Helm: CiliumNetworkPolicy setup causes failure with Terraform Helm provider v3.1.0+

[kkoppel]

Describe the bug
Terraform with Helm provider v3.1.0 or newer fails to generate a plan when Cilium network policy creation is enabled due to incorrect syntax in the loki-egress-dns resource manifest:

spec:
  egress:
  - toPorts:
    - ports:
      - port: "53"
        protocol: UDP
      - port: "53"
        protocol: TCP
    toEndpoints:
    - namespaceSelector: {}

There is no namespaceSelector field defined under toEndpoints in the CiliumNetworkPolicy CRD: https://doc.crds.dev/github.com/cilium/cilium/cilium.io/CiliumNetworkPolicy/v2@1.18.4#spec-egress-toEndpoints

Looks like Helm provider v3.1.0 is doing stricter validation of the CRD schema compared to the previous versions (v3.0.2 and earlier), which work fine.

To Reproduce
Steps to reproduce the behavior:

1. Use Terraform with Helm provider v3.1.0 or newer to deploy the Loki Helm chart with the following changes to default values:

networkPolicy:
  enabled: true
  flavor: cilium

Expected behavior
Terraform successfully generates a plan, including creating the loki-egress-dns CiliumNetworkPolicy resource.

Environment:

• Infrastructure: Kubernetes v1.34.1
• Deployment tool: Terraform v1.14.1 and Helm provider v3.1.1

Screenshots, Promtail config, or terminal output

Planning failed. Terraform encountered an error while generating this plan.

│
│ Error: Visit Error
│
│   with module.loki.helm_release.loki,
│   on ../../../../tfmods/logging/loki/main.tf line 15, in resource "helm_release" "loki":
│   15: resource "helm_release" "loki" {
│
│ failed to create typed patch object (logging/loki-egress-dns; cilium.io/v2, Kind=CiliumNetworkPolicy): .spec.egress[0].toEndpoints[0].namespaceSelector: field not declared in schema