Support empty TLS blocks in Ingress resource (#2344)

andremarianiello · web-flow · commit a7809cde29d5 · 2023-12-05T09:08:24.000+01:00
diff --git a/.changelog/2344.txt b/.changelog/2344.txt
@@ -0,0 +1,7 @@
+```release-note:bug
+`resource/kubernetes_ingress`: Fix an issue where the empty `tls` attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration.
+```
+
+```release-note:bug
+`resource/kubernetes_ingress_v1`: Fix an issue where the empty `tls` attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration.
+```
diff --git a/kubernetes/provider_ignore_metadata_test.go b/kubernetes/provider_ignore_metadata_test.go
@@ -44,8 +44,7 @@ func TestAccKubernetesIgnoreKubernetesMetadata_basic(t *testing.T) {
 }
 
 func testAccKubernetesIgnoreKubernetesMetadataProviderConfig(namespaceName string, ignoreKubernetesMetadata string) string {
-	return fmt.Sprintf(`
-provider "kubernetes" {
+	return fmt.Sprintf(`provider "kubernetes" {
   ignore_annotations = [
     "%s",
   ]
diff --git a/kubernetes/resource_kubernetes_ingress_v1_test.go b/kubernetes/resource_kubernetes_ingress_v1_test.go
@@ -164,6 +164,39 @@ func TestAccKubernetesIngressV1_TLS(t *testing.T) {
 	})
 }
 
+func TestAccKubernetesIngressV1_emptyTLS(t *testing.T) {
+	var conf networking.Ingress
+	name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	resourceName := "kubernetes_ingress_v1.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			skipIfClusterVersionLessThan(t, "1.22.0")
+		},
+		IDRefreshName:     resourceName,
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckKubernetesIngressV1Destroy,
+		IDRefreshIgnore:   []string{"metadata.0.resource_version"},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesIngressV1Config_emptyTLS(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckKubernetesIngressV1Exists(resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "metadata.0.name", name),
+					resource.TestCheckResourceAttrSet(resourceName, "metadata.0.generation"),
+					resource.TestCheckResourceAttrSet(resourceName, "metadata.0.resource_version"),
+					resource.TestCheckResourceAttrSet(resourceName, "metadata.0.uid"),
+					resource.TestCheckResourceAttr(resourceName, "spec.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "spec.0.tls.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "spec.0.tls.0.hosts.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "spec.0.tls.0.secret_name", ""),
+				),
+			},
+		},
+	})
+}
+
 func TestAccKubernetesIngressV1_InternalKey(t *testing.T) {
 	var conf networking.Ingress
 	name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
@@ -541,6 +574,26 @@ func testAccKubernetesIngressV1Config_TLS_modified(name string) string {
 }`, name)
 }
 
+func testAccKubernetesIngressV1Config_emptyTLS(name string) string {
+	return fmt.Sprintf(`resource "kubernetes_ingress_v1" "test" {
+  metadata {
+    name = "%s"
+  }
+  spec {
+    default_backend {
+      service {
+        name = "app1"
+        port {
+          number = 443
+        }
+      }
+    }
+    tls {
+    }
+  }
+}`, name)
+}
+
 func testAccKubernetesIngressV1Config_internalKey(name string) string {
 	return fmt.Sprintf(`resource "kubernetes_ingress_v1" "test" {
   metadata {
diff --git a/kubernetes/resource_kubernetes_ingress_v1beta1_test.go b/kubernetes/resource_kubernetes_ingress_v1beta1_test.go
@@ -119,6 +119,39 @@ func TestAccKubernetesIngressV1Beta1_TLS(t *testing.T) {
 	})
 }
 
+func TestAccKubernetesIngressV1Beta1_emptyTLS(t *testing.T) {
+	var conf api.Ingress
+	name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	resourceName := "kubernetes_ingress.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			skipIfClusterVersionGreaterThanOrEqual(t, "1.22.0")
+		},
+		IDRefreshName:     resourceName,
+		IDRefreshIgnore:   []string{"metadata.0.resource_version"},
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckKubernetesIngressV1Beta1Destroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesIngressV1Beta1Config_TLS(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckKubernetesIngressV1Beta1Exists(resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "metadata.0.name", name),
+					resource.TestCheckResourceAttrSet(resourceName, "metadata.0.generation"),
+					resource.TestCheckResourceAttrSet(resourceName, "metadata.0.resource_version"),
+					resource.TestCheckResourceAttrSet(resourceName, "metadata.0.uid"),
+					resource.TestCheckResourceAttr(resourceName, "spec.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "spec.0.tls.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "spec.0.tls.0.hosts.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "spec.0.tls.0.secret_name", ""),
+				),
+			},
+		},
+	})
+}
+
 func TestAccKubernetesIngressV1Beta1_InternalKey(t *testing.T) {
 	var conf api.Ingress
 	name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
@@ -194,7 +227,6 @@ func TestAccKubernetesIngressV1Beta1_WaitForLoadBalancerGoogleCloud(t *testing.T
 
 func testAccCheckKubernetesIngressV1Beta1Destroy(s *terraform.State) error {
 	conn, err := testAccProvider.Meta().(KubeClientsets).MainClientset()
-
 	if err != nil {
 		return err
 	}
@@ -309,6 +341,22 @@ func testAccKubernetesIngressV1Beta1Config_TLS(name string) string {
 }`, name)
 }
 
+func testAccKubernetesIngressV1Beta1Config_emptyTLS(name string) string {
+	return fmt.Sprintf(`resource "kubernetes_ingress" "test" {
+  metadata {
+    name = "%s"
+  }
+  spec {
+    backend {
+      service_name = "app1"
+      service_port = 443
+    }
+    tls {
+    }
+  }
+}`, name)
+}
+
 func testAccKubernetesIngressV1Beta1Config_TLS_modified(name string) string {
 	return fmt.Sprintf(`resource "kubernetes_ingress" "test" {
   metadata {
diff --git a/kubernetes/resource_kubernetes_mutating_webhook_configuration_test.go b/kubernetes/resource_kubernetes_mutating_webhook_configuration_test.go
@@ -216,8 +216,7 @@ func testAccCheckKubernetesMutatingWebhookConfigurationExists(n string) resource
 }
 
 func testAccKubernetesMutatingWebhookConfigurationConfig_basic(name string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_mutating_webhook_configuration" "test" {
+	return fmt.Sprintf(`resource "kubernetes_mutating_webhook_configuration" "test" {
   metadata {
     name = %q
   }
@@ -254,8 +253,7 @@ resource "kubernetes_mutating_webhook_configuration" "test" {
 }
 
 func testAccKubernetesMutatingWebhookConfigurationConfig_modified(name string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_mutating_webhook_configuration" "test" {
+	return fmt.Sprintf(`resource "kubernetes_mutating_webhook_configuration" "test" {
   metadata {
     name = %q
   }
@@ -306,8 +304,7 @@ resource "kubernetes_mutating_webhook_configuration" "test" {
 }
 
 func testAccKubernetesMutatingWebhookConfigurationConfig_without_rules(name string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_mutating_webhook_configuration" "test" {
+	return fmt.Sprintf(`resource "kubernetes_mutating_webhook_configuration" "test" {
   metadata {
     name = %q
   }
diff --git a/kubernetes/resource_kubernetes_node_taint_test.go b/kubernetes/resource_kubernetes_node_taint_test.go
@@ -155,8 +155,7 @@ func testAccKubernetesNodeTaintExists(n string) resource.TestCheckFunc {
 }
 
 func testAccKubernetesNodeTaintConfig_basic() string {
-	return fmt.Sprintf(`
-data "kubernetes_nodes" "test" {}
+	return fmt.Sprintf(`data "kubernetes_nodes" "test" {}
 
 resource "kubernetes_node_taint" "test" {
   metadata {
@@ -173,8 +172,7 @@ resource "kubernetes_node_taint" "test" {
 }
 
 func testAccKubernetesNodeTaintConfig_multipleBasic() string {
-	return fmt.Sprintf(`
-data "kubernetes_nodes" "test" {}
+	return fmt.Sprintf(`data "kubernetes_nodes" "test" {}
 
 resource "kubernetes_node_taint" "test" {
   metadata {
@@ -201,8 +199,7 @@ resource "kubernetes_node_taint" "test" {
 }
 
 func testAccKubernetesNodeTaintConfig_updateTaint() string {
-	return fmt.Sprintf(`
-data "kubernetes_nodes" "test" {}
+	return fmt.Sprintf(`data "kubernetes_nodes" "test" {}
 
 resource "kubernetes_node_taint" "test" {
   metadata {
@@ -229,8 +226,7 @@ resource "kubernetes_node_taint" "test" {
 }
 
 func testAccKubernetesNodeTaintConfig_removeTaint() string {
-	return fmt.Sprintf(`
-data "kubernetes_nodes" "test" {}
+	return fmt.Sprintf(`data "kubernetes_nodes" "test" {}
 
 resource "kubernetes_node_taint" "test" {
   metadata {
diff --git a/kubernetes/resource_kubernetes_pod_v1_test.go b/kubernetes/resource_kubernetes_pod_v1_test.go
@@ -1949,8 +1949,7 @@ func testAccKubernetesPodV1ConfigWithSecurityContextRunAsGroup(podName, imageNam
 }
 
 func testAccKubernetesPodV1ConfigWithSecurityContextSeccompProfile(podName, imageName, seccompProfileType string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_pod_v1" "test" {
+	return fmt.Sprintf(`resource "kubernetes_pod_v1" "test" {
   metadata {
     labels = {
       app = "pod_label"
@@ -1982,8 +1981,7 @@ resource "kubernetes_pod_v1" "test" {
 }
 
 func testAccKubernetesPodV1ConfigWithSecurityContextSeccompProfileLocalhost(podName, imageName string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_pod_v1" "test" {
+	return fmt.Sprintf(`resource "kubernetes_pod_v1" "test" {
   metadata {
     labels = {
       app = "pod_label"
diff --git a/kubernetes/resource_kubernetes_validating_webhook_configuration_v1_test.go b/kubernetes/resource_kubernetes_validating_webhook_configuration_v1_test.go
@@ -198,8 +198,7 @@ func testAccCheckKubernetesValidatingWebhookConfigurationV1Exists(n string) reso
 }
 
 func testAccKubernetesValidatingWebhookConfigurationV1Config_basic(name string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_validating_webhook_configuration_v1" "test" {
+	return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration_v1" "test" {
   metadata {
     name = %q
   }
@@ -235,8 +234,7 @@ resource "kubernetes_validating_webhook_configuration_v1" "test" {
 }
 
 func testAccKubernetesValidatingWebhookConfigurationV1Config_modified(name string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_validating_webhook_configuration_v1" "test" {
+	return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration_v1" "test" {
   metadata {
     name = %q
   }
@@ -291,8 +289,7 @@ resource "kubernetes_validating_webhook_configuration_v1" "test" {
 }
 
 func testAccKubernetesValidatingWebhookConfigurationV1Config_without_rules(name string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_validating_webhook_configuration_v1" "test" {
+	return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration_v1" "test" {
   metadata {
     name = %q
   }
diff --git a/kubernetes/resource_kubernetes_validating_webhook_configuration_v1beta1_test.go b/kubernetes/resource_kubernetes_validating_webhook_configuration_v1beta1_test.go
@@ -192,8 +192,7 @@ func testAccCheckKubernetesValidatingWebhookConfigurationV1Beta1Exists(n string)
 }
 
 func testAccKubernetesValidatingWebhookConfigurationV1Beta1Config_basic(name string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_validating_webhook_configuration" "test" {
+	return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration" "test" {
   metadata {
     name = %q
   }
@@ -229,8 +228,7 @@ resource "kubernetes_validating_webhook_configuration" "test" {
 }
 
 func testAccKubernetesValidatingWebhookConfigurationV1Beta1Config_modified(name string) string {
-	return fmt.Sprintf(`
-resource "kubernetes_validating_webhook_configuration" "test" {
+	return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration" "test" {
   metadata {
     name = %q
   }
diff --git a/kubernetes/structure_ingress_spec.go b/kubernetes/structure_ingress_spec.go
@@ -194,12 +194,15 @@ func expandIngressBackend(l []interface{}) *v1beta1.IngressBackend {
 }
 
 func expandIngressTLS(l []interface{}) []v1beta1.IngressTLS {
-	if len(l) == 0 || l[0] == nil {
+	if len(l) == 0 {
 		return nil
 	}
 
 	tlsList := make([]v1beta1.IngressTLS, len(l))
 	for i, t := range l {
+		if t == nil {
+			t = map[string]interface{}{}
+		}
 		in := t.(map[string]interface{})
 		obj := v1beta1.IngressTLS{}
 
diff --git a/kubernetes/structure_ingress_spec_v1.go b/kubernetes/structure_ingress_spec_v1.go
@@ -252,12 +252,15 @@ func expandIngressV1Backend(l []interface{}) *networking.IngressBackend {
 }
 
 func expandIngressV1TLS(l []interface{}) []networking.IngressTLS {
-	if len(l) == 0 || l[0] == nil {
+	if len(l) == 0 {
 		return nil
 	}
 
 	tlsList := make([]networking.IngressTLS, len(l))
 	for i, t := range l {
+		if t == nil {
+			t = map[string]interface{}{}
+		}
 		in := t.(map[string]interface{})
 		obj := networking.IngressTLS{}
 

Original file line number	Diff line number	Diff line change
`@@ -44,8 +44,7 @@ func TestAccKubernetesIgnoreKubernetesMetadata_basic(t *testing.T) {`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`func testAccKubernetesIgnoreKubernetesMetadataProviderConfig(namespaceName string, ignoreKubernetesMetadata string) string {`
`47`		- return fmt.Sprintf(`
`48`		`-provider "kubernetes" {`
	`47`	+ return fmt.Sprintf(`provider "kubernetes" {
`49`	`48`	`ignore_annotations = [`
`50`	`49`	`"%s",`
`51`	`50`	`]`
Original file line number	Diff line number	Diff line change
`@@ -216,8 +216,7 @@ func testAccCheckKubernetesMutatingWebhookConfigurationExists(n string) resource`
`216`	`216`	`}`
`217`	`217`
`218`	`218`	`func testAccKubernetesMutatingWebhookConfigurationConfig_basic(name string) string {`
`219`		- return fmt.Sprintf(`
`220`		`-resource "kubernetes_mutating_webhook_configuration" "test" {`
	`219`	+ return fmt.Sprintf(`resource "kubernetes_mutating_webhook_configuration" "test" {
`221`	`220`	`metadata {`
`222`	`221`	`name = %q`
`223`	`222`	`}`
`@@ -254,8 +253,7 @@ resource "kubernetes_mutating_webhook_configuration" "test" {`
`254`	`253`	`}`
`255`	`254`
`256`	`255`	`func testAccKubernetesMutatingWebhookConfigurationConfig_modified(name string) string {`
`257`		- return fmt.Sprintf(`
`258`		`-resource "kubernetes_mutating_webhook_configuration" "test" {`
	`256`	+ return fmt.Sprintf(`resource "kubernetes_mutating_webhook_configuration" "test" {
`259`	`257`	`metadata {`
`260`	`258`	`name = %q`
`261`	`259`	`}`
`@@ -306,8 +304,7 @@ resource "kubernetes_mutating_webhook_configuration" "test" {`
`306`	`304`	`}`
`307`	`305`
`308`	`306`	`func testAccKubernetesMutatingWebhookConfigurationConfig_without_rules(name string) string {`
`309`		- return fmt.Sprintf(`
`310`		`-resource "kubernetes_mutating_webhook_configuration" "test" {`
	`307`	+ return fmt.Sprintf(`resource "kubernetes_mutating_webhook_configuration" "test" {
`311`	`308`	`metadata {`
`312`	`309`	`name = %q`
`313`	`310`	`}`
Original file line number	Diff line number	Diff line change
`@@ -198,8 +198,7 @@ func testAccCheckKubernetesValidatingWebhookConfigurationV1Exists(n string) reso`
`198`	`198`	`}`
`199`	`199`
`200`	`200`	`func testAccKubernetesValidatingWebhookConfigurationV1Config_basic(name string) string {`
`201`		- return fmt.Sprintf(`
`202`		`-resource "kubernetes_validating_webhook_configuration_v1" "test" {`
	`201`	+ return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration_v1" "test" {
`203`	`202`	`metadata {`
`204`	`203`	`name = %q`
`205`	`204`	`}`
`@@ -235,8 +234,7 @@ resource "kubernetes_validating_webhook_configuration_v1" "test" {`
`235`	`234`	`}`
`236`	`235`
`237`	`236`	`func testAccKubernetesValidatingWebhookConfigurationV1Config_modified(name string) string {`
`238`		- return fmt.Sprintf(`
`239`		`-resource "kubernetes_validating_webhook_configuration_v1" "test" {`
	`237`	+ return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration_v1" "test" {
`240`	`238`	`metadata {`
`241`	`239`	`name = %q`
`242`	`240`	`}`
`@@ -291,8 +289,7 @@ resource "kubernetes_validating_webhook_configuration_v1" "test" {`
`291`	`289`	`}`
`292`	`290`
`293`	`291`	`func testAccKubernetesValidatingWebhookConfigurationV1Config_without_rules(name string) string {`
`294`		- return fmt.Sprintf(`
`295`		`-resource "kubernetes_validating_webhook_configuration_v1" "test" {`
	`292`	+ return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration_v1" "test" {
`296`	`293`	`metadata {`
`297`	`294`	`name = %q`
`298`	`295`	`}`
Original file line number	Diff line number	Diff line change
`@@ -192,8 +192,7 @@ func testAccCheckKubernetesValidatingWebhookConfigurationV1Beta1Exists(n string)`
`192`	`192`	`}`
`193`	`193`
`194`	`194`	`func testAccKubernetesValidatingWebhookConfigurationV1Beta1Config_basic(name string) string {`
`195`		- return fmt.Sprintf(`
`196`		`-resource "kubernetes_validating_webhook_configuration" "test" {`
	`195`	+ return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration" "test" {
`197`	`196`	`metadata {`
`198`	`197`	`name = %q`
`199`	`198`	`}`
`@@ -229,8 +228,7 @@ resource "kubernetes_validating_webhook_configuration" "test" {`
`229`	`228`	`}`
`230`	`229`
`231`	`230`	`func testAccKubernetesValidatingWebhookConfigurationV1Beta1Config_modified(name string) string {`
`232`		- return fmt.Sprintf(`
`233`		`-resource "kubernetes_validating_webhook_configuration" "test" {`
	`231`	+ return fmt.Sprintf(`resource "kubernetes_validating_webhook_configuration" "test" {
`234`	`232`	`metadata {`
`235`	`233`	`name = %q`
`236`	`234`	`}`
Original file line number	Diff line number	Diff line change
`@@ -194,12 +194,15 @@ func expandIngressBackend(l []interface{}) *v1beta1.IngressBackend {`
`194`	`194`	`}`
`195`	`195`
`196`	`196`	`func expandIngressTLS(l []interface{}) []v1beta1.IngressTLS {`
`197`		`- if len(l) == 0 \|\| l[0] == nil {`
	`197`	`+ if len(l) == 0 {`
`198`	`198`	`return nil`
`199`	`199`	`}`
`200`	`200`
`201`	`201`	`tlsList := make([]v1beta1.IngressTLS, len(l))`
`202`	`202`	`for i, t := range l {`
	`203`	`+ if t == nil {`
	`204`	`+ t = map[string]interface{}{}`
	`205`	`+ }`
`203`	`206`	`in := t.(map[string]interface{})`
`204`	`207`	`obj := v1beta1.IngressTLS{}`
`205`	`208`
Original file line number	Diff line number	Diff line change
`@@ -252,12 +252,15 @@ func expandIngressV1Backend(l []interface{}) *networking.IngressBackend {`
`252`	`252`	`}`
`253`	`253`
`254`	`254`	`func expandIngressV1TLS(l []interface{}) []networking.IngressTLS {`
`255`		`- if len(l) == 0 \|\| l[0] == nil {`
	`255`	`+ if len(l) == 0 {`
`256`	`256`	`return nil`
`257`	`257`	`}`
`258`	`258`
`259`	`259`	`tlsList := make([]networking.IngressTLS, len(l))`
`260`	`260`	`for i, t := range l {`
	`261`	`+ if t == nil {`
	`262`	`+ t = map[string]interface{}{}`
	`263`	`+ }`
`261`	`264`	`in := t.(map[string]interface{})`
`262`	`265`	`obj := networking.IngressTLS{}`
`263`	`266`