The logs show that using the secret ARN is not effective. After tracing the error message, we found the root cause in the source code is that the code checking the ARN is hardcoded to the AWS partition and does not take into account that the China partition is aws-cn.
Describe the bug logs: time="2024-07-17T18:35:40Z" level=info msg="deferred syncing TridentBackendConfig 'netapp-trident/backend-tbc-ontap-nas', requeuing; reconcile deferred; problem initializing storage driver 'ontap-nas': error initializing ontap-nas AWS driver; secret ARN arn:aws-cn:secretsmanager:cn-north-1:xxxx:secret:xxxxxx is invalid" crdControllerEvent=add logLayer=crd_frontend logSource=trident-crd-controller requestID=4d710533-272e-4ecd-a10e-de474f7bd0d2 requestSource=CRD workflow="cr=reconcile"
The logs show that using the secret ARN is not effective. After tracing the error message, we found the root cause in the source code is that the code checking the ARN is hardcoded to the AWS partition and does not take into account that the China partition is aws-cn.
source bug location: https://github.com/NetApp/trident/blob/d8039aeb833b71ab80994035a7ef15ccfb91ec4b/storage_drivers/ontap/awsapi/aws.go#L37
Environment EKS 1.29 AWS China cn-north-1
To Reproduce Steps to reproduce the behavior:
Expected behavior
cat <<EOF | kubectl apply -f - apiVersion: trident.netapp.io/v1 kind: TridentBackendConfig metadata: name: backend-tbc-ontap-nas namespace: $TRIDENT_NAMESPACE spec: version: 1 storageDriverName: ontap-nas backendName: tbc-ontap-nas labels: k8scluster: posit-workbench-cluster-dev1 backend: xxxxx-nasbackend
aws: fsxFilesystemID: $FSX_ID apiRegion: cn-north-1 managementLIF: $SVM_DNS_NAME credentials: name: "arn:aws-cn:secretsmanager:cn-north-1:xxxx:secret:xxxxx" type: awsarn EOF
Additional context Add any other context about the problem here.