Passing values from remoteState to source template file of kubernetes unit

[kinseii]

Problem with passing values from remoteState to source template file of kubernetes unit.

---
kind: StackTemplate
name: qwerty
units:
  - name: qwerty-credentials
    type: tfmodule
    source: git::ssh://git@qwerty.qwerty/tf-module-qwerty//?ref=v0.1.0
    inputs:
      key_vault: {{ insertYAML .variables.key_vault }}
      secret_name_map:
        username: username
        password: password

  - name: qwerty-creds-k8s-secret
    type: kubernetes
    provider_conf:
      config_context: {{ .variables.cluster_name }}
    source: ./../../_templates/qwerty-creds-k8s-secret.yaml
    depends_on: this.qwerty-credentials

{{- $NAMESPACE := .variables.qwerty_namespace -}}
{{- $USERNAME := remoteState "this.qwerty-credentials.secret_values_map[\"username\"]" -}}
{{- $PASSWORD := remoteState "this.qwerty-credentials.secret_values_map[\"password\"]" -}}
---
apiVersion: v1
kind: Secret
metadata:
  name: qwerty-credentials
  namespace: {{ $NAMESPACE }}
data:
  username: {{ $USERNAME | b64enc }}
  password: {{ $PASSWORD | b64enc }}
type: Opaque

The qwerty-credentials unit gets the strings from the Key Vault and passes it to the qwerty-credentials-k8s-secret unit to create a secret with those strings. After deploy we get the following error:

00:02:20 [ERROR] unit: 'qwerty-aks-us-1.qwerty-creds-k8s-secret':
exit status 1, error output:
 ╷
│ Error: Reference to undeclared resource
│
│   on main.tf line 10, in resource "kubernetes_secret" "qwerty_credentials":
│   10:     "username" = data.terraform_remote_state.qwerty-aks-us-1-qwerty-credentials.outputs.secret_values_map["username"]
│
│ A data resource "terraform_remote_state"
│ "qwerty-aks-us-1-qwerty-credentials" has not been declared in the
│ root module.
╵
╷
│ Error: Reference to undeclared resource
│
│   on main.tf line 11, in resource "kubernetes_secret" "qwerty_credentials":
│   11:     "password" = data.terraform_remote_state.qwerty-aks-us-1-qwerty-credentials.outputs.secret_values_map["password"]
│
│ A data resource "terraform_remote_state"
│ "qwerty-aks-us-1-qwerty-credentials" has not been declared in the
│ root module.

I looked at the ./cluster.dev/cache directory and there are two .tf files created there. One is a backend definition for saving the state file and the other is this one:

provider "kubernetes" {
  config_context = "qwerty-aks-us-1"
}
resource "kubernetes_secret" "qwerty_credentials" {
  metadata {
    name      = "qwerty-credentials"
    namespace = "qwerty"
  }
  data = {
    "username" = data.terraform_remote_state.qwerty-aks-us-1-qwerty-credentials.outputs.secret_values_map["username"]
    "password" = data.terraform_remote_state.qwerty-aks-us-1-qwerty-credentials.outputs.secret_values_map["password"]
  }
  type = "Opaque"
}

So it seems that the kubernetes module, when creating a secret and passing a value to it from the state file via the remoteState function, is not creating the necessary terraform data-source and possibly other resources needed to do so.

Cluster.dev Version:
cdev version v0.9.5

[romanprog]

Interesting problem, should works. I'll check

[romanprog]

I understood what the problem. Unfortunately, remoteState reference functions do not work with other templating functions.

username: {{ $USERNAME | b64enc }}

Problem is here | b64enc.
Data processing in templating occurs at the initial stage before the generation of the terraform code and even before the processing of the output function, which will also not work in this case. And in the case of remoteState, data processing is generally on the terraform side. Therefore, no go-template functions are allowed in pipes after insertYaml, remoteState and output. I also encountered this problem more than once, but it is not possible to solve it even for output. Cdev is limited by the yaml syntax and templating process. The implementation of remoteState/output functions is quite complex. I recommend use local terraform wrapper modules for such data transformations.

[kinseii]

I understood what the problem. Unfortunately, remoteState reference functions do not work with other templating functions.

username: {{ $USERNAME | b64enc }}

Problem is here | b64enc. Data processing in templating occurs at the initial stage before the generation of the terraform code and even before the processing of the output function, which will also not work in this case. And in the case of remoteState, data processing is generally on the terraform side. Therefore, no go-template functions are allowed in pipes after insertYaml, remoteState and output. I also encountered this problem more than once, but it is not possible to solve it even for output. Cdev is limited by the yaml syntax and templating process. The implementation of remoteState/output functions is quite complex. I recommend use local terraform wrapper modules for such data transformations.

OK, I'll check it, thank you!

[kinseii]

It works, thank you!