[Bug]: validate kubernetes credential on every plan/apply

[networkhermit]

Describe the bug

I find that terraform-provider-flux doesn't check the validity of kubernetes credential on every terraform plan/terraform apply. So invalid kubernetes credentials could stay undetected in terraform-provider-flux for a long time and breaking in a fresh bootstrap.

Steps to reproduce

1. Bootstrap a testing cluster with the following provider configuration

   provider "flux" {
   kubernetes = {
   config_path     = "~/.kube/config"
   }
   git = {}
   }

2. Refactor the kubernetes credential configuration:

   provider "flux" {
   kubernetes = {
   config_path     = "~/.kube/non_existed_config"
   }
   git = {}
   }

Or the following example based on a real refactor regression:

provider "flux" {
  kubernetes = {
    client_certificate     = var.KUBE_CLIENT_CERT_DATA
    config_path            = var.KUBE_CLIENT_KEY_DATA // The config_path should be client_key
    cluster_ca_certificate = var.KUBE_CLUSTER_CA_CERT_DATA
    host                   = var.KUBE_HOST
  }
  git = {}
}

3. Running terraform plan or terraform apply won't detect the kubernetes credential handling is problematic.

Expected behavior

validate kubernetes credential on every plan/apply phase

Screenshots and recordings

No response

Terraform and provider versions

OpenTofu v1.6.2 on linux_amd64

• provider registry.opentofu.org/fluxcd/flux v1.2.3

Terraform provider configurations

provider "flux" { kubernetes = { config_path = "~/.kube/non_existed_config" } git = {} }

flux_bootstrap_git resource

resource "flux_bootstrap_git" "fleet" { cluster_domain = var.cluster_domain path = var.watch_path }

Flux version

null

Additional context

No response

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

Would you like to implement a fix?

None

[swade1987]

We should add the logic check to https://github.com/fluxcd/terraform-provider-flux/blob/main/internal/provider/provider.go#L331