Closed artuross closed 1 year ago
regarding the JSON patch, the merge happens in a different way (patch vs strategic), so it would be of something like this:
- op: add
path: /machine/certSANs
value:
- localhost
and the second issue is something that's already reported, https://github.com/siderolabs/terraform-provider-talos/issues/45
it currently required a second terraform apply
(haven't figured what;s the issue yet)
Yup, I'm aware of the difference between patch vs strategic - I simply tested all scenarios trying to find working configuration (and found that the strategic merge, at least in my case, does not work correctly either). In this particular example, both patches are equivalent in terms of the result (since initial certSANs
is an empty array).
You are right that for strategic merge, 2nd terraform apply
changes the output. Good catch!
Initial setup
main.tf
:patch.json
:Applying configuration
After confirming, Terraform will fetch the provider and apply the configuration creating
terraform.tfstate
file. We can get the prepared YAML file withyq
(we'll need this in a moment to confirm our patch is valid):Let's uncomment the patch so that it is applied, below is the modified resource.
If I try to apply now, I get an error:
To confirm the patch is valid, let's attempt to patch the resource with
talosctl
command.As expected, we get a
patched.yaml
file with the patch applied.JSON YAML format
patch.yaml
:main.tf
:Same error
Applying patch with
talosctl
works and produces identical file as the same command withpatch.json
.YAML strategic merge patch
patch_strategic.yaml
:main.tf
:Interestingly, this "works", however the patch has not been applied.
out.yaml
andout_patched.yaml
are identical. Once again, let's confirm thattalosctl
applies the patch correctly:My environment