Skip to content

[terraform] Fix kubernetes_resources defaults#62320

Merged
bernardjkim merged 9 commits intomasterfrom
bernard/fix-kube-resources-defaults
Dec 18, 2025
Merged

[terraform] Fix kubernetes_resources defaults#62320
bernardjkim merged 9 commits intomasterfrom
bernard/fix-kube-resources-defaults

Conversation

@bernardjkim
Copy link
Copy Markdown
Contributor

@bernardjkim bernardjkim commented Dec 16, 2025

This PR implements a plan_modifier for role.spec.allow.kubernetes_resources to handle default value changes across role versions.

Without this modifier, users have had trouble upgrading between role versions using the Terraform provider. The new plan modifier ensures that defaults for kubernetes_resources are recomputed during version upgrades.

For example, v7 roles provide the following default values for kubernetes_resources:

kubernetes_resources:
- kind: '*'
  name: '*'
  namespace: '*'
  verbs:
  - '*'

The v8 role now requires api_group and uses the following default:

kubernetes_resources:
- api_group: '*'
  kind: '*'
  name: '*'
  namespace: '*'
  verbs:
  - '*'

Without this new plan modifier, users will not be able to upgrade from v7 to v8 without manually specifying the kubernetes_resources.api_group within the Terraform config. This change should also fix previous issues with even older role versions.

Changelog: Added a plan modifier to recompute kubernetes_resources defaults during role version upgrades, fixing Terraform role upgrade issues.

@bernardjkim bernardjkim added terraform Legacy Terraform label backport/branch/v18 labels Dec 16, 2025
@bernardjkim bernardjkim mentioned this pull request Dec 16, 2025
Merged
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from tigrato December 18, 2025 08:55
Base automatically changed from bernard/pr-buddy-61311 to master December 18, 2025 20:51
@bernardjkim bernardjkim added this pull request to the merge queue Dec 18, 2025
Merged via the queue into master with commit a4d5e9e Dec 18, 2025
46 checks passed
@bernardjkim bernardjkim deleted the bernard/fix-kube-resources-defaults branch December 18, 2025 22:35
@backport-bot-workflows
Copy link
Copy Markdown
Contributor

backport-bot-workflows bot commented Dec 18, 2025

@bernardjkim See the table below for backport results.

Branch Result
branch/v18 Create PR

bernardjkim added a commit that referenced this pull request Dec 19, 2025
@bernardjkim @jamesgoodhouse
[terraform] Fix kubernetes_resources defaults (#62320)
936c559 
* [terraform] add v8 support to role resource

* Remove V8_SUPPORT_CHANGES.md & update docs

* Update kube_resources tests

* Update tests to use v8 roles

* Implement plan_modifier for kubernetes_resources

* make gen-tfschema

* Re-enable TestRoleVersionUpgrade test

* Revert computed_fields

---------

Co-authored-by: James Goodhouse <4684194+jamesgoodhouse@users.noreply.github.com>
@bernardjkim bernardjkim mentioned this pull request Dec 19, 2025
Merged
@hugoShaka hugoShaka mentioned this pull request Dec 23, 2025
Closed
github-merge-queue bot pushed a commit that referenced this pull request Jan 5, 2026
@bernardjkim @jamesgoodhouse
[terraform] Fix kubernetes_resources defaults (#62320) (#62417)
c3a08d6 
* [terraform] add v8 support to role resource

* Remove V8_SUPPORT_CHANGES.md & update docs

* Update kube_resources tests

* Update tests to use v8 roles

* Implement plan_modifier for kubernetes_resources

* make gen-tfschema

* Re-enable TestRoleVersionUpgrade test

* Revert computed_fields

---------

Co-authored-by: James Goodhouse <4684194+jamesgoodhouse@users.noreply.github.com>
21KennethTran pushed a commit that referenced this pull request Jan 6, 2026
@bernardjkim @jamesgoodhouse @21KennethTran
[terraform] Fix kubernetes_resources defaults (#62320)
33650a3 
* [terraform] add v8 support to role resource

* Remove V8_SUPPORT_CHANGES.md & update docs

* Update kube_resources tests

* Update tests to use v8 roles

* Implement plan_modifier for kubernetes_resources

* make gen-tfschema

* Re-enable TestRoleVersionUpgrade test

* Revert computed_fields

---------

Co-authored-by: James Goodhouse <4684194+jamesgoodhouse@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcoandredinis marcoandredinis marcoandredinis approved these changes

@hugoShaka hugoShaka hugoShaka approved these changes

Assignees

No one assigned

Labels

backport/branch/v18 size/md terraform Legacy Terraform label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bernardjkim @marcoandredinis @hugoShaka @jamesgoodhouse