Version for certain charts is not known at plan time when using experiments.manifest = true

[mlucic]

Terraform, Provider, Kubernetes and Helm Versions

Terraform version: v1.5.5
Provider version: v2.17.0
Kubernetes version: v1.28.10+k3s1

Affected Resource(s)

• helm_release

Terraform Configuration Files

providers.tf:

terraform {
  backend "kubernetes" {
    secret_suffix = "test"
    config_path   = "~/.kube/config"
  }
  required_providers {
    kubernetes = {
      source  = "kubernetes"
      version = "~> 2.26.0"
    }
    helm = {
      source  = "helm"
      version = "~> 2.17.0"
    }
  }
}

provider "kubernetes" {
  config_path = "~/.kube/config"
}
provider "helm" {
  kubernetes {
    config_path = "~/.kube/config"
  }
  experiments {
    manifest = true
  }
}

prometheus.tf:

resource "random_password" "prometheus_random_password" {
  length  = 16
  special = true
}

resource "helm_release" "prometheus_helm" {
  chart            = "prometheus"
  name             = "test-prometheus"
  version          = "25.24.1"
  repository       = "https://prometheus-community.github.io/helm-charts"
  create_namespace = false

  values = [
    yamlencode({
      server = {
        name = random_password.prometheus_random_password.result
      }
    }),
  ]
}

Debug Output

$ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # helm_release.prometheus_helm will be created
  + resource "helm_release" "prometheus_helm" {
      + atomic                     = false
      + chart                      = "prometheus"
      + cleanup_on_fail            = false
      + create_namespace           = false
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = false
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 0
      + metadata                   = (known after apply)
      + name                       = "test-prometheus"
      + namespace                  = "default"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://prometheus-community.github.io/helm-charts"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = (known after apply)
      + verify                     = false
      + version                    = (known after apply)
      + wait                       = true
      + wait_for_jobs              = false
    }

  # random_password.prometheus_random_password will be created
  + resource "random_password" "prometheus_random_password" {
      + bcrypt_hash = (sensitive value)
      + id          = (known after apply)
      + length      = 16
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (sensitive value)
      + special     = true
      + upper       = true
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Steps to Reproduce

1. Run terraform plan on the files above

The key things here that are causing the issue are 1. this specific chart (I've tried the bitnami postgres chart for example and the behavior is normal), 2. experiments.manifest being set to true, 3. referencing another resource for the values

Expected Behavior

The helm_release version should be known at plan time

Actual Behavior

The helm_release version is not known at plan time

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[github-actions]

Marking this issue as stale due to inactivity. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. This helps our maintainers find and focus on the active issues. Maintainers may also remove the stale label at their discretion. Thank you!

[mlucic]

This is still an issue, in fact it's worse in 3.x where now I'm seeing manifest = (known after apply) for all the charts