diff --git a/.tool-versions b/.tool-versions
index 06eb184..91bb7e1 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -4,4 +4,4 @@ tflint 0.50.3
checkov 3.2.37
awscli 2.15.29
pre-commit 3.6.2
-python 3.9.16
+python 3.13.1
diff --git a/README.md b/README.md
index 44d71f4..6d8b236 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ See [basic example](examples/basic) for further information.
|------|------|
| [utils_deep_merge_yaml.values](https://registry.terraform.io/providers/cloudposse/utils/latest/docs/data-sources/deep_merge_yaml) | data source |
> [!IMPORTANT]
-> Variables defined in [variables-addon.tf](variables-addon.tf) defaults to `null` to have them overridable by the addon configuration defined though the [`local.addon.*`](main.tf) local variable with some default values defined in [addon.tf](addon.tf).
+> Variables defined in [variables-addon[-irsa|oidc].tf](variables-addon.tf) defaults to `null` to have them overridable by the addon configuration defined though the [`local.addon[_irsa|oidc].*`](main.tf) local variable with the default values defined in [addon[-irsa|oidc].tf](addon.tf).
## Inputs
| Name | Description | Type |
@@ -72,12 +72,12 @@ See [basic example](examples/basic) for further information.
| [argo\_helm\_wait\_node\_selector](#input\_argo\_helm\_wait\_node\_selector) | Node selector for ArgoCD Application Helm release wait job. Defaults to `{}`. | `map(string)` |
| [argo\_helm\_wait\_timeout](#input\_argo\_helm\_wait\_timeout) | Timeout for ArgoCD Application Helm release wait job. Defaults to `10m`. | `string` |
| [argo\_helm\_wait\_tolerations](#input\_argo\_helm\_wait\_tolerations) | Tolerations for ArgoCD Application Helm release wait job. Defaults to `[]`. | `list(any)` |
-| [argo\_info](#input\_argo\_info) | ArgoCD Application manifest info parameter. Defaults to `[{'name': 'terraform', 'value': 'true'}]`. | `list(any)` |
-| [argo\_kubernetes\_manifest\_computed\_fields](#input\_argo\_kubernetes\_manifest\_computed\_fields) | List of paths of fields to be handled as "computed". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to `['metadata.labels', 'metadata.annotations', 'metadata.finalizers']`. | `list(string)` |
+| [argo\_info](#input\_argo\_info) | ArgoCD Application manifest info parameter. Defaults to `[{"name": "terraform", "value": "true"}]`. | `list(any)` |
+| [argo\_kubernetes\_manifest\_computed\_fields](#input\_argo\_kubernetes\_manifest\_computed\_fields) | List of paths of fields to be handled as "computed". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to `["metadata.labels", "metadata.annotations", "metadata.finalizers"]`. | `list(string)` |
| [argo\_kubernetes\_manifest\_field\_manager\_force\_conflicts](#input\_argo\_kubernetes\_manifest\_field\_manager\_force\_conflicts) | Forcibly override any field manager conflicts when applying the kubernetes manifest resource. Defaults to `false`. | `bool` |
| [argo\_kubernetes\_manifest\_field\_manager\_name](#input\_argo\_kubernetes\_manifest\_field\_manager\_name) | The name of the field manager to use when applying the Kubernetes manifest resource. Defaults to `Terraform`. | `string` |
| [argo\_kubernetes\_manifest\_wait\_fields](#input\_argo\_kubernetes\_manifest\_wait\_fields) | A map of fields and a corresponding regular expression with a pattern to wait for. The provider will wait until the field matches the regular expression. Use * for any value. Defaults to `{}`. | `map(string)` |
-| [argo\_metadata](#input\_argo\_metadata) | ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to `{'finalizers': ['resources-finalizer.argocd.argoproj.io']}`. | `any` |
+| [argo\_metadata](#input\_argo\_metadata) | ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to `{"finalizers": ["resources-finalizer.argocd.argoproj.io"]}`. | `any` |
| [argo\_namespace](#input\_argo\_namespace) | Namespace to deploy ArgoCD Application CRD to. Defaults to `argo`. | `string` |
| [argo\_project](#input\_argo\_project) | ArgoCD Application project. Defaults to `default`. | `string` |
| [argo\_spec](#input\_argo\_spec) | ArgoCD Application spec configuration. Override or create additional spec parameters. Defaults to `{}`. | `any` |
@@ -124,7 +124,7 @@ See [basic example](examples/basic) for further information.
| [irsa\_assume\_role\_enabled](#input\_irsa\_assume\_role\_enabled) | Whether IRSA is allowed to assume role defined by `irsa_assume_role_arn`. Mutually exclusive with `irsa_policy_enabled`. Defaults to `false`. | `bool` |
| [irsa\_assume\_role\_policy\_condition\_test](#input\_irsa\_assume\_role\_policy\_condition\_test) | Specifies the condition test to use for the assume role trust policy. Defaults to `StringEquals`. | `string` |
| [irsa\_assume\_role\_policy\_condition\_values](#input\_irsa\_assume\_role\_policy\_condition\_values) | Specifies the values for the assume role trust policy condition. Each entry in this list must follow the required format `system:serviceaccount:$service_account_namespace:$service_account_name`. If this variable is left as the default, `local.irsa_assume_role_policy_condition_values_default` is used instead, which is a list containing a single value. Note that if this list is defined, the `service_account_name` and `service_account_namespace` variables are ignored. Defaults to `[]`. | `list(string)` |
-| [irsa\_permissions\_boundary](#input\_irsa\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IRSA role. | `string` |
+| [irsa\_permissions\_boundary](#input\_irsa\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IRSA role. Defaults to `null`. | `string` |
| [irsa\_policy](#input\_irsa\_policy) | Policy to be attached to the IRSA role. Applied only if `irsa_policy_enabled` is `true`. Defaults to `""`. | `string` |
| [irsa\_policy\_enabled](#input\_irsa\_policy\_enabled) | Whether to create IAM policy specified by `irsa_policy`. Mutually exclusive with `irsa_assume_role_enabled`. Defaults to `false`. | `bool` |
| [irsa\_role\_create](#input\_irsa\_role\_create) | Whether to create IRSA role and annotate Service Account. Defaults to `true`. | `bool` |
@@ -142,7 +142,7 @@ See [basic example](examples/basic) for further information.
| [oidc\_openid\_client\_ids](#input\_oidc\_openid\_client\_ids) | List of OpenID Connect client IDs that are allowed to assume the OIDC provider. Defaults to `[]`. | `list(string)` |
| [oidc\_openid\_provider\_url](#input\_oidc\_openid\_provider\_url) | OIDC provider URL. Defaults to `""`. | `string` |
| [oidc\_openid\_thumbprints](#input\_oidc\_openid\_thumbprints) | List of thumbprints of the OIDC provider's server certificate. Defaults to `[]`. | `list(string)` |
-| [oidc\_permissions\_boundary](#input\_oidc\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the OIDC role. | `string` |
+| [oidc\_permissions\_boundary](#input\_oidc\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the OIDC role. Defaults to `null`. | `string` |
| [oidc\_policy](#input\_oidc\_policy) | Policy to be attached to the OIDC role. Applied only if `oidc_policy_enabled` is `true`. Defaults to `""`. | `string` |
| [oidc\_policy\_enabled](#input\_oidc\_policy\_enabled) | Whether to create IAM policy specified by `oidc_policy`. Mutually exclusive with `oidc_assume_role_enabled`. Defaults to `false`. | `bool` |
| [oidc\_provider\_create](#input\_oidc\_provider\_create) | Whether to create OIDC provider. Set to `false` if you want to disable default OIDC provider when `var.oidc_custom_provider_arn` is set. Defaults to `true`. | `bool` |
diff --git a/addon-oidc.tf b/addon-oidc.tf
index b97e54f..a460507 100644
--- a/addon-oidc.tf
+++ b/addon-oidc.tf
@@ -23,7 +23,7 @@ module "addon-oidc" {
oidc_openid_thumbprints = var.oidc_openid_thumbprints != null ? var.oidc_openid_thumbprints : try(each.value.oidc_openid_thumbprints, [])
oidc_assume_role_policy_condition_variable = var.oidc_assume_role_policy_condition_variable != null ? var.oidc_assume_role_policy_condition_variable : try(each.value.oidc_assume_role_policy_condition_variable, "")
oidc_assume_role_policy_condition_values = var.oidc_assume_role_policy_condition_values != null ? var.oidc_assume_role_policy_condition_values : try(each.value.oidc_assume_role_policy_condition_values, [])
- oidc_assume_role_policy_condition_test = var.oidc_assume_role_policy_condition_test != null ? var.oidc_assume_role_policy_condition_test : try(each.value.oidc_assume_role_policy_condition_test, "StringLike")
+ oidc_assume_role_policy_condition_test = var.oidc_assume_role_policy_condition_test != null ? var.oidc_assume_role_policy_condition_test : try(each.value.oidc_assume_role_policy_condition_test, "StringEquals")
oidc_custom_provider_arn = var.oidc_custom_provider_arn != null ? var.oidc_custom_provider_arn : try(each.value.oidc_custom_provider_arn, "")
oidc_tags = var.oidc_tags != null ? var.oidc_tags : try(each.value.oidc_tags, tomap({}))
diff --git a/modules/addon-irsa/context.tf b/modules/addon-irsa/context.tf
deleted file mode 100644
index 0c61607..0000000
--- a/modules/addon-irsa/context.tf
+++ /dev/null
@@ -1,84 +0,0 @@
-variable "namespace" {
- type = string
- default = null
- description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
-}
-
-variable "environment" {
- type = string
- default = null
- description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
-}
-
-variable "stage" {
- type = string
- default = null
- description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
-}
-
-variable "name" {
- type = string
- default = null
- description = <<-EOT
- ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
- This is the only ID element not also included as a `tag`.
- The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.
- EOT
-}
-
-variable "attributes" {
- type = list(string)
- default = []
- description = <<-EOT
- ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
- in the order they appear in the list. New attributes are appended to the
- end of the list. The elements of the list are joined by the `delimiter`
- and treated as a single ID element.
- EOT
-}
-
-variable "tags" {
- type = map(string)
- default = {}
- description = <<-EOT
- Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
- Neither the tag keys nor the tag values will be modified by this module.
- EOT
-}
-
-variable "context" {
- type = any
- default = {
- enabled = true
- namespace = null
- tenant = null
- environment = null
- stage = null
- name = null
- delimiter = null
- attributes = []
- tags = {}
- additional_tag_map = {}
- regex_replace_chars = null
- label_order = []
- id_length_limit = null
- label_key_case = null
- label_value_case = null
- descriptor_formats = {}
- # Note: we have to use [] instead of null for unset lists due to
- # https://github.com/hashicorp/terraform/issues/28137
- # which was not fixed until Terraform 1.0.0,
- # but we want the default to be all the labels in `label_order`
- # and we want users to be able to prevent all tag generation
- # by setting `labels_as_tags` to `[]`, so we need
- # a different sentinel to indicate "default"
- labels_as_tags = ["unset"]
- }
- description = <<-EOT
- Single object for setting entire context at once.
- See description of individual variables for details.
- Leave string and numeric variables as `null` to use default value.
- Individual variable settings (non-null) override settings in context object,
- except for attributes, tags, and additional_tag_map, which are merged.
- EOT
-}
diff --git a/modules/addon-irsa/iam.tf b/modules/addon-irsa/iam.tf
index 0902a97..95fe18a 100644
--- a/modules/addon-irsa/iam.tf
+++ b/modules/addon-irsa/iam.tf
@@ -1,7 +1,6 @@
locals {
irsa_role_create = var.enabled && var.rbac_create && var.service_account_create && var.irsa_role_create
- irsa_role_name_prefix = coalesce(var.irsa_role_name_prefix, "${module.label.id}-irsa")
- irsa_role_name = trim("${local.irsa_role_name_prefix}-${var.irsa_role_name}", "-")
+ irsa_role_name = trim("${var.irsa_role_name_prefix}-${var.irsa_role_name}", "-")
irsa_policy_enabled = var.irsa_policy_enabled && length(var.irsa_policy) > 0
irsa_assume_role_enabled = var.irsa_assume_role_enabled && length(var.irsa_assume_role_arns) > 0
irsa_assume_role_policy_condition_values_default = length(var.service_account_namespace) > 0 && length(var.service_account_name) > 0 ? [
diff --git a/modules/addon-irsa/label.tf b/modules/addon-irsa/label.tf
deleted file mode 100644
index 89ca7f4..0000000
--- a/modules/addon-irsa/label.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-module "label" {
- source = "cloudposse/label/null"
- version = "0.25.0"
-
- namespace = var.namespace
- stage = var.stage
- environment = var.environment
- name = var.name
- attributes = var.attributes
- context = var.context
- tags = var.tags
-}
diff --git a/modules/addon-irsa/variables.tf b/modules/addon-irsa/variables.tf
index a52fc7d..6c73356 100644
--- a/modules/addon-irsa/variables.tf
+++ b/modules/addon-irsa/variables.tf
@@ -47,13 +47,13 @@ variable "irsa_role_create" {
variable "irsa_role_name_prefix" {
type = string
default = ""
- description = "IRSA role name prefix. Defaults to addon IRSA component name (if provided) with `irsa` suffix."
+ description = "IRSA role name prefix."
}
variable "irsa_role_name" {
type = string
default = ""
- description = "IRSA role name. The value is prefixed by `var.irsa_role_name_prefix`. Defaults to the addon Helm chart name."
+ description = "IRSA role name. The value is prefixed by `irsa_role_name_prefix`."
}
variable "irsa_policy_enabled" {
@@ -65,7 +65,7 @@ variable "irsa_policy_enabled" {
variable "irsa_policy" {
type = string
default = ""
- description = "Policy to be attached to the IRSA role. Applied only if `irsa_policy_enabled` is `true`."
+ description = "AWS IAM policy JSON document to be attached to the IRSA role. Applied only if `irsa_policy_enabled` is `true`."
}
variable "irsa_assume_role_enabled" {
diff --git a/modules/addon-oidc/context.tf b/modules/addon-oidc/context.tf
deleted file mode 100644
index 0c61607..0000000
--- a/modules/addon-oidc/context.tf
+++ /dev/null
@@ -1,84 +0,0 @@
-variable "namespace" {
- type = string
- default = null
- description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
-}
-
-variable "environment" {
- type = string
- default = null
- description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
-}
-
-variable "stage" {
- type = string
- default = null
- description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
-}
-
-variable "name" {
- type = string
- default = null
- description = <<-EOT
- ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
- This is the only ID element not also included as a `tag`.
- The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.
- EOT
-}
-
-variable "attributes" {
- type = list(string)
- default = []
- description = <<-EOT
- ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
- in the order they appear in the list. New attributes are appended to the
- end of the list. The elements of the list are joined by the `delimiter`
- and treated as a single ID element.
- EOT
-}
-
-variable "tags" {
- type = map(string)
- default = {}
- description = <<-EOT
- Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
- Neither the tag keys nor the tag values will be modified by this module.
- EOT
-}
-
-variable "context" {
- type = any
- default = {
- enabled = true
- namespace = null
- tenant = null
- environment = null
- stage = null
- name = null
- delimiter = null
- attributes = []
- tags = {}
- additional_tag_map = {}
- regex_replace_chars = null
- label_order = []
- id_length_limit = null
- label_key_case = null
- label_value_case = null
- descriptor_formats = {}
- # Note: we have to use [] instead of null for unset lists due to
- # https://github.com/hashicorp/terraform/issues/28137
- # which was not fixed until Terraform 1.0.0,
- # but we want the default to be all the labels in `label_order`
- # and we want users to be able to prevent all tag generation
- # by setting `labels_as_tags` to `[]`, so we need
- # a different sentinel to indicate "default"
- labels_as_tags = ["unset"]
- }
- description = <<-EOT
- Single object for setting entire context at once.
- See description of individual variables for details.
- Leave string and numeric variables as `null` to use default value.
- Individual variable settings (non-null) override settings in context object,
- except for attributes, tags, and additional_tag_map, which are merged.
- EOT
-}
diff --git a/modules/addon-oidc/iam.tf b/modules/addon-oidc/iam.tf
index 0fa7990..0ff63c9 100644
--- a/modules/addon-oidc/iam.tf
+++ b/modules/addon-oidc/iam.tf
@@ -1,8 +1,7 @@
locals {
oidc_provider_create = var.enabled && var.oidc_provider_create
oidc_role_create = var.enabled && var.oidc_role_create
- oidc_role_name_prefix = coalesce(var.oidc_role_name_prefix, "${module.label.id}-oidc")
- oidc_role_name = trim("${local.oidc_role_name_prefix}-${var.oidc_role_name}", "-")
+ oidc_role_name = trim("${var.oidc_role_name_prefix}-${var.oidc_role_name}", "-")
oidc_policy_enabled = var.oidc_policy_enabled && length(var.oidc_policy) > 0
oidc_assume_role_enabled = var.oidc_assume_role_enabled && length(var.oidc_assume_role_arns) > 0
}
diff --git a/modules/addon-oidc/label.tf b/modules/addon-oidc/label.tf
deleted file mode 100644
index 89ca7f4..0000000
--- a/modules/addon-oidc/label.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-module "label" {
- source = "cloudposse/label/null"
- version = "0.25.0"
-
- namespace = var.namespace
- stage = var.stage
- environment = var.environment
- name = var.name
- attributes = var.attributes
- context = var.context
- tags = var.tags
-}
diff --git a/modules/addon-oidc/variables.tf b/modules/addon-oidc/variables.tf
index 836811f..225d751 100644
--- a/modules/addon-oidc/variables.tf
+++ b/modules/addon-oidc/variables.tf
@@ -7,7 +7,7 @@ variable "enabled" {
variable "oidc_provider_create" {
type = bool
default = true
- description = "Whether to create OIDC provider. Set to `false` if you want to disable default OIDC provider when `var.oidc_custom_provider_arn` is set."
+ description = "Whether to create OIDC provider. Set to `false` if you want to disable default OIDC provider when `oidc_custom_provider_arn` is set."
}
variable "oidc_custom_provider_arn" {
@@ -25,13 +25,13 @@ variable "oidc_role_create" {
variable "oidc_role_name_prefix" {
type = string
default = ""
- description = "OIDC role name prefix. Defaults to addon OIDC component name (if provided) with `oidc` suffix."
+ description = "OIDC role name prefix."
}
variable "oidc_role_name" {
type = string
default = ""
- description = "OIDC role name. The value is prefixed by `var.oidc_role_name_prefix`. Defaults to the addon Helm chart name."
+ description = "OIDC role name. The value is prefixed by `oidc_role_name_prefix`."
}
variable "oidc_policy_enabled" {
@@ -43,7 +43,7 @@ variable "oidc_policy_enabled" {
variable "oidc_policy" {
type = string
default = ""
- description = "Policy to be attached to the OIDC role. Applied only if `oidc_policy_enabled` is `true`."
+ description = "AWS IAM policy JSON document to be attached to the OIDC role. Applied only if `oidc_policy_enabled` is `true`."
}
variable "oidc_assume_role_enabled" {
@@ -78,7 +78,7 @@ variable "oidc_tags" {
variable "oidc_assume_role_policy_condition_test" {
type = string
- default = "StringLike"
+ default = "StringEquals"
description = "Specifies the condition test to use for the assume role trust policy."
}
diff --git a/scripts/sync-variables.py b/scripts/sync-variables.py
index 55352a6..6786b71 100755
--- a/scripts/sync-variables.py
+++ b/scripts/sync-variables.py
@@ -23,7 +23,10 @@ def filter_terraform_default(value):
if value == "":
return '\\"\\"'
- return value
+ if value == None:
+ return 'null'
+
+ return re.sub(r'\'', r'\\"', str(value))
def get_template():
env = Environment(loader=FileSystemLoader("."))
@@ -37,7 +40,7 @@ def get_template():
variable "{{ name }}" {
type = {{ spec.type | terraform_type }}
default = null
- description = "{{ spec.description }}{% if spec.default is defined and spec.default != None %} Defaults to `{{ spec.default | terraform_default }}`.{% endif %}"
+ description = "{{ spec.description }}{% if spec.default is defined %} Defaults to `{{ spec.default | terraform_default }}`.{% endif %}"
}
{%- endif %}
{%- endfor %}
diff --git a/variables-addon-irsa.tf b/variables-addon-irsa.tf
index c19a1bd..be6ebe6 100644
--- a/variables-addon-irsa.tf
+++ b/variables-addon-irsa.tf
@@ -81,7 +81,7 @@ variable "irsa_assume_role_arns" {
variable "irsa_permissions_boundary" {
type = string
default = null
- description = "ARN of the policy that is used to set the permissions boundary for the IRSA role."
+ description = "ARN of the policy that is used to set the permissions boundary for the IRSA role. Defaults to `null`."
}
variable "irsa_additional_policies" {
diff --git a/variables-addon-oidc.tf b/variables-addon-oidc.tf
index c61d1dc..0056783 100644
--- a/variables-addon-oidc.tf
+++ b/variables-addon-oidc.tf
@@ -57,7 +57,7 @@ variable "oidc_assume_role_arns" {
variable "oidc_permissions_boundary" {
type = string
default = null
- description = "ARN of the policy that is used to set the permissions boundary for the OIDC role."
+ description = "ARN of the policy that is used to set the permissions boundary for the OIDC role. Defaults to `null`."
}
variable "oidc_additional_policies" {
diff --git a/variables-addon.tf b/variables-addon.tf
index 3ff4513..a099965 100644
--- a/variables-addon.tf
+++ b/variables-addon.tf
@@ -111,7 +111,7 @@ variable "argo_project" {
variable "argo_info" {
type = list(any)
default = null
- description = "ArgoCD Application manifest info parameter. Defaults to `[{'name': 'terraform', 'value': 'true'}]`."
+ description = "ArgoCD Application manifest info parameter. Defaults to `[{\"name\": \"terraform\", \"value\": \"true\"}]`."
}
variable "argo_sync_policy" {
@@ -123,7 +123,7 @@ variable "argo_sync_policy" {
variable "argo_metadata" {
type = any
default = null
- description = "ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to `{'finalizers': ['resources-finalizer.argocd.argoproj.io']}`."
+ description = "ArgoCD Application metadata configuration. Override or create additional metadata parameters. Defaults to `{\"finalizers\": [\"resources-finalizer.argocd.argoproj.io\"]}`."
}
variable "argo_apiversion" {
@@ -147,7 +147,7 @@ variable "argo_helm_values" {
variable "argo_kubernetes_manifest_computed_fields" {
type = list(string)
default = null
- description = "List of paths of fields to be handled as \"computed\". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to `['metadata.labels', 'metadata.annotations', 'metadata.finalizers']`."
+ description = "List of paths of fields to be handled as \"computed\". The user-configured value for the field will be overridden by any different value returned by the API after apply. Defaults to `[\"metadata.labels\", \"metadata.annotations\", \"metadata.finalizers\"]`."
}
variable "argo_kubernetes_manifest_field_manager_name" {