From a7809cde29d567c70bddd71cae1a8964ba65e947 Mon Sep 17 00:00:00 2001 From: andremarianiello Date: Tue, 5 Dec 2023 03:08:24 -0500 Subject: [PATCH] Support empty TLS blocks in Ingress resource (#2344) --- .changelog/2344.txt | 7 +++ kubernetes/provider_ignore_metadata_test.go | 3 +- .../resource_kubernetes_ingress_v1_test.go | 53 +++++++++++++++++++ ...esource_kubernetes_ingress_v1beta1_test.go | 50 ++++++++++++++++- ...tes_mutating_webhook_configuration_test.go | 9 ++-- .../resource_kubernetes_node_taint_test.go | 12 ++--- kubernetes/resource_kubernetes_pod_v1_test.go | 6 +-- ...alidating_webhook_configuration_v1_test.go | 9 ++-- ...ting_webhook_configuration_v1beta1_test.go | 6 +-- kubernetes/structure_ingress_spec.go | 5 +- kubernetes/structure_ingress_spec_v1.go | 5 +- 11 files changed, 132 insertions(+), 33 deletions(-) create mode 100644 .changelog/2344.txt diff --git a/.changelog/2344.txt b/.changelog/2344.txt new file mode 100644 index 0000000000..383b6dd735 --- /dev/null +++ b/.changelog/2344.txt @@ -0,0 +1,7 @@ +```release-note:bug +`resource/kubernetes_ingress`: Fix an issue where the empty `tls` attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. +``` + +```release-note:bug +`resource/kubernetes_ingress_v1`: Fix an issue where the empty `tls` attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. +``` diff --git a/kubernetes/provider_ignore_metadata_test.go b/kubernetes/provider_ignore_metadata_test.go index 643694ab0e..b984db10fc 100644 --- a/kubernetes/provider_ignore_metadata_test.go +++ b/kubernetes/provider_ignore_metadata_test.go @@ -44,8 +44,7 @@ func TestAccKubernetesIgnoreKubernetesMetadata_basic(t *testing.T) { } func testAccKubernetesIgnoreKubernetesMetadataProviderConfig(namespaceName string, ignoreKubernetesMetadata string) string { - return fmt.Sprintf(` -provider "kubernetes" { + return fmt.Sprintf(`provider "kubernetes" { ignore_annotations = [ "%s", ] diff --git a/kubernetes/resource_kubernetes_ingress_v1_test.go b/kubernetes/resource_kubernetes_ingress_v1_test.go index 7982026b18..671500e160 100644 --- a/kubernetes/resource_kubernetes_ingress_v1_test.go +++ b/kubernetes/resource_kubernetes_ingress_v1_test.go @@ -164,6 +164,39 @@ func TestAccKubernetesIngressV1_TLS(t *testing.T) { }) } +func TestAccKubernetesIngressV1_emptyTLS(t *testing.T) { + var conf networking.Ingress + name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) + resourceName := "kubernetes_ingress_v1.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + skipIfClusterVersionLessThan(t, "1.22.0") + }, + IDRefreshName: resourceName, + ProviderFactories: testAccProviderFactories, + CheckDestroy: testAccCheckKubernetesIngressV1Destroy, + IDRefreshIgnore: []string{"metadata.0.resource_version"}, + Steps: []resource.TestStep{ + { + Config: testAccKubernetesIngressV1Config_emptyTLS(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckKubernetesIngressV1Exists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "metadata.0.name", name), + resource.TestCheckResourceAttrSet(resourceName, "metadata.0.generation"), + resource.TestCheckResourceAttrSet(resourceName, "metadata.0.resource_version"), + resource.TestCheckResourceAttrSet(resourceName, "metadata.0.uid"), + resource.TestCheckResourceAttr(resourceName, "spec.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.tls.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.tls.0.hosts.#", "0"), + resource.TestCheckResourceAttr(resourceName, "spec.0.tls.0.secret_name", ""), + ), + }, + }, + }) +} + func TestAccKubernetesIngressV1_InternalKey(t *testing.T) { var conf networking.Ingress name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) @@ -541,6 +574,26 @@ func testAccKubernetesIngressV1Config_TLS_modified(name string) string { }`, name) } +func testAccKubernetesIngressV1Config_emptyTLS(name string) string { + return fmt.Sprintf(`resource "kubernetes_ingress_v1" "test" { + metadata { + name = "%s" + } + spec { + default_backend { + service { + name = "app1" + port { + number = 443 + } + } + } + tls { + } + } +}`, name) +} + func testAccKubernetesIngressV1Config_internalKey(name string) string { return fmt.Sprintf(`resource "kubernetes_ingress_v1" "test" { metadata { diff --git a/kubernetes/resource_kubernetes_ingress_v1beta1_test.go b/kubernetes/resource_kubernetes_ingress_v1beta1_test.go index 9ad4d4cea9..3dbd83bc49 100644 --- a/kubernetes/resource_kubernetes_ingress_v1beta1_test.go +++ b/kubernetes/resource_kubernetes_ingress_v1beta1_test.go @@ -119,6 +119,39 @@ func TestAccKubernetesIngressV1Beta1_TLS(t *testing.T) { }) } +func TestAccKubernetesIngressV1Beta1_emptyTLS(t *testing.T) { + var conf api.Ingress + name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) + resourceName := "kubernetes_ingress.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + skipIfClusterVersionGreaterThanOrEqual(t, "1.22.0") + }, + IDRefreshName: resourceName, + IDRefreshIgnore: []string{"metadata.0.resource_version"}, + ProviderFactories: testAccProviderFactories, + CheckDestroy: testAccCheckKubernetesIngressV1Beta1Destroy, + Steps: []resource.TestStep{ + { + Config: testAccKubernetesIngressV1Beta1Config_TLS(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckKubernetesIngressV1Beta1Exists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "metadata.0.name", name), + resource.TestCheckResourceAttrSet(resourceName, "metadata.0.generation"), + resource.TestCheckResourceAttrSet(resourceName, "metadata.0.resource_version"), + resource.TestCheckResourceAttrSet(resourceName, "metadata.0.uid"), + resource.TestCheckResourceAttr(resourceName, "spec.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.tls.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.tls.0.hosts.#", "0"), + resource.TestCheckResourceAttr(resourceName, "spec.0.tls.0.secret_name", ""), + ), + }, + }, + }) +} + func TestAccKubernetesIngressV1Beta1_InternalKey(t *testing.T) { var conf api.Ingress name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) @@ -194,7 +227,6 @@ func TestAccKubernetesIngressV1Beta1_WaitForLoadBalancerGoogleCloud(t *testing.T func testAccCheckKubernetesIngressV1Beta1Destroy(s *terraform.State) error { conn, err := testAccProvider.Meta().(KubeClientsets).MainClientset() - if err != nil { return err } @@ -309,6 +341,22 @@ func testAccKubernetesIngressV1Beta1Config_TLS(name string) string { }`, name) } +func testAccKubernetesIngressV1Beta1Config_emptyTLS(name string) string { + return fmt.Sprintf(`resource "kubernetes_ingress" "test" { + metadata { + name = "%s" + } + spec { + backend { + service_name = "app1" + service_port = 443 + } + tls { + } + } +}`, name) +} + func testAccKubernetesIngressV1Beta1Config_TLS_modified(name string) string { return fmt.Sprintf(`resource "kubernetes_ingress" "test" { metadata { diff --git a/kubernetes/resource_kubernetes_mutating_webhook_configuration_test.go b/kubernetes/resource_kubernetes_mutating_webhook_configuration_test.go index bab9adcf01..eb91b7bc07 100644 --- a/kubernetes/resource_kubernetes_mutating_webhook_configuration_test.go +++ b/kubernetes/resource_kubernetes_mutating_webhook_configuration_test.go @@ -216,8 +216,7 @@ func testAccCheckKubernetesMutatingWebhookConfigurationExists(n string) resource } func testAccKubernetesMutatingWebhookConfigurationConfig_basic(name string) string { - return fmt.Sprintf(` -resource "kubernetes_mutating_webhook_configuration" "test" { + return fmt.Sprintf(`resource "kubernetes_mutating_webhook_configuration" "test" { metadata { name = %q } @@ -254,8 +253,7 @@ resource "kubernetes_mutating_webhook_configuration" "test" { } func testAccKubernetesMutatingWebhookConfigurationConfig_modified(name string) string { - return fmt.Sprintf(` -resource "kubernetes_mutating_webhook_configuration" "test" { + return fmt.Sprintf(`resource "kubernetes_mutating_webhook_configuration" "test" { metadata { name = %q } @@ -306,8 +304,7 @@ resource "kubernetes_mutating_webhook_configuration" "test" { } func testAccKubernetesMutatingWebhookConfigurationConfig_without_rules(name string) string { - return fmt.Sprintf(` -resource "kubernetes_mutating_webhook_configuration" "test" { + return fmt.Sprintf(`resource "kubernetes_mutating_webhook_configuration" "test" { metadata { name = %q } diff --git a/kubernetes/resource_kubernetes_node_taint_test.go b/kubernetes/resource_kubernetes_node_taint_test.go index ba3383fa5a..a93b16619c 100644 --- a/kubernetes/resource_kubernetes_node_taint_test.go +++ b/kubernetes/resource_kubernetes_node_taint_test.go @@ -155,8 +155,7 @@ func testAccKubernetesNodeTaintExists(n string) resource.TestCheckFunc { } func testAccKubernetesNodeTaintConfig_basic() string { - return fmt.Sprintf(` -data "kubernetes_nodes" "test" {} + return fmt.Sprintf(`data "kubernetes_nodes" "test" {} resource "kubernetes_node_taint" "test" { metadata { @@ -173,8 +172,7 @@ resource "kubernetes_node_taint" "test" { } func testAccKubernetesNodeTaintConfig_multipleBasic() string { - return fmt.Sprintf(` -data "kubernetes_nodes" "test" {} + return fmt.Sprintf(`data "kubernetes_nodes" "test" {} resource "kubernetes_node_taint" "test" { metadata { @@ -201,8 +199,7 @@ resource "kubernetes_node_taint" "test" { } func testAccKubernetesNodeTaintConfig_updateTaint() string { - return fmt.Sprintf(` -data "kubernetes_nodes" "test" {} + return fmt.Sprintf(`data "kubernetes_nodes" "test" {} resource "kubernetes_node_taint" "test" { metadata { @@ -229,8 +226,7 @@ resource "kubernetes_node_taint" "test" { } func testAccKubernetesNodeTaintConfig_removeTaint() string { - return fmt.Sprintf(` -data "kubernetes_nodes" "test" {} + return fmt.Sprintf(`data "kubernetes_nodes" "test" {} resource "kubernetes_node_taint" "test" { metadata { diff --git a/kubernetes/resource_kubernetes_pod_v1_test.go b/kubernetes/resource_kubernetes_pod_v1_test.go index 72e67a01c5..a4daab041b 100644 --- a/kubernetes/resource_kubernetes_pod_v1_test.go +++ b/kubernetes/resource_kubernetes_pod_v1_test.go @@ -1949,8 +1949,7 @@ func testAccKubernetesPodV1ConfigWithSecurityContextRunAsGroup(podName, imageNam } func testAccKubernetesPodV1ConfigWithSecurityContextSeccompProfile(podName, imageName, seccompProfileType string) string { - return fmt.Sprintf(` -resource "kubernetes_pod_v1" "test" { + return fmt.Sprintf(`resource "kubernetes_pod_v1" "test" { metadata { labels = { app = "pod_label" @@ -1982,8 +1981,7 @@ resource "kubernetes_pod_v1" "test" { } func testAccKubernetesPodV1ConfigWithSecurityContextSeccompProfileLocalhost(podName, imageName string) string { - return fmt.Sprintf(` -resource "kubernetes_pod_v1" "test" { + return fmt.Sprintf(`resource "kubernetes_pod_v1" "test" { metadata { labels = { app = "pod_label" diff --git a/kubernetes/resource_kubernetes_validating_webhook_configuration_v1_test.go b/kubernetes/resource_kubernetes_validating_webhook_configuration_v1_test.go index f1d76eb4fe..38ed54c014 100644 --- a/kubernetes/resource_kubernetes_validating_webhook_configuration_v1_test.go +++ b/kubernetes/resource_kubernetes_validating_webhook_configuration_v1_test.go @@ -198,8 +198,7 @@ func testAccCheckKubernetesValidatingWebhookConfigurationV1Exists(n string) reso } func testAccKubernetesValidatingWebhookConfigurationV1Config_basic(name string) string { - return fmt.Sprintf(` -resource "kubernetes_validating_webhook_configuration_v1" "test" { + return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration_v1" "test" { metadata { name = %q } @@ -235,8 +234,7 @@ resource "kubernetes_validating_webhook_configuration_v1" "test" { } func testAccKubernetesValidatingWebhookConfigurationV1Config_modified(name string) string { - return fmt.Sprintf(` -resource "kubernetes_validating_webhook_configuration_v1" "test" { + return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration_v1" "test" { metadata { name = %q } @@ -291,8 +289,7 @@ resource "kubernetes_validating_webhook_configuration_v1" "test" { } func testAccKubernetesValidatingWebhookConfigurationV1Config_without_rules(name string) string { - return fmt.Sprintf(` -resource "kubernetes_validating_webhook_configuration_v1" "test" { + return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration_v1" "test" { metadata { name = %q } diff --git a/kubernetes/resource_kubernetes_validating_webhook_configuration_v1beta1_test.go b/kubernetes/resource_kubernetes_validating_webhook_configuration_v1beta1_test.go index 9df0089cc9..9ead43530e 100644 --- a/kubernetes/resource_kubernetes_validating_webhook_configuration_v1beta1_test.go +++ b/kubernetes/resource_kubernetes_validating_webhook_configuration_v1beta1_test.go @@ -192,8 +192,7 @@ func testAccCheckKubernetesValidatingWebhookConfigurationV1Beta1Exists(n string) } func testAccKubernetesValidatingWebhookConfigurationV1Beta1Config_basic(name string) string { - return fmt.Sprintf(` -resource "kubernetes_validating_webhook_configuration" "test" { + return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration" "test" { metadata { name = %q } @@ -229,8 +228,7 @@ resource "kubernetes_validating_webhook_configuration" "test" { } func testAccKubernetesValidatingWebhookConfigurationV1Beta1Config_modified(name string) string { - return fmt.Sprintf(` -resource "kubernetes_validating_webhook_configuration" "test" { + return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration" "test" { metadata { name = %q } diff --git a/kubernetes/structure_ingress_spec.go b/kubernetes/structure_ingress_spec.go index f4db0b5cb5..6de5bdd97a 100644 --- a/kubernetes/structure_ingress_spec.go +++ b/kubernetes/structure_ingress_spec.go @@ -194,12 +194,15 @@ func expandIngressBackend(l []interface{}) *v1beta1.IngressBackend { } func expandIngressTLS(l []interface{}) []v1beta1.IngressTLS { - if len(l) == 0 || l[0] == nil { + if len(l) == 0 { return nil } tlsList := make([]v1beta1.IngressTLS, len(l)) for i, t := range l { + if t == nil { + t = map[string]interface{}{} + } in := t.(map[string]interface{}) obj := v1beta1.IngressTLS{} diff --git a/kubernetes/structure_ingress_spec_v1.go b/kubernetes/structure_ingress_spec_v1.go index f42f642d9d..d5395522bb 100644 --- a/kubernetes/structure_ingress_spec_v1.go +++ b/kubernetes/structure_ingress_spec_v1.go @@ -252,12 +252,15 @@ func expandIngressV1Backend(l []interface{}) *networking.IngressBackend { } func expandIngressV1TLS(l []interface{}) []networking.IngressTLS { - if len(l) == 0 || l[0] == nil { + if len(l) == 0 { return nil } tlsList := make([]networking.IngressTLS, len(l)) for i, t := range l { + if t == nil { + t = map[string]interface{}{} + } in := t.(map[string]interface{}) obj := networking.IngressTLS{}