We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform version: 1.7.5 Kubernetes provider version: (default for this terraform) Kubernetes version: 1.29.3
... resource "null_resource" "wait_for_secret" { depends_on = [ module.ccp ] provisioner "local-exec" { interpreter = ["/bin/bash", "-c"] environment = { KUBECONFIG = var.kubeconfig } command = <<EOT #!/bin/bash set -e namespace=test secret_name=test retries=40 delay=5 count=0 while [[ $count -lt $retries ]] do secret=$(kubectl get secret -n $namespace $secret_name --ignore-not-found) if [[ -n "$secret" ]]; then echo "Secret $secret_name found in namespace $namespace." exit 0 fi echo "Secret $secret_name not found in namespace $namespace. Retrying..." sleep $delay count=$((count + 1)) done echo "Secret $secret_name not found in namespace $namespace after $retries retries, or it does not have rootPassword. Exiting..." exit 1 EOT } triggers = { always_run = timestamp() } } data "kubernetes_secret_v1" "vaultauth" { depends_on = [ null_resource.wait_for_vault_token ] metadata { name = "test" namespace = "test" } binary_data = { token = "" } } output "vault_token" { value = base64decode(data.kubernetes_secret_v1.vaultauth.binary_data.token) sensitive = true }
terraform apply
if the secret already exists, the issue remains.
if terraform refresh is ran, then output is corrected to the expected value
terraform refresh
token should not be empty
token is empty
It seems to me that this behavior is only present when the kubernetes_secret has:
depends_on = [ null_resource.wait_for_vault_token ]
If the secret exists, and depends_on is removed, then the token is displayed as expected.
It seems to me this issue is related: #1221
I use "external" data source to fetch the secret, similar to what is described in the comment of the above issue: #1221 (comment)
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Terraform Version, Provider Version and Kubernetes Version
Affected Resource(s)
Terraform Configuration Files
Steps to Reproduce
terraform apply
. While applying(wait_for_secret is running), create a "test" kubernetes secret, with .data.token set to somethingif the secret already exists, the issue remains.
if
terraform refresh
is ran, then output is corrected to the expected valueExpected Behavior
token should not be empty
Actual Behavior
token is empty
Important Factoids
It seems to me that this behavior is only present when the kubernetes_secret has:
If the secret exists, and depends_on is removed, then the token is displayed as expected.
References
It seems to me this issue is related: #1221
Workaround
I use "external" data source to fetch the secret, similar to what is described in the comment of the above issue:
#1221 (comment)
Community Note
The text was updated successfully, but these errors were encountered: