search

crossplane-contrib / provider-jet-aws

AWS Provider for Crossplane that is built with Terrajet.
https://crossplane.io
Apache License 2.0
37 stars 30 forks source link

SecurityGroup fails to create due to missing attributes #157

Closed throwanexception closed 2 years ago

throwanexception commented 2 years ago

What happened?

Crossplane failed to create a SecurityGroup with the following error:

    message: 'observe failed: cannot run refresh: refresh failed: Incorrect attribute
      value type: Inappropriate value for attribute "ingress": element 0: attributes
      "description", "ipv6_cidr_blocks", "prefix_list_ids", "security_groups", and
      "self" are required.: File name: main.tf.json'
    reason: ReconcileError

Attempting to provide the parameters via the API works for description and self (with a string and bool input respectively), but for ipv6CidrBlocks, prefixListIds and securityGroups it did not.

The API docs do not mark these values as required.

How can we reproduce it?

apiVersion: ec2.aws.jet.crossplane.io/v1alpha2
kind: SecurityGroup
metadata:
    name: example-securitygroup
spec:
  forProvider:
    name: example-securitygroup-sg
    description: "i am a description"
    region: us-west-2
    vpcId: vpc-somevpc
    ingress:
    - fromPort: 6379
      toPort: 6379
      protocol: tcp
      description: "i am also a description"
      cidrBlocks:
      - 10.0.0.0/16
      ipv6CidrBlocks: []
      self: false
      prefixListIds: []
      securityGroups: []
    tags:
      managed-by: crossplane
  providerConfigRef:
    name: jet-aws-provider

What environment did it happen in?

Crossplane version: v1.6.1 JET AWS version: v0.4.0

Kubernetes Version: Server Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.5-eks-bc4871b", GitCommit:"5236faf39f1b7a7dabea8df12726f25608131aa9", GitTreeState:"clean", BuildDate:"2021-10-29T23:32:16Z", GoVersion:"go1.16.8", Compiler:"gc", Platform:"linux/amd64"}

turkenh commented 2 years ago

Looks like this is related to this underlying terraform issue: https://stackoverflow.com/a/69080432/4124416

But I believe this is something we would need to handle in Terrajet since, the zero values probably dropped for optionals hence never passed to Terraform.

andrzej-natzka commented 2 years ago

I face the same problem: Part of my Composition:

  - name: ec2sg-ng
    base:
      apiVersion: ec2.aws.jet.crossplane.io/v1alpha2
      kind: SecurityGroup
      spec:
        forProvider:
          description: Cluster communication with worker nodes
          name: ekscluster-sg
          vpcidSelector:
            matchControllerRef: true
        providerConfigRef:
          name: aws-jet-provider
    patches:
    - type: PatchSet
      patchSetName: region
    - fromFieldPath: spec.id
      toFieldPath: metadata.name
      transforms:
      - type: string
        string:
          fmt: "%s-sg"    
  - name: ec2sg-rule
    base:
      apiVersion: ec2.aws.jet.crossplane.io/v1alpha2
      kind: SecurityGroupRule
      spec:
        forProvider:
          securityGroupIdSelector:
            matchControllerRef: true
          type: egress            
          protocol: "-1"
          fromPort: 0
          toPort: 0
          cidrBlocks:
          - "0.0.0.0/0"                 
        providerConfigRef:
          name: aws-jet-provider
    patches:
    - type: PatchSet
      patchSetName: region
    - fromFieldPath: spec.id
      toFieldPath: metadata.name
      transforms:
      - type: string
        string:
          fmt: "%s-sgrule"

Status after apply:

NAME                                                          READY   SYNCED   EXTERNAL-NAME      AGE
securitygroup.ec2.aws.jet.crossplane.io/xpjeteks-sg   True    False    sg-xxx   96m
securitygrouprule.ec2.aws.jet.crossplane.io/xpjeteks-sgrule   True    True     sgrule-xxx   96m

Events:
  Type     Reason                         Age                     From                                                            Message
  ----     ------                         ----                    ----                                                            -------
  Warning  CannotObserveExternalResource  16s (x1056 over 3h33m)  managed/ec2.aws.jet.crossplane.io/v1alpha2, kind=securitygroup  cannot run refresh: refresh failed: Incorrect attribute value type: Inappropriate value for attribute "egress": element 0: attributes "description", "ipv6_cidr_blocks", "prefix_list_ids", "security_groups", and "self" are required.: File name: main.tf.json
haarchri commented 2 years ago

uodated the PR #198 handled securitygroup and securitygrouprule resources if add ignore lateinit for ingress and egress please check the examples: https://github.com/crossplane-contrib/provider-jet-aws/pull/198