[BUG] `rancher2_pod_security_admission_configuration_template` gives error message `Unknown schema type [podSecurityPolicyTemplate]` when trying to delete the resource

[markusewalker]

Rancher Server Setup

• Rancher version: v2.9.0-rc2
• Installation option (Docker install/Helm Chart): Docker
  • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): RKE1/RKE2/K3S
• Proxy/Cert Details:

Information about the Cluster

• Kubernetes version: v1.30.2+k3s2
• Cluster Type (Local/Downstream): Downstream
  • If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider):

    When attempting to delete a custom PSACT resource using the Rancher2 provider, the following error is consistently seen:

    Error: [ERROR] failed to remove PodSecurityAdmissionConfigurationTemplate with ID rancher-baseline: Unknown schema type [podSecurityPolicyTemplate]

    This behavior is occuring specifically in v2.9.0-rc2 and was not reproducible in v2.8.5 and below, leading me to believe there was a schema change that occurred in between versions. The Rancher UI itself will remove the custom PSACT, but Terraform throws back this error message.

    To Reproduce

    1. Setup Rancher v2.9.0-rc2.
    2. In your main.tf, have something like the following:

       
       terraform {
       required_providers {
       rancher2 = {
         source = "rancher/rancher2"
         version = "4.2.0"
       }
       }
       }

    provider "rancher2" { api_url = var.rancher_api_url token_key = var.rancher_admin_bearer_token insecure = true }

    resource "rancher2_pod_security_admission_configuration_template" "rancher2_pod_security_admission_configuration_template" { name = "rancher-baseline" description = "This is a custom baseline Pod Security Admission Configuration Template.It defines a minimally restrictive policy which prevents known privilege escalations. This policy contains namespace level exemptions for Rancher components." defaults { audit = "baseline" audit_version = "latest" enforce = "baseline" enforce_version = "latest" warn = "baseline" warn_version = "latest" } exemptions { namespaces = ["ingress-nginx", "kube-system", "cattle-system", "cattle-epinio-system", "cattle-fleet-system", "longhorn-system", "cattle-neuvector-system", "cattle-monitoring-system", "rancher-alerting-drivers", "cis-operator-system", "cattle-csp-adapter-system", "cattle-externalip-system", "cattle-gatekeeper-system", "istio-system", "cattle-istio-system", "cattle-logging-system", "cattle-windows-gmsa-system", "cattle-sriov-system", "cattle-ui-plugin-system", "tigera-operator"] } }

    
    3. Run `terraform apply --auto-approve`.
    4. After it creates, run `terraform destroy --auto-approve`.
    
    ### Actual Result
    <!-- A clear and concise description of what actually happened. -->
    When running `terraform destroy --auto-approve`, you get the following message: `│ Error: [ERROR] failed to remove PodSecurityAdmissionConfigurationTemplate with ID rancher-baseline: Unknown schema type [podSecurityPolicyTemplate]`.
    
    ### Expected Result
    <!--A clear and concise description of what you expected to happen.-->
    The resource should clean up without any error message.