Merge branch 'main' into ds-fix-wait-for-rollout

.changelog/2306.txt

@@ -0,0 +1,3 @@
+```release-note:feature
+New data source: `kubernetes_server_version`
+```

.changelog/2417.txt

@@ -0,0 +1 @@
+`persistent_volume_v1`: Support PersistentVolumeLastPhaseTransitionTime feature gate in persistent volume status. 

.changelog/2493.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+resource/resource_kubernetes_stateful_set_v1: Add support for `min_ready_seconds`
+```

.changelog/2559.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+`resource/kubernetes_certificate_signing_request_v1`: Add argument `spec.expiration_seconds`
+```

.github/workflows/acceptance_tests_kind.yaml

@@ -5,7 +5,7 @@ on:
     inputs:
       kindVersion:
         description: The kind version
-        default: 0.20.0 # Kubernetes version: 1.27.X
+        default: 0.20.0
       runTests:
         description: The regex passed to the -run option of `go test`
         default: "^TestAcc"
@@ -34,6 +34,19 @@ jobs:
   acceptance_tests_kind:
     if: ${{ github.repository_owner == 'hashicorp' }}
     runs-on: custom-linux-medium
+    strategy:
+      # Don't cancel all in-progress and queued jobs in the matrix if any job in the matrix fails.
+      # That will be helpful to catch any issues related to a particular Kubernetes version.
+      fail-fast: false
+      matrix:
+        kubernetes_version:
+          # kind images: https://github.com/kubernetes-sigs/kind/releases (note the images are kind release specific)
+          - v1.29.0@sha256:eaa1450915475849a73a9227b8f201df25e55e268e5d619312131292e324d570
+          - v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31
+          - v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
+          - v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
+          - v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8
+          - v1.23.17@sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb
     steps:
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
@@ -51,6 +64,7 @@ jobs:
         with:
           wait: 2m
           version: v${{ env.KIND_VERSION }}
+          node_image: kindest/node:${{ matrix.kubernetes_version }}
           config: .github/config/acceptance_tests_kind_config.yaml
       - name: Run Acceptance Test Suite
         env:

.github/workflows/manifest_acc.yaml

@@ -29,22 +29,20 @@ jobs:
         kubernetes_version:
           # kind images: https://github.com/kubernetes-sigs/kind/releases
           - v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e
-          - v1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0
-          - v1.26.6@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1
-          - v1.25.11@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315
-          - v1.23.15@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61
+          - v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31
+          - v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
+          - v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
+          - v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8
+          - v1.23.17@sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb
         terraform_version:
-          - 1.8.0
+          - 1.8.5
+          - 1.6.6
           - 1.5.7
           - 1.4.7
           - 1.3.10
           - 1.2.9
           - 1.1.9
           - 1.0.11
-        # BONUS: Run tests on the latest available Kubernetes(1.X) and Terraform(1.X) versions.
-        include:
-          - kubernetes_version: v1.27.3@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352
-            terraform_version: 1.6.1
     steps:
       - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Set up Go

.github/workflows/release.yaml

@@ -25,7 +25,7 @@ jobs:
   terraform-provider-release:
     name: 'Terraform Provider Release'
     needs: [release-notes]
-    uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/hashicorp.yml@v3.0.1
+    uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/hashicorp.yml@v4.0.1
     secrets:
       hc-releases-key-prod: '${{ secrets.HC_RELEASES_KEY_PROD }}'
       hc-releases-key-staging: '${{ secrets.HC_RELEASES_KEY_STAGING }}'

CHANGELOG_GUIDE.md

@@ -85,6 +85,12 @@ plugin/k8s: Fix broken code
 ```
 ~~~
 
+### Deprecations 
+
+```release-note:note
+resource/k8s_resource_name: This resource is being deprecated as it is no longer supported in upgraded dependencies.
+```
+
 ### Long Description with Markdown
 
 ~~~
@@ -108,3 +114,8 @@ For more information as to what each flag does, make sure to run `changelog-buil
 ```
 changelog-build -last-release v0.5.0 -entries-dir .changelog/ -changelog-template changelog.tmpl -note-template note.tmpl -this-release 86b6b38faa7c69f26f1d4c71e271cd4285daadf9
 ```
+## Changes that should not have a changelog entry
+
+Testing updates
+Resource and provider documentation updates
+Code refactoring 

docs/data-sources/server_version.md

@@ -0,0 +1,29 @@
+---
+subcategory: "core/v1"
+page_title: "Kubernetes: kubernetes_server_version"
+description: |-
+  Retrieves and parses the server's version (git version). 
+---
+
+# kubernetes_server_version
+
+This data source reads the versioning information of the server and makes specific attributes available to Terraform. Read more at [version info reference](https://pkg.go.dev/k8s.io/apimachinery/pkg/version#Info)
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `build_date` (String) Kubernetes server build date
+- `compiler` (String) Compiler used to build Kubernetes
+- `git_commit` (String) Git commit SHA
+- `git_tree_state` (String) Git commit tree state
+- `git_version` (String) Composite version and git commit sha
+- `go_version` (String) Go compiler version
+- `id` (String) The ID of this resource.
+- `major` (String) Major Kubernetes version
+- `minor` (String) Minor Kubernetes version
+- `platform` (String) Platform
+- `version` (String) Composite Kubernetes server version
+
+

docs/resources/certificate_signing_request_v1.md

@@ -97,6 +97,18 @@ Custom signerNames can also be specified. The signer defines:
 
 Optional:
 
+- `expiration_seconds` (Integer) expirationSeconds is the requested duration of validity of the issued certificate.
+
+The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration. The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager.
+
+Certificate signers may not honor this field for various reasons:
+
+1. Old signer that is unaware of the field (such as the in-tree implementations prior to v1.22)
+2. Signer whose configured maximum is shorter than the requested duration
+3. Signer whose configured minimum is longer than the requested duration
+
+The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
+
 - `usages` (Set of String) usages specifies a set of key usages requested in the issued certificate.
 
 Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".

docs/resources/stateful_set_v1.md

@@ -61,6 +61,7 @@ Optional:
 - `revision_history_limit` (Number) The maximum number of revisions that will be maintained in the StatefulSet's revision history. The default value is 10.
 - `update_strategy` (Block List) The strategy that the StatefulSet controller will use to perform updates. (see [below for nested schema](#nestedblock--spec--update_strategy))
 - `volume_claim_template` (Block List) A list of claims that pods are allowed to reference. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. (see [below for nested schema](#nestedblock--spec--volume_claim_template))
+- `min_ready_seconds` - (Optional) - Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0. (pod will be considered available as soon as it is ready)
 
 <a id="nestedblock--spec--selector"></a>
 ### Nested Schema for `spec.selector`
@@ -2361,6 +2362,7 @@ resource "kubernetes_stateful_set_v1" "prometheus" {
   }
 
   spec {
+    min_ready_seconds = 10
     pod_management_policy  = "Parallel"
     replicas               = 1
     revision_history_limit = 5

kubernetes/data_source_kubernetes_pod_v1.go

@@ -19,7 +19,7 @@ func dataSourceKubernetesPodV1() *schema.Resource {
 	// being mutated on the server side as Kubernetes automatically adds a mount
 	// for the service account token
 	return &schema.Resource{
-		Description: "A pod is a group of one or more containers, the shared storage for those containers, and options about how to run the containers. Pods are always co-located and co-scheduled, and run in a shared context.Read more at [Kubernetes reference](https://kubernetes.io/docs/concepts/workloads/pods/pod/)",
+		Description: "A pod is a group of one or more containers, the shared storage for those containers, and options about how to run the containers. Pods are always co-located and co-scheduled, and run in a shared context. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod/.",
 		ReadContext: dataSourceKubernetesPodV1Read,
 
 		Schema: map[string]*schema.Schema{

kubernetes/data_source_kubernetes_server_version.go

@@ -0,0 +1,99 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package kubernetes
+
+import (
+	"context"
+
+	gversion "github.com/hashicorp/go-version"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceKubernetesServerVersion() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceKubernetesServerVersionRead,
+		Description: "This data source reads the versioning information of the server and makes specific attributes available to Terraform. Read more at [version info reference](https://pkg.go.dev/k8s.io/apimachinery/pkg/version#Info)",
+		Schema: map[string]*schema.Schema{
+			"version": {
+				Type:        schema.TypeString,
+				Description: "Composite Kubernetes server version",
+				Computed:    true,
+			},
+			"build_date": {
+				Type:        schema.TypeString,
+				Description: "Kubernetes server build date",
+				Computed:    true,
+			},
+			"compiler": {
+				Type:        schema.TypeString,
+				Description: "Compiler used to build Kubernetes",
+				Computed:    true,
+			},
+			"git_commit": {
+				Type:        schema.TypeString,
+				Description: "Git commit SHA",
+				Computed:    true,
+			},
+			"git_tree_state": {
+				Type:        schema.TypeString,
+				Description: "Git commit tree state",
+				Computed:    true,
+			},
+			"git_version": {
+				Type:        schema.TypeString,
+				Description: "Composite version and git commit sha",
+				Computed:    true,
+			},
+			"major": {
+				Type:        schema.TypeString,
+				Description: "Major Kubernetes version",
+				Computed:    true,
+			},
+			"minor": {
+				Type:        schema.TypeString,
+				Description: "Minor Kubernetes version",
+				Computed:    true,
+			},
+			"platform": {
+				Type:        schema.TypeString,
+				Description: "Platform",
+				Computed:    true,
+			},
+			"go_version": {
+				Type:        schema.TypeString,
+				Description: "Go compiler version",
+				Computed:    true,
+			},
+		},
+	}
+}
+
+func dataSourceKubernetesServerVersionRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn, err := meta.(KubeClientsets).MainClientset()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	sv, err := conn.ServerVersion()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	gv, err := gversion.NewVersion(sv.String())
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.SetId(gv.String())
+	d.Set("version", gv.String())
+	d.Set("build_date", sv.BuildDate)
+	d.Set("compiler", sv.Compiler)
+	d.Set("git_commit", sv.GitCommit)
+	d.Set("git_tree_state", sv.GitTreeState)
+	d.Set("git_version", sv.GitVersion)
+	d.Set("go_version", sv.GoVersion)
+	d.Set("major", sv.Major)
+	d.Set("minor", sv.Minor)
+	d.Set("platform", sv.Platform)
+	return nil
+}

kubernetes/data_source_kubernetes_server_version_test.go

@@ -0,0 +1,61 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package kubernetes
+
+import (
+	"fmt"
+	"testing"
+
+	gversion "github.com/hashicorp/go-version"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+func TestAccKubernetesDataSourceServerVersion_basic(t *testing.T) {
+	dataSourceName := "data.kubernetes_server_version.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesDataSourceServerVersionConfig_basic(),
+				Check: func(st *terraform.State) error {
+					meta := testAccProvider.Meta()
+					if meta == nil {
+						return fmt.Errorf("Provider not initialized, unable to check cluster version")
+					}
+					conn, err := meta.(KubeClientsets).MainClientset()
+					if err != nil {
+						return err
+					}
+					ver, err := conn.ServerVersion()
+					if err != nil {
+						return err
+					}
+					gver, err := gversion.NewVersion(ver.String())
+					if err != nil {
+						return err
+					}
+					return resource.ComposeAggregateTestCheckFunc(
+						resource.TestCheckResourceAttr(dataSourceName, "version", gver.String()),
+						resource.TestCheckResourceAttr(dataSourceName, "build_date", ver.BuildDate),
+						resource.TestCheckResourceAttr(dataSourceName, "compiler", ver.Compiler),
+						resource.TestCheckResourceAttr(dataSourceName, "git_commit", ver.GitCommit),
+						resource.TestCheckResourceAttr(dataSourceName, "git_tree_state", ver.GitTreeState),
+						resource.TestCheckResourceAttr(dataSourceName, "git_version", ver.GitVersion),
+						resource.TestCheckResourceAttr(dataSourceName, "major", ver.Major),
+						resource.TestCheckResourceAttr(dataSourceName, "minor", ver.Minor),
+						resource.TestCheckResourceAttr(dataSourceName, "platform", ver.Platform),
+						resource.TestCheckResourceAttr(dataSourceName, "go_version", ver.GoVersion),
+					)(st)
+				},
+			},
+		},
+	})
+}
+
+func testAccKubernetesDataSourceServerVersionConfig_basic() string {
+	return `data "kubernetes_server_version" "test" {}`
+}

kubernetes/data_source_kubernetes_service_account_v1.go

@@ -15,7 +15,7 @@ import (
 
 func dataSourceKubernetesServiceAccountV1() *schema.Resource {
 	return &schema.Resource{
-		Description: "A service account provides an identity for processes that run in a Pod. This data source reads the service account and makes specific attributes available to Terraform. Read more at [Kubernetes reference](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/)",
+		Description: "A service account provides an identity for processes that run in a Pod. This data source reads the service account and makes specific attributes available to Terraform. More info: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/.",
 		ReadContext: dataSourceKubernetesServiceAccountV1Read,
 
 		Schema: map[string]*schema.Schema{

kubernetes/data_source_kubernetes_service_account_v1_test.go

@@ -165,7 +165,7 @@ resource "kubernetes_secret_v1" "test" {
   }
   type = "kubernetes.io/service-account-token"
   depends_on = [
-    kubernetes_service_account.test
+    kubernetes_service_account_v1.test
   ]
 }
 `, name, name, name)

kubernetes/provider.go

@@ -235,6 +235,7 @@ func Provider() *schema.Provider {
 			"kubernetes_persistent_volume_claim":    dataSourceKubernetesPersistentVolumeClaimV1(),
 			"kubernetes_persistent_volume_claim_v1": dataSourceKubernetesPersistentVolumeClaimV1(),
 			"kubernetes_nodes":                      dataSourceKubernetesNodes(),
+			"kubernetes_server_version":             dataSourceKubernetesServerVersion(),
 
 			// networking
 			"kubernetes_ingress":    dataSourceKubernetesIngress(),

kubernetes/resource_kubernetes_certificate_signing_request_v1.go

@@ -57,6 +57,12 @@ func resourceKubernetesCertificateSigningRequestV1() *schema.Resource {
 				MaxItems:    1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"expiration_seconds": {
+							Type:        schema.TypeInt,
+							Description: apiDocSpec["expirationSeconds"],
+							Optional:    true,
+							ForceNew:    true,
+						},
 						"request": {
 							Type:        schema.TypeString,
 							Description: apiDocSpec["request"],