Terraform-provider-helm: cert-manager arguments not preserved when passing to helm_release

Created on 13 Oct 2020  路  2Comments  路  Source: hashicorp/terraform-provider-helm

Terraform Version and Provider Version

$ terraform -v
Terraform v0.13.2
+ provider registry.terraform.io/hashicorp/github v2.9.2
+ provider registry.terraform.io/hashicorp/google v3.40.0
+ provider registry.terraform.io/hashicorp/google-beta v3.40.0
+ provider registry.terraform.io/hashicorp/helm v1.3.2
+ provider registry.terraform.io/hashicorp/kubernetes v1.10.0
+ provider registry.terraform.io/hashicorp/local v1.4.0
+ provider registry.terraform.io/hashicorp/null v2.1.2
+ provider registry.terraform.io/hashicorp/random v2.2.1
+ provider registry.terraform.io/hashicorp/tls v2.2.0

Your version of Terraform is out of date! The latest version
is 0.13.4. You can update by downloading from https://www.terraform.io/downloads.html

Provider Version

  • provider registry.terraform.io/hashicorp/helm v1.3.2

Affected Resource(s)

  • helm_release

Terraform Configuration Files

variable "extraArgs" {
  description = "List of additional arguments for cert-manager"
  type        = list
  default = [
    "--dns01-recursive-nameservers-only",
    "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53",
  ]
}

resource helm_release "cert-manager" {
  set {
    name  = "extraArgs"
    // https://github.com/hashicorp/terraform-provider-helm/issues/92#issuecomment-407807183
    value = "{${join(",", var.extraArgs)}}"
  }
}

Debug Output

Panic Output

N/A

Expected Behavior

When viewing args in the pod description, should retain original formatting.

    Args:
      --v=2
      --cluster-resource-namespace=$(POD_NAMESPACE)
      --leader-election-namespace=kube-system
      --dns01-recursive-nameservers-only
      --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53

Actual Behavior

Original format is not preserved

    Args:
      --v=2
      --cluster-resource-namespace=$(POD_NAMESPACE)
      --leader-election-namespace=kube-system
      --dns01-recursive-nameservers-only
      --dns01-recursive-nameservers=8.8.8.8:53
      1.1.1.1:53

Steps to Reproduce

  1. terraform apply

Important Factoids

I'm not really sure that this is related to cert-manager as I've seen this behavior in other helm charts.

When I try to escape the items and surround with quotes, I get a different error. Instead of a silent failure this doesn't allow the state the complete and it just hangs:

variable "extraArgs" {
  description = "List of additional arguments for cert-manager"
  type        = list
  default = [
    "--dns01-recursive-nameservers-only",
    "--dns01-recursive-nameservers=\"8.8.8.8:53,1.1.1.1:53\"",
  ]
}
    Args:
      --v=2
      --cluster-resource-namespace=$(POD_NAMESPACE)
      --leader-election-namespace=kube-system
      --dns01-recursive-nameservers-only
      --dns01-recursive-nameservers="8.8.8.8:53
      1.1.1.1:53"



md5-b481bb485f2c1e417b4ab1bbee5d218a



```bash
Error: Invalid escape sequence

On variables.tf
line 36: The symbol "," is not a valid escape sequence selector.

References

N/A

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
bug

Most helpful comment

@jrhouston that's definitely it. Your explanation is dead on, but it feels bad because it's not something that can be 'fixed', just something to know/be aware of while using the provider. I can confirm this was also an issue with service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags in ingress-nginx, but your solution solved it.

I wonder if this is something that can instead be added as a documentation snippet regarding the set values function, as a quick note, If there are commas in your set values, they must be double escaped using '\' to avoid both terraform and helm parsing issues.

All 2 comments

Thanks for opening this @wimo7083. I had a play around with this, and I found a solution but it is slightly confusing. This is a weird artifact of us passing along values from terraform to be parsed by by Helm's strvals module.

Solution: If you double escape the comma it seems to work: "--dns01-recursive-nameservers="8.8.8.8:53\\,1.1.1.1:53"

You're getting the error with only one slash because \, is not a valid escape sequence in Terraform, but it _is_ a valid escape sequence when Helm parses the value. Helm actually implements its own parser for this, which lets you escape the ,. So you need to escape your escape so terraform doesn't think it's an escape sequence so it can be passed onto Helm. 馃く

@jrhouston that's definitely it. Your explanation is dead on, but it feels bad because it's not something that can be 'fixed', just something to know/be aware of while using the provider. I can confirm this was also an issue with service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags in ingress-nginx, but your solution solved it.

I wonder if this is something that can instead be added as a documentation snippet regarding the set values function, as a quick note, If there are commas in your set values, they must be double escaped using '\' to avoid both terraform and helm parsing issues.

Was this page helpful?
0 / 5 - 0 ratings