Provider crash with 'Plugin did not respond' error on complex kubernetes_manifest resourcesΒ #2757
Description
Bug Report
Environment
- Provider Version: v2.31.0
- Terraform/OpenTofu Version: OpenTofu v1.10.3
- Platform: Darwin arm64 (macOS Sequoia 24.5.0)
- Go Version: go1.24.2 darwin/arm64
Issue Description
The kubernetes provider crashes with "Plugin did not respond" when planning kubernetes_manifest resources containing complex nested objects (ArgoCD ApplicationSets).
Error Message
Error: Plugin did not respond
with kubernetes_manifest.applicationset,
on applicationset.tf line 2, in resource "kubernetes_manifest" "applicationset":
2: resource "kubernetes_manifest" "applicationset" {
The plugin encountered an error, and failed to respond to the
plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more
details.
Stack Trace
panic: ElementKeyInt(0): can't use tftypes.Object["clusterDecisionResource":tftypes.Object["configMapRef":tftypes.String, "labelSelector":tftypes.Object["matchExpressions":tftypes.List[tftypes.Object["key":tftypes.String, "operator":tftypes.String, "values":tftypes.List[tftypes.String]]], "matchLabels":tftypes.Map[tftypes.String]], "name":tftypes.String, "requeueAfterSeconds":tftypes.Number, "template":tftypes.Object[...]]
Configuration
The failing resource is a kubernetes_manifest for an ArgoCD ApplicationSet with complex nested generators containing matrix configurations, git directories, and cluster definitions.
Provider Configuration
Using EKS authentication via AWS CLI exec plugin:
provider "kubernetes" {
host = "${dependency.eks.outputs.cluster_endpoint}"
cluster_ca_certificate = base64decode("${dependency.eks.outputs.cluster_certificate_authority_data}")
exec {
api_version = "client.authentication.k8s.io/v1beta1"
command = "aws"
args = ["eks", "get-token", "--role-arn", "${local.vars.role_arn}", "--cluster-name", "${dependency.eks.outputs.cluster_name}"]
}
}Analysis
This appears to be a tftypes handling issue in the provider when processing complex nested object structures in kubernetes_manifest resources. The panic occurs during the ReadResource call, suggesting the provider cannot properly handle the complex nested ApplicationSet specification.
Reproduction
The issue occurs consistently when running terraform plan or terragrunt plan on configurations containing ArgoCD ApplicationSet manifests with complex nested generator configurations.