search

crossplane-contrib / provider-jet-aws

AWS Provider for Crossplane that is built with Terrajet.
https://crossplane.io
Apache License 2.0
37 stars 30 forks source link

S3 bucket does not store any data in k8s secret #245

Open asajoshi opened 1 year ago

asajoshi commented 1 year ago

Expected behaviour

S3 bucket resource needs to store connection details such as region and endpoint to k8s secret , similar to IAM resource example.

Actual behaviour

When a resource is created, it creates a blank k8s secret with no data propagated.

Steps to reproduce

Installation

check latest version from releases

# provider.yaml 
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
  name: vault
spec:
  podSecurityContext:
    fsGroup: 2000
  args:
    - --enable-external-secret-stores
    - --debug
  metadata:
    annotations:
      vault.hashicorp.com/agent-inject: "true"
      vault.hashicorp.com/agent-inject-token: "true"
      vault.hashicorp.com/role: crossplane
      vault.hashicorp.com/agent-run-as-user: "2000"

---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: crossplane-provider-jet-aws
spec:
  package: crossplane/provider-jet-aws:v0.5.0
  controllerConfigRef:
    name: vault

# providerconfig.yaml 
apiVersion: aws.jet.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    source: Secret
    secretRef:
        namespace: crossplane-system
        name: aws-creds
        key: creds

kubectl apply -f provider.yaml 
kubectl apply -f providerconfig.yaml

# verify it's healthy 
kubectl describe providers.pkg.crossplane.io crossplane-provider-jet-aws

configuration

# store aws access and secret keys in creds.conf file
AWS_PROFILE=default && echo -e "[default]\naws_access_key_id = $(aws configure get aws_access_key_id --profile $AWS_PROFILE)\naws_secret_access_key = $(aws configure get aws_secret_access_key --profile $AWS_PROFILE)" > creds.conf

#create a provider secret 
kubectl create secret generic aws-creds -n crossplane-system --from-file=creds=./creds.conf

# apply provider config to use that secret
kubectl apply -f providerconfig.yaml

Simple s3 bucket creation: Tried to run the s3 example given by provider-jet-aws

apiVersion: s3.aws.jet.crossplane.io/v1alpha2
kind: Bucket
metadata:
  name: sample-bucket-by-asa
  annotations:
    # This will be the actual bucket name. It must be globally unique, so you
    # probably want to change it before trying to apply this example.
    crossplane.io/external-name: crossplane-example-bucket-by-asa
spec:
  forProvider:
    region: us-west-1
    acl: private
    tags:
      Name: SampleBucket
  writeConnectionSecretToRef:
    name: s3connectiondetails
    namespace: crossplane-system

This creates a blank secret with no data such as region and endpoint, whereas in iam accesskey example, accesskeys are propagated in the secret.

Conclusion/ Observation - Implementation for secret propagation seems missing for s3 bucket.