Normalize automount_service_account_token to be in line with the K8s API

[jrhouston]

Description

This PR defaults automount_service_account_token to true for Service, Deployment, StatefulSet, and DaemonSet as this is what the Kubernetes API does.

Acceptance tests

• Have you added an acceptance test for the functionality being added?
• Have you run the acceptance tests on this branch?

Output from acceptance testing:

=== RUN   TestAccKubernetesServiceAccount_basic
--- PASS: TestAccKubernetesServiceAccount_basic (5.87s)
=== RUN   TestAccKubernetesServiceAccount_automount
--- PASS: TestAccKubernetesServiceAccount_automount (4.81s)
=== RUN   TestAccKubernetesServiceAccount_update
--- PASS: TestAccKubernetesServiceAccount_update (11.82s)
=== RUN   TestAccKubernetesServiceAccount_generatedName
--- PASS: TestAccKubernetesServiceAccount_generatedName (4.65s)
PASS
ok  	github.com/hashicorp/terraform-provider-kubernetes/kubernetes	29.409s
...

Release Note

Release note for CHANGELOG:

Default automount_service_account_token to true

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[dak1n1]

At first glance, this looks good! I ran a few tests on it and it didn't seem to cause any issues in resources that use PodSpec.

When you're ready, here is the acceptance test that works with SDKv2. I haven't updated the others yet. https://ci-oss.hashicorp.engineering/viewType.html?buildTypeId=Kubernetes_ProviderKubernetesGke118

Also, you might already know this, but I wanted to share a git trick I just learned:

To easily rebase this, you can do this:

git checkout master
git fetch --all # I did this to pull in your branch
git checkout -b rebased-automount # create a new branch
git cherry-pick c609e597627c55ab63c454b43cc88855fff41edf

And just like that, it's up-to-date with master and there are no merge conflicts! 😄 At that point, it can be force-pushed to this branch and it will make the PR merge-able.

[dak1n1]

I found these by running git grep automount_service_account_token |grep false:

https://gist.githubusercontent.com/dak1n1/91a8935f6f6bd388a75c9b77717d1014/raw/526569ef7df9f0c54b144d6e770a50efc899f6c4/gistfile1.txt

But when I manually create a pod in Kubernetes, I see that it automatically mounts the service account token. So I believe this should be set to true for Pods too.

[jrhouston]

But when I manually create a pod in Kubernetes, I see that it automatically mounts the service account token. So I believe this should be set to true for Pods too.

I've made this change but it does complicate things if you create a pod with a volume – you need to either explicitly disable automount or reconcile the diff you get after the Pod is created and the volume gets auto mounted. I think this is the right behaviour though. This should encourage using a different resource because using Terraform to manage a lonesome Pod has a slim number of use cases given that you can use Job, CronJob, or Deployment.

[dak1n1]

Looks good and works in my test.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!