Fix: use v1 externalsecrets clusterstore if available

[brucex]

what

• Allow both v1 and v1beta of ClusterSecretStore
• Removal unused values

why

• v1beta has been deprecated and does not work in ESO v.0.17.0+ (latest is 0.18.0)
• Having unused values passed through the helm chart is confusing

references

• https://github.com/external-secrets/external-secrets/releases/tag/helm-chart-0.17.0

Summary by CodeRabbit

• New Features

  • The system now automatically selects the appropriate API version for secret store resources based on your Kubernetes cluster's supported versions.

• Chores

  • Simplified configuration by removing unused parameters from the module setup, reducing the amount of configuration required.

[coderabbitai]

Walkthrough

The changes introduce dynamic selection of the apiVersion for the ClusterSecretStore resource in a Helm chart template, adapting to the Kubernetes cluster's supported version. Additionally, the Terraform configuration for the external_ssm_secrets module is simplified by removing several keys from the values map, retaining only the region key.

Changes

File(s)	Change Summary
src/charts/external-ssm-secrets/templates/ssm-secret-store.yaml	Adds conditional logic to select the apiVersion field for ClusterSecretStore based on cluster support.
src/main.tf	Removes several keys from the values map for the external_ssm_secrets module, keeping only region.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Helm Chart
    participant Kubernetes API

    User->>Helm Chart: Deploy Chart
    Helm Chart->>Kubernetes API: Detect supported apiVersions
    alt Supports v1
        Helm Chart->>Kubernetes API: Create ClusterSecretStore (apiVersion: external-secrets.io/v1)
    else Fallback to v1beta1
        Helm Chart->>Kubernetes API: Create ClusterSecretStore (apiVersion: external-secrets.io/v1beta1)
    end

Loading

Poem

A rabbit hopped through YAML fields,
Where apiVersions now can yield,
To clusters old or clusters new,
The right one chosen just for you.
With Terraform, the map is lean—
Only region left, the rest unseen!
🥕

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dfe12f5 and e5e249b.

📒 Files selected for processing (1)

• src/main.tf (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• src/main.tf

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Summary

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7695654 and ac5196d.

📒 Files selected for processing (2)

• src/charts/external-ssm-secrets/templates/ssm-secret-store.yaml (1 hunks)
• src/main.tf (0 hunks)

💤 Files with no reviewable changes (1)

• src/main.tf

🧰 Additional context used

🪛 YAMLlint (1.37.1)

src/charts/external-ssm-secrets/templates/ssm-secret-store.yaml

[error] 2-2: syntax error: expected '', but found ''

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Summary

🔇 Additional comments (1)

src/charts/external-ssm-secrets/templates/ssm-secret-store.yaml (1)

13-14: Unconditional use of .Values.role may break chart after “cleanup” changes

The PR description says most unused values were removed, yet this template still requires role.
If role is no longer set, the rendered YAML will contain the literal string <no value> and fail to apply.

Consider guarding the field or providing a default:

-      role: {{ .Values.role }} # role is created via helm-release; see `service_account_set_key_path`
+{{- if .Values.role }}
+      role: {{ .Values.role }} # role is created via helm-release; see `service_account_set_key_path`
+{{- end }}

Please verify that role is indeed still supplied in values.yaml or update the template accordingly.

[goruha]

@brucex could you pls fix HCL formating

https://github.com/cloudposse-terraform-components/aws-eks-external-secrets-operator/actions/runs/15998118221/job/45126215753?pr=32

[goruha]

Check comments

[mergify]

Thanks @brucex for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

[brucex]

@brucex could you pls fix HCL formating

https://github.com/cloudposse-terraform-components/aws-eks-external-secrets-operator/actions/runs/15998118221/job/45126215753?pr=32

fixed

[mergify]

Thanks @brucex for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

[mergify]

Thanks @brucex for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

stale

[mergify]

Thanks @brucex for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

[github-actions]

These changes were released in v1.537.0.