[Bug]: validate kubernetes credential on every plan/apply

[networkhermit]

Describe the bug

I find that terraform-provider-flux doesn't check the validity of kubernetes credential on every terraform plan/terraform apply. So invalid kubernetes credentials could stay undetected in terraform-provider-flux for a long time and breaking in a fresh bootstrap.

Steps to reproduce

1. Bootstrap a testing cluster with the following provider configuration

provider "flux" {
  kubernetes = {
    config_path     = "~/.kube/config"
  }
  git = {}
}

2. Refactor the kubernetes credential configuration:

provider "flux" {
  kubernetes = {
    config_path     = "~/.kube/non_existed_config"
  }
  git = {}
}

Or the following example based on a real refactor regression:

provider "flux" {
  kubernetes = {
    client_certificate     = var.KUBE_CLIENT_CERT_DATA
    config_path            = var.KUBE_CLIENT_KEY_DATA // The config_path should be client_key
    cluster_ca_certificate = var.KUBE_CLUSTER_CA_CERT_DATA
    host                   = var.KUBE_HOST
  }
  git = {}
}

3. Running terraform plan or terraform apply won't detect the kubernetes credential handling is problematic.

Expected behavior

validate kubernetes credential on every plan/apply phase

Screenshots and recordings

No response

Terraform and provider versions

OpenTofu v1.6.2
on linux_amd64

• provider registry.opentofu.org/fluxcd/flux v1.2.3

Terraform provider configurations

provider "flux" {
kubernetes = {
config_path = "~/.kube/non_existed_config"
}
git = {}
}

flux_bootstrap_git resource

resource "flux_bootstrap_git" "fleet" {
cluster_domain = var.cluster_domain
path = var.watch_path
}

Flux version

null

Additional context

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Would you like to implement a fix?

None

[swade1987]

We should add the logic check to https:/fluxcd/terraform-provider-flux/blob/main/internal/provider/provider.go#L331