search

crossplane-contrib / provider-jet-aws

AWS Provider for Crossplane that is built with Terrajet.
https://crossplane.io
Apache License 2.0
37 stars 30 forks source link

Issue while passing the securityGroupIds through patches to elasticsearch.aws.jet.crossplane.io #232

Open VishnuPrasad-Xyram opened 1 year ago

VishnuPrasad-Xyram commented 1 year ago

What happened?

I created securityGroup as part of the composition and patched securityGroup-ID to composite resource using below patch

- type: ToCompositeFieldPath
  fromFieldPath: status.atProvider.securityGroupID
  toFieldPath: status.securityGroupID
  policy:
    fromFieldPath: Required

Then patching securityGroup-ID to elasticsearch.aws.jet.crossplane.io using below patch

- type: FromCompositeFieldPath
  fromFieldPath: status.securityGroupID
  toFieldPath: spec.forProvider.vpcOptions[0].securityGroupIds[0]
  policy:
    fromFieldPath: Required

After that when I describe Domain.elasticsearch.aws.jet.crossplane.io/NAME, I could see the correct securityGroup-ID being patched to the resource, but when I checked in the AWS console it took the default securityGroup-ID while creating the elasticSearch Domain.

What environment did it happen in?

haarchri commented 1 year ago

can you check status for securityGroup ? think in jet provider it is simply id status.atProvider.id

https://doc.crds.dev/github.com/crossplane-contrib/provider-jet-aws/ec2.aws.jet.crossplane.io/SecurityGroup/v1alpha2@v0.5.0-preview#status-atProvider-id

VishnuPrasad-Xyram commented 1 year ago

@haarchri Yes, it's status.atProvider.id in jet provider. Am able to patch the securityGroupID to the elastic search resource, When I describe Domain.elasticsearch.aws.jet.crossplane.io/NAME I could see the securityGroupIds being passed to the elasticSearch as per the image attached. But when I see in the AWS console, the elasticSearch resource is taking the default securityGroup-ID.

It's same for status.atProvider.id and also for status.atProvider.securityGroupID. image

But, when we hardcode the securityGroupIds we get what we expect. But I am not able to dynamically create and patch the securityGroupId to the elasticsearch.aws.jet.crossplane.io.

VishnuPrasad-Xyram commented 1 year ago

@haarchri We tried with both provider-aws and provider-jet-aws for securityGroups. And patched the IDs to elasticsearch.aws.jet.crossplane.io using status.atProvider.id for provider-jet-aws and status.atProvider.securityGroupID for provider-aws.

In both cases securityGroup-ID is being patched to composite resource and we were able to refer and patch those IDs to elasticsearch.aws.jet.crossplane.io which I could see when I describe the Domain.elasticsearch.aws.jet.crossplane.io/NAME as mentioned in the screenshot attached in above comment.

In Both the cases(status.atProvider.id and also for status.atProvider.securityGroupID) the elasticsearch.aws.jet.crossplane.io resource is getting created using the default securityGroup.

Thanks in Advance