Skip to content
This repository was archived by the owner on Aug 11, 2021. It is now read-only.
This repository was archived by the owner on Aug 11, 2021. It is now read-only.

Explicit null value #245

Open
Open
Explicit null value#245
Labels
bugSomething isn't working
@jindrichskupa

Description

@jindrichskupa
jindrichskupa
opened on Jul 7, 2021

Terraform, Provider, Kubernetes versions

Terraform v1.0.0
+ provider registry.terraform.io/cyrilgdn/postgresql v1.13.0
+ provider registry.terraform.io/datadog/datadog v3.1.2
+ provider registry.terraform.io/gitlabhq/gitlab v3.6.0
+ provider registry.terraform.io/hashicorp/aws v3.47.0
+ provider registry.terraform.io/hashicorp/helm v2.2.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.3.2
+ provider registry.terraform.io/hashicorp/kubernetes-alpha v0.5.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/vault v2.21.0

Affected Resource(s)

  • kubernetes_manifest

Terraform Configuration Files

resource "kubernetes_manifest" "vault_secrets" {
  provider = kubernetes-alpha.red

  manifest = {
    "apiVersion" = "kubernetes-client.io/v1"
    "kind"       = "ExternalSecret"

    "metadata" = {
      "name"      = "vault-secrets"
      "namespace" = var.environment
    }

    "spec" = {
      "backendType" = "vault"
      "dataFrom" = [
        "${var.vault_kv2_base}/data/${var.environment}/services/secrets",
      ]
      "kvVersion"       = 2
      "template"        = null  # <---- This is the problem
      "vaultMountPoint" = var.vault_kube_auth_mount
      "vaultRole"       = var.vault_kube_role
    }
  }
  depends_on = [module.kube_namespace_red]
}

Debug Output

│ Error: Dry-run failed for non-structured resource
│ 
│   with kubernetes_manifest.vault_secrets,
│   on apps.tf line 139, in resource "kubernetes_manifest" "vault_secrets":
│  139: resource "kubernetes_manifest" "vault_secrets" {
│ 
│ A dry-run apply was performed for this resource but was unsuccessful:
│ ExternalSecret.kubernetes-client.io "vault-secrets" is invalid:
│ spec.template: Invalid value: "null": spec.template in body must be of type
│ object: "null"

I was trying all possible values, like:

      "template"        = null  # <---- This is the problem
      "template"        = {}  # <---- This is the problem
#      "template"        = null  # <---- This is the problem
      "template"        = { null }  # <---- Invalid hcl syntax

Expected Behavior

Manifest will be applied regarding to documentation: https://github.com/external-secrets/kubernetes-external-secrets

Example

apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
  name: hello-service
spec:
  backendType: secretsManager
  # optional: specify role to assume when retrieving the data
  roleArn: arn:aws:iam::123456789012:role/test-role
  # optional: specify region
  region: us-east-1
  dataFrom:
    - hello-service/credentials

spec.template is not needed but should be present as null

Actual Behavior

Manifest is invalid.

Important Factoids

References

https://github.com/external-secrets/kubernetes-external-secrets

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions