search

hashicorp / terraform-provider-kubernetes-alpha

A Terraform provider for Kubernetes that uses dynamic resource types and server-side apply. Supports all Kubernetes resources.
https://registry.terraform.io/providers/hashicorp/kubernetes-alpha/latest
Mozilla Public License 2.0
490 stars 63 forks source link

Explicit null value #245

Open jindrichskupa opened 3 years ago

jindrichskupa commented 3 years ago

Terraform, Provider, Kubernetes versions

Terraform v1.0.0
+ provider registry.terraform.io/cyrilgdn/postgresql v1.13.0
+ provider registry.terraform.io/datadog/datadog v3.1.2
+ provider registry.terraform.io/gitlabhq/gitlab v3.6.0
+ provider registry.terraform.io/hashicorp/aws v3.47.0
+ provider registry.terraform.io/hashicorp/helm v2.2.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.3.2
+ provider registry.terraform.io/hashicorp/kubernetes-alpha v0.5.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/vault v2.21.0

Affected Resource(s)

Terraform Configuration Files

resource "kubernetes_manifest" "vault_secrets" {
  provider = kubernetes-alpha.red

  manifest = {
    "apiVersion" = "kubernetes-client.io/v1"
    "kind"       = "ExternalSecret"

    "metadata" = {
      "name"      = "vault-secrets"
      "namespace" = var.environment
    }

    "spec" = {
      "backendType" = "vault"
      "dataFrom" = [
        "${var.vault_kv2_base}/data/${var.environment}/services/secrets",
      ]
      "kvVersion"       = 2
      "template"        = null  # <---- This is the problem
      "vaultMountPoint" = var.vault_kube_auth_mount
      "vaultRole"       = var.vault_kube_role
    }
  }
  depends_on = [module.kube_namespace_red]
}

Debug Output

│ Error: Dry-run failed for non-structured resource
│ 
│   with kubernetes_manifest.vault_secrets,
│   on apps.tf line 139, in resource "kubernetes_manifest" "vault_secrets":
│  139: resource "kubernetes_manifest" "vault_secrets" {
│ 
│ A dry-run apply was performed for this resource but was unsuccessful:
│ ExternalSecret.kubernetes-client.io "vault-secrets" is invalid:
│ spec.template: Invalid value: "null": spec.template in body must be of type
│ object: "null"

I was trying all possible values, like:

      "template"        = null  # <---- This is the problem
      "template"        = {}  # <---- This is the problem
#      "template"        = null  # <---- This is the problem
      "template"        = { null }  # <---- Invalid hcl syntax

Expected Behavior

Manifest will be applied regarding to documentation: https://github.com/external-secrets/kubernetes-external-secrets

Example

apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
  name: hello-service
spec:
  backendType: secretsManager
  # optional: specify role to assume when retrieving the data
  roleArn: arn:aws:iam::123456789012:role/test-role
  # optional: specify region
  region: us-east-1
  dataFrom:
    - hello-service/credentials

spec.template is not needed but should be present as null

Actual Behavior

Manifest is invalid.

Important Factoids

References

https://github.com/external-secrets/kubernetes-external-secrets