From 03a763596bd160b42c2e9a34fdd5fe5e445ea067 Mon Sep 17 00:00:00 2001
From: Hugo Fonseca <hugo.fonseca@talkdesk.com>
Date: Wed, 13 May 2020 23:04:00 +0100
Subject: [PATCH 1/3] Fix OpenFaaS client authentication to use authentication
 from Terraform provider initialization

Currently, this provider was accepting `user_name` and `password` in Terraform provider initialization, but there is no reference in the code that uses it to instantiate the OpenFaaS client.

This commit adds a credentials chain so it tries to get the authentication in the following order:

1. Authentication with basic-auth using username and password from Terraform provider initialization
2. Authentication with basic-auth using OpenFaaS config file created from `faas-cli login`
3. Authentication with token using OpenFaaS config file created from `faas-cli login`

Also, adds a few log messages to help understand which credential is choosen from the chain.
---
 openfaas/provider.go | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/openfaas/provider.go b/openfaas/provider.go
index 19fcbe5..1b42729 100644
--- a/openfaas/provider.go
+++ b/openfaas/provider.go
@@ -2,13 +2,14 @@ package openfaas
 
 import (
 	"crypto/tls"
-	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
-	"github.com/hashicorp/terraform-plugin-sdk/terraform"
 	"log"
 	"net"
 	"net/http"
 	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+
 	"github.com/openfaas/faas-cli/config"
 	"github.com/openfaas/faas-cli/proxy"
 )
@@ -65,7 +66,9 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	log.Printf("[DEBUG] configuring provider")
 
 	gatewayURI := d.Get("uri").(string)
-	auth := newCLIAuth("", gatewayURI)
+	username := d.Get("user_name").(string)
+	password := d.Get("password").(string)
+	auth := newAuthChain(username, password, "", gatewayURI)
 	insecure := d.Get("tls_insecure").(bool)
 	transport := GetDefaultCLITransport(insecure, &defaultTimeout)
 	client := proxy.NewClient(auth, gatewayURI, transport, &defaultTimeout)
@@ -77,6 +80,21 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	return providerConfig, nil
 }
 
+func newAuthChain(username, password, token, gateway string) proxy.ClientAuth {
+	if username != "" && password != "" {
+		log.Print("[DEBUG] configuring basic-auth authentication from Terraform provider credentials")
+
+		return &BasicAuth{
+			username: username,
+			password: password,
+		}
+	}
+
+	log.Print("[DEBUG] empty Terraform provider credentials - falling back to OpenFaaS configuration file")
+	return newCLIAuth(token, gateway)
+
+}
+
 func newCLIAuth(token string, gateway string) proxy.ClientAuth {
 	authConfig, _ := config.LookupAuthConfig(gateway)
 
@@ -87,6 +105,7 @@ func newCLIAuth(token string, gateway string) proxy.ClientAuth {
 	)
 
 	if authConfig.Auth == config.BasicAuthType {
+		log.Printf("[DEBUG] configuring basic-auth authentication")
 		username, password, _ = config.DecodeAuth(authConfig.Token)
 
 		return &BasicAuth{
@@ -97,6 +116,7 @@ func newCLIAuth(token string, gateway string) proxy.ClientAuth {
 	}
 
 	// User specified token gets priority
+	log.Printf("[DEBUG] configuring token authentication")
 	if len(token) > 0 {
 		bearerToken = token
 	} else {

From 32b0af77359e938fb52d442dab74bc6392248b1c Mon Sep 17 00:00:00 2001
From: Hugo Fonseca <hugo.fonseca@talkdesk.com>
Date: Wed, 13 May 2020 23:08:58 +0100
Subject: [PATCH 2/3] Fix the update of an existing function

Without this flag, it will try to create a new function, which is not allowed since the Deployment name will be the same.
---
 openfaas/structure.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openfaas/structure.go b/openfaas/structure.go
index 88ab8f8..07c148b 100644
--- a/openfaas/structure.go
+++ b/openfaas/structure.go
@@ -11,6 +11,7 @@ func expandDeploymentSpec(d *schema.ResourceData, name string) *proxy.DeployFunc
 	deploySpec := &proxy.DeployFunctionSpec{
 		FunctionName: name,
 		Image:        d.Get("image").(string),
+		Update:       true,
 	}
 
 	if v, ok := d.GetOk("network"); ok {

From 0b5b5fc89cb17674d1370a2c83a15e0bd9bcb542 Mon Sep 17 00:00:00 2001
From: Hugo Fonseca <hugo.fonseca@talkdesk.com>
Date: Wed, 13 May 2020 23:10:27 +0100
Subject: [PATCH 3/3] Adds label `uid` to whitelist to avoid always having a
 diff when running terraform

---
 openfaas/resource_openfaas_function.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openfaas/resource_openfaas_function.go b/openfaas/resource_openfaas_function.go
index e57b136..6b0cb50 100644
--- a/openfaas/resource_openfaas_function.go
+++ b/openfaas/resource_openfaas_function.go
@@ -168,9 +168,10 @@ func isFunctionNotFound(err error) bool {
 var whiteListLabels = map[string]string{
 	"labels.com.openfaas.function": "",
 	"labels.function":              "",
+	"labels.uid":                   "",
 }
 
-const extraProviderLabelsCount = 2
+const extraProviderLabelsCount = 3
 
 func labelsDiffFunc(k, old, new string, d *schema.ResourceData) bool {
 	if _, ok := whiteListLabels[k]; ok {