Open thomas-riccardi opened 2 years ago
I'm experiencing this with the aws-load-balancer-controller. It dynamically generates a tls keypair for a webhook and stores it as a secret. Later applies then use the helm lookup
function to query the existing value from the cluster and reuse it. Something about that interaction is failing here such that everywhere that the tls cert is used in the chart is showing as changed on every apply and then failing with the above error "when expanding the plan ...".
This issue seems to be caused by the use of a mock lookup function https://github.com/hashicorp/terraform-provider-helm/blob/1f32cc8313baa58a076bd77b6864a1271ae01438/vendor/helm.sh/helm/v3/pkg/engine/funcs.go#L67-L69
@andremarianiello Hmm how can the lookup
function be modified to avoid this error ? How do other providers do a lookup
for sensitive values?
Marking this issue as stale due to inactivity. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. This helps our maintainers find and focus on the active issues. Maintainers may also remove the stale label at their discretion. Thank you!
Unstale
Any update on this?
Terraform, Provider, Kubernetes and Helm Versions
Affected Resource(s)
Terraform Configuration Files
Steps to Reproduce
terraform apply
Expected Behavior
helm_release values are unknown at plan time, then are generated during apply, then the helm release is created.
Actual Behavior
manifest
, it shows values used in the helm templates with literal value(sensitive value 54b32d658494ded3)
(or some other number)When expanding the plan for helm_release.datadog_agent to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/helm" produced an invalid new value for .manifest: was cty.StringVal(...) but now cty.StringVal(...) This is a bug in the provider, which should be reported in the provider's own issue tracker.