[GPII-3251]: Idempotence for helm-release destroy #10
Conversation
modules/helm-release/main.tf
Outdated
| program = [ | ||
| "sh", "-c", | ||
| <<EOF | ||
| ca_cert=$(cat ${var.client_auth}/ca.cert.pem 2>/dev/null | awk '$1=$1' ORS=' \n') |
There was a problem hiding this comment.
FYI I had to look up both the $1=$1 idiom and ORS. Combined with the use of jq, it might be worth a comment explaining what all this is doing and why.
If the reason for all of this is to avoid loading a non-existent file, is it possible (and would it be simpler) to create these files elsewhere in Terraform or with rake code instead?
There was a problem hiding this comment.
Looks like jq is capable of handling newlines properly even without awk treatment, so that part looks a bit simpler now.
Regarding alternative solutions: well, creating empty cert files at the end of every destroy, and then removing them at the beginning of apply definitely does not sound better than just fixing provider configuration to not fail when there is no certs!
|
Yes, that looks nicer. Can you add a comment explaining why this is here? Do that and it LGTM. Also please offer this fix to upstream. :) |
I know, it looks like a really complicated fix for such a trivial issue, but believe me, there is no better way :)
Terraform will always fail during Helm provider configuration (which happens during
:destroyas well) if certificate files not present on disk (already removed during previous:destroy) with:And there is no way to evaluate if local file is present on disk in Terraform: hashicorp/terraform#10878.