Merge branch 'main' into diff-live-resources

# Conflicts: # helm/resource_release.go
hashicorp · Aug 13, 2024 · bc8f1a2 · bc8f1a2
2 parents 0e16937 + 723cb76
commit bc8f1a2
Show file tree

Hide file tree

Showing 15 changed files with 434 additions and 48 deletions.
diff --git a/.changelog/1247.txt b/.changelog/1247.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/helm_release: add `upgrade_install` boolean attribute to enable idempotent release installation, addressing components of [GH-425](https://github.com/hashicorp/terraform-provider-helm/issues/425)
+```
diff --git a/.github/workflows/documentation-check.yaml b/.github/workflows/documentation-check.yaml
@@ -37,6 +37,6 @@ jobs:
   
         - name: Undocumented changes 
           run: |
-            echo "Documentation is not up to date. Please refer to the `Making Changes` in the Contribution Guide on how to properly update documentation."
+            echo 'Documentation is not up to date. Please refer to the `Making Changes` in the Contribution Guide on how to properly update documentation.'
             exit 1
-          if: failure()
+          if: failure()
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -25,7 +25,7 @@ jobs:
   terraform-provider-release:
     name: 'Terraform Provider Release'
     needs: [release-notes]
-    uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/hashicorp.yml@v3.0.1
+    uses: hashicorp/ghaction-terraform-provider-release/.github/workflows/hashicorp.yml@v4.0.1
     secrets:
       hc-releases-key-prod: '${{ secrets.HC_RELEASES_KEY_PROD }}'
       hc-releases-key-staging: '${{ secrets.HC_RELEASES_KEY_STAGING }}'

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,20 @@
+## 2.14.1 (Aug 7, 2024)
+
+DEPENDENCIES:
+
+* Bump golang.org/x/crypto from v0.23.0 to v0.25.0 [[GH-1399](https://github.com/hashicorp/terraform-provider-helm/pull/1399)]
+* Bump k8s.io/api from v0.30.0 to v0.30.3 [[GH-1436](https://github.com/hashicorp/terraform-provider-helm/pull/1436)]
+* Bump k8s.io/apimachinery from v0.30.0 to v0.30.3 [[GH-1436](https://github.com/hashicorp/terraform-provider-helm/pull/1436)]
+* Bump k8s.io/client-go from v0.30.0 to v0.30.3 [[GH-1436](https://github.com/hashicorp/terraform-provider-helm/pull/1436)]
+* Bump helm.sh/helm/v3 from v3.13.2 to v3.15.3 [[GH-1422](https://github.com/hashicorp/terraform-provider-helm/pull/1422)]
+
+## 2.14.0 (June 13, 2024)
+
+ENHANCEMENT:
+
+* Add support for Terraform's experimental deferred actions [[GH-1377](https://github.com/hashicorp/terraform-provider-helm/issues/1377)]
+* `helm_release`: add new attributes metadata.last_deployed, metadata.first_deployed, metadata.notes [[GH-1380](https://github.com/hashicorp/terraform-provider-helm/issues/1380)]
+
 ## 2.13.2 (May 8, 2024)
 
 DEPENDENCIES:

diff --git a/docs/data-sources/template.md b/docs/data-sources/template.md
@@ -54,7 +54,7 @@ For further details on the `helm template` command, refer to the [Helm documenta
 - `reset_values` (Boolean) When upgrading, reset the values to the ones built into the chart.Defaults to `false`.
 - `reuse_values` (Boolean) When upgrading, reuse the last release's values and merge in any overrides. If 'reset_values' is specified, this is ignored. Defaults to `false`.
 - `set` (Block Set) Custom values to be merged with the values. (see [below for nested schema](#nestedblock--set))
-- `set_list` (Block List) Custom sensitive values to be merged with the values. (see [below for nested schema](#nestedblock--set_list))
+- `set_list` (Block List) Custom list values to be merged with the values. (see [below for nested schema](#nestedblock--set_list))
 - `set_sensitive` (Block Set) Custom sensitive values to be merged with the values. (see [below for nested schema](#nestedblock--set_sensitive))
 - `set_string` (Block Set, Deprecated) Custom string values to be merged with the values. (see [below for nested schema](#nestedblock--set_string))
 - `show_only` (List of String) Only show manifests rendered from the given templates

diff --git a/docs/resources/release.md b/docs/resources/release.md
@@ -50,10 +50,11 @@ A Chart is a Helm package. It contains all of the resource definitions necessary
 - `reset_values` (Boolean) When upgrading, reset the values to the ones built into the chart. Defaults to `false`.
 - `reuse_values` (Boolean) When upgrading, reuse the last release's values and merge in any overrides. If 'reset_values' is specified, this is ignored. Defaults to `false`.
 - `set` (Block Set) Custom values to be merged with the values. (see [below for nested schema](#nestedblock--set))
-- `set_list` (Block List) Custom sensitive values to be merged with the values. (see [below for nested schema](#nestedblock--set_list))
+- `set_list` (Block List) Custom list values to be merged with the values. (see [below for nested schema](#nestedblock--set_list))
 - `set_sensitive` (Block Set) Custom sensitive values to be merged with the values. (see [below for nested schema](#nestedblock--set_sensitive))
 - `skip_crds` (Boolean) If set, no CRDs will be installed. By default, CRDs are installed if not already present. Defaults to `false`.
 - `timeout` (Number) Time in seconds to wait for any individual kubernetes operation. Defaults to 300 seconds.
+- `upgrade_install` (Boolean) If true, the provider will install the release at the specified version even if a release not controlled by the provider is present: this is equivalent to running 'helm upgrade --install' with the Helm CLI. WARNING: this may not be suitable for production use -- see the 'Upgrade Mode' note in the provider documentation. Defaults to `false`.
 - `values` (List of String) List of values in raw yaml format to pass to helm.
 - `verify` (Boolean) Verify the package before installing it.Defaults to `false`.
 - `version` (String) Specify the exact chart version to install. If this is not specified, the latest version is installed.
@@ -326,6 +327,46 @@ The `postrender` block supports two attributes:
 * `binary_path` - (Required) relative or full path to command binary.
 * `args` - (Optional) a list of arguments to supply to the post-renderer.
 
+## Upgrade Mode Notes
+
+When using the Helm CLI directly, it is possible to use `helm upgrade --install` to
+_idempotently_ install a release.  For example, `helm upgrade --install mariadb charts/mariadb --verson 7.1.0`
+will check to see if there is already a release called `mariadb`: if there is, ensure that it is set to version
+7.1.0, and if there is not, install that version from scratch. (See the documentation for the
+[helm upgrade](https://helm.sh/docs/helm/helm_upgrade) command for more details.)
+
+ **NOTE:** The mechanics of this approach are subtly different from the defaults and you can easily produce unexpected or undesirable results if you are not careful:
+using this approach in production is not necessarily recommended!
+
+If upgrade mode is enabled by setting the `upgrade_install` attribute to `true`, the provider will first check to see
+if a release with the given name already exists.  If the release does not already exist, the provider will perform a
+from-scratch installation of the chart.  In this case, all resource attributes are honored.
+
+However, if the release _does_ already exist, the provider will attempt to upgrade the release to
+the state defined in the resource, using the same strategy as the [helm upgrade](https://helm.sh/docs/helm/helm_upgrade)
+command.
+
+When using `upgrade_install`, the `version` attribute is used to determine the version of the chart to install or
+upgrade to.  If the `version` attribute is not set, the provider will attempt to determine the version of the chart
+from the existing release and will use that version for the upgrade: this is to ensure that using `upgrade_install`
+does not inadvertently change the version of the chart being used.
+
+**CRITICAL**: The user-supplied values passed to the chart in the new revision will be the ones specified in the
+`helm_release` resource, not the values used in the original installation of the chart. This means that if
+you are using `upgrade_install` to manage a release that was originally installed with a different set of values,
+you must ensure that the values in the `helm_release` resource are correct, or you may inadvertently change the
+configuration of the release. Additionally, since there is no existing terraform state to compare against, you
+must manually inspect the installed release's values with the `helm get values` CLI command.
+
+**IMPORTANT**: Even if you are "upgrading" to the same version of the chart that is already present in the cluster,
+the `helm_release` resource will still show as "changed" in the terraform plan output, because there is no existing
+state for it to compare against. This also means that in the apply stage, the provider will in fact reinstall the
+chart, which means that if there are any
+[deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/),
+[daemonset](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) or
+[statefulset](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) resources in the chart, they will
+be replaced, which will cause a rolling update of the pods.
+
 ## Import
 
 A Helm Release resource can be imported using its namespace and name e.g.

diff --git a/go.mod b/go.mod
@@ -55,7 +55,7 @@ require (
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/cli v25.0.1+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker v25.0.5+incompatible // indirect
+	github.com/docker/docker v25.0.6+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect

diff --git a/go.sum b/go.sum
@@ -98,8 +98,8 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT
 github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE=
-github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg=
+github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=

diff --git a/helm/data_template.go b/helm/data_template.go
@@ -133,7 +133,7 @@ func dataTemplate() *schema.Resource {
 			"set_list": {
 				Type:        schema.TypeList,
 				Optional:    true,
-				Description: "Custom sensitive values to be merged with the values.",
+				Description: "Custom list values to be merged with the values.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"name": {

diff --git a/helm/provider.go b/helm/provider.go
@@ -522,3 +522,7 @@ func OCIRegistryPerformLogin(registryClient *registry.Client, ociURL string, use
 func debug(format string, a ...interface{}) {
 	log.Printf("[DEBUG] %s", fmt.Sprintf(format, a...))
 }
+
+func warn(format string, a ...interface{}) {
+	log.Printf("[WARN] %s", fmt.Sprintf(format, a...))
+}