Merge branch 'main' into stateful-set-update

.changelog/2306.txt

@@ -0,0 +1,3 @@
+```release-note:feature
+New data source: `kubernetes_server_version`
+```

.changelog/2417.txt

@@ -0,0 +1 @@
+`persistent_volume_v1`: Support PersistentVolumeLastPhaseTransitionTime feature gate in persistent volume status. 

.changelog/2488.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+`resource/kubernetes_persistent_volume_v1`: support `ReadWriteOncePod` access mode for PVs
+```

.changelog/2494.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+`resource/resource_kubernetes_network_policy_v1`: add support for `end_port`
+```

.changelog/2559.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+`resource/kubernetes_certificate_signing_request_v1`: Add argument `spec.expiration_seconds`
+```

.github/workflows/acceptance_test_dfa.yaml

@@ -16,6 +16,7 @@ on:
 
 jobs:
   acceptance_tests:
+    if: ${{ github.repository_owner == 'hashicorp' }}
     runs-on: custom-linux-medium
     steps:
       - name: Checkout repository
@@ -27,6 +28,6 @@ jobs:
       - name: Run Tests
         env:
           TF_ACC: 1
-          TF_ACC_TERRAFORM_VERSION: ${{ github.event.inputs.terraformVersion || vars.TERRAFORM_VERSION_EXP }}
+          TF_ACC_TERRAFORM_VERSION: ${{ github.event.inputs.terraformVersion || '1.9.0-alpha20240516' }}
         run: |
           go test -v -run '^TestAccKubernetesDeferredActions' ./kubernetes/test-dfa

.github/workflows/acceptance_tests_aks.yaml

@@ -38,6 +38,7 @@ env:
 
 jobs:
   acceptance_tests_aks:
+    if: ${{ github.repository_owner == 'hashicorp' }}
     runs-on: custom-linux-medium
     steps:
       - name: Checkout repository

.github/workflows/acceptance_tests_eks.yaml

@@ -43,6 +43,7 @@ env:
 
 jobs:
   acceptance_tests_eks:
+    if: ${{ github.repository_owner == 'hashicorp' }}
     runs-on: custom-linux-medium
     steps:
       - name: Checkout repository

.github/workflows/acceptance_tests_gke.yaml

@@ -44,6 +44,7 @@ env:
 
 jobs:
   acceptance_tests_gke:
+    if: ${{ github.repository_owner == 'hashicorp' }}
     runs-on: custom-linux-medium
     steps:
       - name: Checkout repository

.github/workflows/acceptance_tests_kind.yaml

@@ -26,12 +26,13 @@ on:
 
 env:
   KUBECONFIG: ${{ github.workspace }}/.kube/config
-  KIND_VERSION: ${{ github.event.inputs.kindVersion || vars.KIND_VERSION }}
-  PARALLEL_RUNS: ${{ github.event.inputs.parallelRuns || vars.PARALLEL_RUNS }}
-  TERRAFORM_VERSION: ${{ github.event.inputs.terraformVersion || vars.TERRAFORM_VERSION }}
+  KIND_VERSION: ${{ github.event.inputs.kindVersion || vars.KIND_VERSION || '0.23.0' }}
+  PARALLEL_RUNS: ${{ github.event.inputs.parallelRuns || vars.PARALLEL_RUNS || '8' }}
+  TERRAFORM_VERSION: ${{ github.event.inputs.terraformVersion || vars.TERRAFORM_VERSION || '1.9.2' }}
 
 jobs:
   acceptance_tests_kind:
+    if: ${{ github.repository_owner == 'hashicorp' }}
     runs-on: custom-linux-medium
     steps:
       - name: Checkout repository

.github/workflows/documentation-check.yaml

@@ -0,0 +1,42 @@
+name: "Documentation Updates"
+
+on:
+    pull_request:
+      paths:
+        - 'docs/**'
+      types: [opened, synchronize, labeled]       
+
+    push:
+      branches:
+        - main
+
+jobs:
+    check-docs:
+      runs-on: ubuntu-latest
+
+      if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-documentation') }}
+
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+
+        - name: Set up Go
+          uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+          with:
+            go-version-file: 'go.mod'
+
+        - name: Install tfplugindocs command
+          run: go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest
+
+        - name: Run tfplugindocs command
+          run: tfplugindocs generate
+
+        - name: Check for changes
+          run: |
+            git diff --exit-code
+  
+        - name: Undocumented changes 
+          run: |
+            echo "Documentation is not up to date. Please refer to the `Making Changes` in the Contribution Guide on how to properly update documentation."
+            exit 1
+          if: failure()

.github/workflows/issue-opened.yml

@@ -33,7 +33,7 @@ jobs:
                   ["Alex Somesan", "alexsomesan"],
                   ["Alex Pilon", "appilon"],
                   ["John Houston", "jrhouston"],
-                  ["Aleksandr Rybolovlev", "arybolovlev"],
+                  ["Sacha Rybolovlev", "arybolovlev"],
                 ]);
 
               let resp = await pd.get('oncalls?escalation_policy_ids%5B%5D=PH8IF3M')

.github/workflows/manifest_acc.yaml

@@ -28,6 +28,8 @@ jobs:
       matrix:
         kubernetes_version:
           # kind images: https://github.com/kubernetes-sigs/kind/releases
+          - v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e
+          - v1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0
           - v1.26.6@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1
           - v1.25.11@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315
           - v1.23.15@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61

.github/workflows/release.yaml

@@ -25,7 +25,7 @@ jobs:
   terraform-provider-release:
     name: 'Terraform Provider Release'
     needs: [release-notes]
-    uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/hashicorp.yml@v3.0.1
+    uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/hashicorp.yml@v4.0.1
     secrets:
       hc-releases-key-prod: '${{ secrets.HC_RELEASES_KEY_PROD }}'
       hc-releases-key-staging: '${{ secrets.HC_RELEASES_KEY_STAGING }}'

.markdownlint.yml

@@ -16,9 +16,11 @@ MD010: false
 MD012: false
 MD013: false
 MD014: false
+MD018: false
 MD022: false
 MD024: false
 MD029: false
+MD032: false
 MD033: false
 MD034: false
 MD037: false

_about/CONTRIBUTING.md

@@ -1,71 +1,122 @@
-## Developing the provider
+# Contributor Guide
 
-Thank you for your interest in contributing to the Kubernetes provider. We welcome your contributions. Here you'll find information to help you get started with provider development.
+Thank you for your interest in contributing to the Kubernetes provider. We welcome your contributions. Here, you'll find information to help you get started with provider development.
 
-## Documentation
+If you want to learn more about developing a Terraform provider, please refer to the [Plugin Development documentation](https://developer.hashicorp.com/terraform/plugin).
 
-Our [provider development documentation](https://www.terraform.io/docs/extend/) provides a good start into developing an understanding of provider development. It's the best entry point if you are new to contributing to this provider.
+## Configuring Environment
 
-To learn more about how to create issues and pull requests in this repository, and what happens after they are created, you may refer to the resources below:
-- [Issue creation and lifecycle](ISSUES.md)
-- [Pull Request creation and lifecycle](PULL_REQUESTS.md)
+1. Install Golang
 
+    [Install](https://go.dev/doc/install) the version of Golang as indicated in the [go.mod](../go.mod) file.
 
-## Building the provider
+1. Fork this repo
 
-Clone repository to: `$GOPATH/src/github.com/hashicorp/terraform-provider-kubernetes`
+    [Fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) the provider repository and clone it on your computer.
 
-```sh
-$ mkdir -p $GOPATH/src/github.com/hashicorp; cd $GOPATH/src/github.com/hashicorp
-$ git clone [email protected]:hashicorp/terraform-provider-kubernetes
-```
+    Here is an example of how to clone this repository and switch to the directory:
 
-Enter the provider directory and build the provider
+    ```console
+    $ git clone https://github.com/<YOUR-USERNAME>/terraform-provider-kubernetes.git
+    $ cd terraform-provider-kubernetes
+    ```
 
-```sh
-$ cd $GOPATH/src/github.com/hashicorp/terraform-provider-kubernetes
-$ make build
-```
+    From now on, we are going to assume that you have a copy of the repository on your computer and work within the `terraform-provider-kubernetes` directory.
 
-Statically linking binaries can be required for testing development builds in containers not providing all dependencies, e.g.:
+1. Prepare a Kubernetes Cluster
 
-```
-# CGO_ENABLED=0 go build -a -ldflags '-extldflags "-static"'
-```
+    While our preference is to use [KinD](https://kind.sigs.k8s.io/) for setting up a Kubernetes cluster for development and test purposes, feel free to opt for the solution that best suits your preferences. Please bear in mind that some acceptance tests might require specific cluster settings, which we maintain in the KinD [configuration file](../.github/config/acceptance_tests_kind_config.yaml).
+
+    Here is an example of how to provision a Kubernetes cluster using the configuration file:
+
+    ```console
+    $ kind create cluster --config=./.github/config/acceptance_tests_kind_config.yaml
+    ```
+
+    KinD comes with a default Node image version that depends on the KinD version and thus might not be always the one you want to use. The above command can be extended with the `--image` option to spin up a particular Kubernetes version:
+
+    ```console
+    $ kind create cluster \
+      --config=./.github/config/acceptance_tests_kind_config.yaml \
+      --image kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31
+    ```
+
+    Refer to the KinD [releases](https://github.com/kubernetes-sigs/kind/releases) to get the right image.
+
+    From now on, we are going to assume that the Kubernetes configuration is stored in the `$HOME/.kube/config` file, and the current context is set to a newly created KinD cluster.
+
+    Once the Kubernetes cluster is up and running, we strongly advise you to run acceptance tests before making any changes to ensure they work with your setup. Please refer to the [Testing](#testing) section for more details.
 
-## Contributing to the provider
 
-### Contributing Resources
+## Making Changes
 
-In order to prevent breaking changes and migration of user-created resources, resources included in this provider will be limited to stable (aka `v1`) and beta APIs (with beta resources, readiness for inclusion will be assessed individually). You can find `v1` resources in the Kubernetes [API documentation](https://kubernetes.io/docs/reference/#api-reference) for the appropriate version of Kubernetes.
+### Adding a New Resource
 
-### Development Environment
+This quick guide covers best practices for adding a new Resource. 
 
-If you wish to work on the provider, you'll first need [Go](http://www.golang.org) installed on your machine (version 1.9+ is *required*). You'll also need to correctly setup a [GOPATH](http://golang.org/doc/code.html#GOPATH), as well as adding `$GOPATH/bin` to your `$PATH`.
+1. Ensure all dependncies are installed.
+1. Add an SDK Client. 
+1. Add Resource Schema and define attributes [see Kubernetes Documentation](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs). A best and recommended practice is reuse constants from the Kuberentes packages as a default value in an attribute or within a validation function. 
+1. Scaffold an empty/new resource.
+1. Add Acceptance Tests(s) for the resource.
+1. Run Acceptance Tests(s) for this resource. 
+1. Add Documentation for this resource by editing the `.md.tmpl` file to include the appropriate [Data Fields](https://pkg.go.dev/text/template) and executing `tfplugindocs generate` command [see Terraform PluginDocs](https://github.com/hashicorp/terraform-plugin-docs#data-fields) then inspecting the corresponding `.md` file in the `/docs` to see all changes. The Data Fields that are currently apart of the templates are those for the Schema ({{ .SchemaMarkdown }}), Name ({{ .Name }}) and ({{ .Description }}).
+1. Execute `make docs-lint` and `make tests-lint` commands 
+1. Create a Pull Request for your changes. 
 
-To compile the provider, run `make build`. This will build the provider and put the provider binary in the `$GOPATH/bin` directory.
+### Adding a New Data Source
 
-```sh
-$ make build
-...
-$ $GOPATH/bin/terraform-provider-kubernetes
-...
+1. Ensure all dependncies are installed.
+1. Add an SDK Client. 
+1. Add Data Source Schema and define attributes [see Kubernetes Documentation](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs).
+A best and recommended practice is reuse constants from the Kuberentes packages as a default value in an attribute or within a validation function. 
+1. Scaffold an empty/new resource.
+1. Add Acceptance Tests(s) for the data source.
+1. Run Acceptance Tests(s) for this data source. 
+1. Add Documentation for this data source by editing the `.md.tmpl` file to include the appropriate [Data Fields](https://pkg.go.dev/text/template) and executing `tfplugindocs generate` command [see Terraform PluginDocs](https://github.com/hashicorp/terraform-plugin-docs#data-fields) then inspecting the corresponding `.md` file in the `/docs` to see all changes. The Data Fields that are currently apart of the templates are those for the Schema ({{ .SchemaMarkdown }}), Name ({{ .Name }}) and ({{ .Description }}).    
+1. Execute `make docs-lint` and `make tests-lint` commands 
+1. Create a Pull Request for your changes. 
+
+### Adding/Editing Documentation
+All Documentation is edited in the `.md.tmpl` file. Please note that the `tfplugindocs generate` command should be executed to ensure it is updated and reflected in the `.md` files. 
+
+## Testing
+
+The Kubernetes provider includes two types of tests: [unit](https://developer.hashicorp.com/terraform/plugin/sdkv2/testing/unit-testing) tests and [acceptance](https://developer.hashicorp.com/terraform/plugin/sdkv2/testing/acceptance-tests) tests.
+
+Before running any tests, make sure that the `KUBE_CONFIG_PATH` environment variable points to the Kubernetes configuration file:
+
+```console
+$ export KUBE_CONFIG_PATH=$HOME/.kube/config
 ```
 
-In order to test the provider, you can simply run `make test`.
+The following commands demonstrate how to run unit and acceptance tests respectively.
 
-```sh
-$ make test
+```console
+$ make test # unit tests
+$ make testacc TESTARGS="-run ^TestAcc" # acceptance tests
 ```
 
-In order to run the full suite of Acceptance tests, run `make testacc`.
+1. Run existing tests
+1. Write/Update tests
+1. Run tests with new changes
 
-*Note:* Acceptance tests create real resources, and often cost money to run.
+## Updating changelog
 
-```sh
-$ make testacc
-```
+A PR that is merged may or may not be added to the changelog. Not every change should be in the changelog since they don't affect users directly. Some instances of PRs that could be excluded are:
+
+- unit and acceptance tests fixes
+- minor documentation changes
+
+However, PRs of the following categories should be added to the appropriate section:
+
+* `FEATURES` 
+* `ENHANCEMENTS`
+* `MAJOR BUG FIXES`
+
+Please refer to our [ChangeLog Guide](../CHANGELOG_GUIDE.md).
+
+## Creating & Submiting a PR
 
-### Tests
+Please refer to this [guide](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork).
 
-In general, adding test coverage (unit tests and acceptance tests) to new features or bug fixes in your PRs, and sharing the logs of a successful test run on your branch will greatly speed up the acceptance of your PR. Most of our tests can be run against a `kind` cluster, so no additional infrastructure is required.

docs/data-sources/all_namespaces.md

@@ -7,9 +7,17 @@ description: |-
 
 # kubernetes_all_namespaces
 
-This data source provides a mechanism for listing the names of all available namespaces in a Kubernetes cluster. It can be used to check for existence of a specific namespaces or to apply another resource to all or a subset of existing namespaces in a cluster.
+This data source provides a mechanism for listing the names of all available namespaces in a Kubernetes cluster. It can be used to check for existence of a specific namespaces or to apply another resource to all or a subset of existing namespaces in a cluster.In Kubernetes, namespaces provide a scope for names and are intended as a way to divide cluster resources between multiple users. 
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `namespaces` (List of String) List of all namespaces in a cluster.
+
 
-In Kubernetes, namespaces provide a scope for names and are intended as a way to divide cluster resources between multiple users.
 
 ## Example Usage
 

docs/data-sources/config_map.md

@@ -5,10 +5,46 @@ description: |-
   This data source reads configuration data from a config map.
 ---
 
-# kubernetes_config map
+# kubernetes_config_map
 
 Config Maps are key-value pairs containing configuration data. The Config Map data source provides a mechanism for extracting these key-value pairs.
 
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `metadata` (Block List, Min: 1, Max: 1) Standard config_map's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata (see [below for nested schema](#nestedblock--metadata))
+
+### Optional
+
+- `immutable` (Boolean) Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.
+
+### Read-Only
+
+- `binary_data` (Map of String) A map of the config map binary data.
+- `data` (Map of String) A map of the config map data.
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--metadata"></a>
+### Nested Schema for `metadata`
+
+Optional:
+
+- `annotations` (Map of String) An unstructured key value map stored with the config_map that may be used to store arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+- `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the config_map. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+- `name` (String) Name of the config_map, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+- `namespace` (String) Namespace defines the space within which name of the config_map must be unique.
+
+Read-Only:
+
+- `generation` (Number) A sequence number representing a specific generation of the desired state.
+- `resource_version` (String) An opaque value that represents the internal version of this config_map that can be used by clients to determine when config_map has changed. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+- `uid` (String) The unique in time and space value for this config_map. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+
+
+
 ~> **Note:** All arguments including the config map data will be stored in the raw state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
 
 ## Example Usage