provider-aws icon indicating copy to clipboard operation
provider-aws copied to clipboard

Published 20 hours ago verified publisher icon crossplane-contrib

s3 bucket settings not defined in the MR are removed after upgrade to v0.46.0

Open mprochnicki opened this issue 1 year ago • 6 comments

What happened?

I upgraded provider-aws from version 0.45.2 to version 0.46.0, this resulted in removal of s3 bucket settings that were not defined in MR manifest.

Unfortunately part of s3 bucket settings (notificationConfiguration) must be managed by separate tool outside of Crossplane, and this worked in previous versions.

Enabling management policies and using ["Observe", "Create", "Update", "Delete"] didn't resolved the issue.

How can we reproduce it?

  1. Create s3 bucket using below manifest and provider-aws v0.45.2 (or older):
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
  name: bucket-name
spec:
  deletionPolicy: Delete
  forProvider:
    locationConstraint: us-east-1
    objectOwnership: BucketOwnerEnforced
    paymentConfiguration:
      payer: BucketOwner
    publicAccessBlockConfiguration:
      blockPublicAcls: true
      blockPublicPolicy: true
      ignorePublicAcls: true
      restrictPublicBuckets: true
    serverSideEncryptionConfiguration:
      rules:
        - applyServerSideEncryptionByDefault:
            kmsMasterKeyId: kms-key-id
            kmsMasterKeyIdRef:
              name: kms-key-name
            sseAlgorithm: aws:kms
          bucketKeyEnabled: true
    tagging:
      tagSet:
        - key: key
          value: value
  1. Manually configure "Event Notifications" (notificationConfiguration)
  2. Upgrade provider-aws to v0.46.0
  3. Observe "Event Notifications" settings being removed

What environment did it happen in?

Crossplane version: 1.14.5

mprochnicki avatar Feb 12 '24 19:02 mprochnicki

Having two different points of truth is not supported by this provider. If something has been overwritten, it might be due to the controllers always considering the MR as the target definition.

If there is a bug, maybe with LateInitialize, please let us know.

MisterMX avatar Feb 14 '24 14:02 MisterMX

I would like behavior from circled description, but enabling management policies and using ["Observe", "Create", "Update", "Delete"] didn't worked:

image

I found that this PR https://github.com/crossplane-contrib/provider-aws/pull/1974 introduced notification configuration reset, even when it has never been set in the MR. Shouldn't this be dependent on management policies?

mprochnicki avatar Feb 14 '24 15:02 mprochnicki

I can't really say much about Management policies as they are a feature that is coming from https://github.com/crossplane/crossplane-runtime. It is not honored by the provider itself.

Anyways, https://github.com/crossplane-contrib/provider-aws/pull/1974/files#diff-a8eef2da98b1ec4eedcdafbeb44237c0a1065cd0bf9c3f34124cb67c143113efR290 is run during the update step so it would probably apply given the management policy above.

MisterMX avatar Feb 21 '24 11:02 MisterMX

I tried with ["Observe", "Create", "LateInitialize", "Delete"] and that resulted in creation of default s3 bucket, without any settings from spec.forProvider object.

Is there a way to use the provider for objects creation with defined spec, and do not update them after?

mprochnicki avatar Apr 11 '24 14:04 mprochnicki

I've the same issue here! UXP Version: v1.14.7 AWS Provider Version: v0.47.2

haooliveira84 avatar Jul 01 '24 12:07 haooliveira84

Is there a way to use the provider for objects creation with defined spec, and do not update them after?

I don't think it is implemented. But you can try the official provider: https://github.com/upbound/provider-aws

MisterMX avatar Jul 24 '24 13:07 MisterMX