-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: kyverno_io_cluster_policy_v1_manifest - spec.rules.context.api_call.data.value is a map of strings #169
Comments
The issue is that However, with how Kyverno has coded it, it can be a string, a list or a map: https://github.com/kyverno/kyverno/blob/279895c60056b1552476663b0fa814cb0e7d7597/api/kyverno/v1/common_types.go#L235 Simply, a string is passed and then converted using the JSON module. Sample code, you can replace
I'm not sure what the best solution is. |
The CRD however is an object:
Other examples from Kyverno where it is a string and a map |
hey @calvinbui sorry for the super late reply & thanks for opening this ticket The complete failing example looks like this: data "k8s_kyverno_io_cluster_policy_v1_manifest" "example" {
metadata = {
name = "some-name"
}
spec = {
rules = [
{
name = "some-rule"
context = [
{
name = "response"
api_call = {
method = "POST"
data = [
{
key = "images"
value = "{{images}}"
},
]
}
}
]
}
]
}
} Technically, this is a prime example for dynamic types in Terraform, however due to hashicorp/terraform-plugin-framework#973 we cannot use dynamic types in collections. Conceptually this is similar to hashicorp/terraform-plugin-codegen-openapi#82 and I'm hoping that hashicorp/terraform-plugin-codegen-framework#132 can be used as some kind of blue print for other providers on how to deal with dynamic types in these situations. Since all of that is still open, I think the best we can do for now is to enhance the code generator in this provider to allow types to be overwritten, then declare the A valid config block would look like this: data "k8s_kyverno_io_cluster_policy_v1_manifest" "example" {
metadata = {
name = "some-name"
}
spec = {
rules = [
{
name = "some-rule"
context = [
{
name = "response"
api_call = {
method = "POST"
data = [
{
key = "images"
value = <<EOT
"{{images}}"
EOT
},
]
}
}
]
}
]
}
} Everything between EOT can be any valid JSON. |
Ok an implementation is in #193 and that will be released on monday. The HCL looks slightly different compared to my last comment: data "k8s_kyverno_io_cluster_policy_v1_manifest" "example" {
metadata = {
name = "some-name"
}
spec = {
rules = [
{
name = "some-rule"
context = [
{
name = "response"
api_call = {
method = "POST"
data = [
{
key = "images"
value = jsonencode("{{images}}") # <-- use jsonencode to wrap any JSON value
},
]
}
}
]
}
]
}
} You don't strictly have to use |
Not entirely sure why the automated release workflow did not even start but I just triggered it manually and the new version is live. See https://registry.terraform.io/providers/metio/k8s/latest/docs/data-sources/kyverno_io_cluster_policy_v1_manifest for docs |
Relevant Terraform configuration
Relevant log output
The text was updated successfully, but these errors were encountered: