Failed to morph manifest to OAPI type

[papanito]

Terraform Version, Provider Version and Kubernetes Version

Terraform version: v1.4.6
Kubernetes provider version: 2.11.0
Kubernetes version: 2.26.7

Affected Resource(s)

• kubernetes_manifest

Terraform Configuration Files

resource "kubernetes_manifest" "rke_profile_hardened_1_23_my" {
  manifest = {
    "apiVersion" = "cis.cattle.io/v1"
    "kind"       = "ClusterScanProfile"
    "metadata" = {
      "name"         = "rke-profile-hardened-1.23-my"
      "annotations"  = {
        "meta.helm.sh/release-name" = "clusterscan-operator"
        "meta.helm.sh/release-namespace" = "cis-operator-system"
      }
      "labels" = {
        "app.kubernetes.io/managed-by" = "Helm"
      }
    }
    "spec" = {
      "benchmarkVersion" = "rke-cis-1.23-hardened"
      "skipTests" = [
        "1.1.9",
        ...
      ]
    }
  }
  depends_on = [
    rancher2_app_v2.cis_benchmark
  ] 
}

resource "kubernetes_manifest" "aks_profile_my" {
  manifest = {
    "apiVersion" = "cis.cattle.io/v1"
    "kind"       = "ClusterScanProfile"
    "metadata" = {
      "name"         = "aks-profile-my"
      "annotations"  = {
        "meta.helm.sh/release-name" = "clusterscan-operator"
        "meta.helm.sh/release-namespace" = "cis-operator-system"
      }
      "labels" = {
        "app.kubernetes.io/managed-by" = "Helm"
      }
    }
    "spec" = {
      "benchmarkVersion" = "aks-1.0"
      "skipTests" = [
      ]
    }
  }
  depends_on = [
    rancher2_app_v2.cis_benchmark
  ] 
}

Debug Output

N/A

Panic Output

N/A

Steps to Reproduce

Expected Behavior

Plan success.

Actual Behavior

Plan failed:

╷
│ Error: Failed to morph manifest to OAPI type
│ 
│   with module.cis-benchmark.kubernetes_manifest.cis_scan_daily,
│   on .terraform/modules/cis-benchmark/cis-benchmark/main.tf line 27, in resource "kubernetes_manifest" "cis_scan_daily":
│   27: resource "kubernetes_manifest" "cis_scan_daily" {
│ 
│ AttributeName("metadata"): [AttributeName("metadata")] failed to morph
│ object element into object element:
│ AttributeName("metadata").AttributeName("clusterName"):
│ [AttributeName("metadata").AttributeName("clusterName")] failed to morph
│ object element into object element:
│ AttributeName("metadata").AttributeName("clusterName"): type is nil
╵
╷
│ Error: Failed to morph manifest to OAPI type
│ 
│   with module.cis-benchmark.kubernetes_manifest.rke_profile_hardened_1_23_my,
│   on .terraform/modules/cis-benchmark/cis-benchmark/profiles.tf line 1, in resource "kubernetes_manifest" "rke_profile_hardened_1_23_my":
│    1: resource "kubernetes_manifest" "rke_profile_hardened_1_23_my" {
│ 
│ AttributeName("metadata"): [AttributeName("metadata")] failed to morph
│ object element into object element:
│ AttributeName("metadata").AttributeName("clusterName"):
│ [AttributeName("metadata").AttributeName("clusterName")] failed to morph
│ object element into object element:
│ AttributeName("metadata").AttributeName("clusterName"): type is nil
╵
╷
│ Error: Failed to morph manifest to OAPI type
│ 
│   with module.cis-benchmark.kubernetes_manifest.aks_profile_my,
│   on .terraform/modules/cis-benchmark/cis-benchmark/profiles.tf line 47, in resource "kubernetes_manifest" "aks_profile_my":
│   47: resource "kubernetes_manifest" "aks_profile_my" {
│ 
│ AttributeName("metadata"): [AttributeName("metadata")] failed to morph
│ object element into object element:
│ AttributeName("metadata").AttributeName("clusterName"):
│ [AttributeName("metadata").AttributeName("clusterName")] failed to morph
│ object element into object element:
│ AttributeName("metadata").AttributeName("clusterName"): type is nil
╵

Important Factoids

Workaround:

• remove resources from state
• delete resources in cluster
• run plan

References

• GH-1563

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[BBBmau]

Hello Thank you for opening this PR @papanito

I just attempted your tfconfig on my own and was able to get it to run successfully with no Error. Could you try this with the latest kubernetes provider version? This may have been fixed in one of our previous releases. Also could you provide the logs as well by running TF_LOG=debug terraform apply

[BBBmau]

@papanito one more question, are you running a fresh install of the CRDs or have you made changes to the CRD configs? This could cause issues when attempting to run the manifest apply where the schema doesn't match up with the CRD config.

[papanito]

Sorry I will check and come back to you

[blockguardian]

@papanito I'm facing the same issue and I'm trying to use the existing terraform state. If I do a new setup it doesn't give any warnings or errors but if I do on existing setups this gives a warning. How to proceed on this ?

[llamahunter]

The remote state for the kubernetes_manifest has a 'metadata' field for 'clusterName' that is set to 'null'. I deleted the remote state, and then re-imported, and now the remote state does not have a 'clusterName' metadata field anymore, and all works fine.

I think at some point the implementation of kubernetes_manifest emitted a clusterName metadata field, and then in some future update they removed it.

Note that, in my case, the CRD doesn't say anything about the metadata field, other than that it is of type 'object'.

[blockguardian]

Thanks @llamahunter for response. In my case, I update my hashicorp/kubernetes and hashicorp/google version to latest version abd because of that my error shifted to warning and when I did terraform apply it automatically emitted a clusterName from metadata field.

So I guess what you suggested is correct that at some point the implementation of kubernetes_manifest emitted a clusterName metadata field, and then in some future update they removed it.

[guilhermefbarbosa]

updating hashicorp/kubernetes & hashicorp/google versions also worked for me

[papanito]

I did not face the issue yet again with newer versions