aws.go

@@ -1,8 +1,23 @@
+/*
+Copyright 2022 The Crossplane Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package clients
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 
@@ -21,12 +36,10 @@ import (
 )
 
 const (
-	// AWS credentials environment variable names
-	envSessionToken    = "AWS_SESSION_TOKEN"
-	envAccessKeyID     = "AWS_ACCESS_KEY_ID"
-	envSecretAccessKey = "AWS_SECRET_ACCESS_KEY"
-
-	fmtEnvVar = "%s=%s"
+	// Terraform provider configuration keys for AWS credentials
+	keySessionToken    = "token"
+	keyAccessKeyID     = "access_key"
+	keySecretAccessKey = "secret_key"
 )
 
 // TerraformSetupBuilder returns Terraform setup with provider specific
@@ -113,14 +126,11 @@ func TerraformSetupBuilder(version, providerSource, providerVersion string) terr
 			tfCfg["skip_region_validation"] = true
 		}
 
+		// provider configuration for credentials
+		tfCfg[keyAccessKeyID] = creds.AccessKeyID
+		tfCfg[keySecretAccessKey] = creds.SecretAccessKey
+		tfCfg[keySessionToken] = creds.SessionToken
 		ps.Configuration = tfCfg
-		// set credentials environment
-		ps.Env = []string{
-			fmt.Sprintf(fmtEnvVar, envAccessKeyID, creds.AccessKeyID),
-			fmt.Sprintf(fmtEnvVar, envSecretAccessKey, creds.SecretAccessKey),
-			fmt.Sprintf(fmtEnvVar, envSessionToken, creds.SessionToken),
-		}
-
 		return ps, err
 	}
 }