`patchesFrom` fields are not reconciled automatically

[nsilve]

What happened?

Objects including patchesFrom references to object properties are not reconciled automatically.

How can we reproduce it?

Define a CRD with the following schema:

apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
  name: src
spec:
  group: test.crossplane.co
...
  claimNames:
    kind: CSPAccount
...
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                parameters:
                  type: object
                  properties:
                    field1:
                      type: string
                    field2:
                      type: string

and another one with the following one:

apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
  name: dst
spec:
  group: test.crossplane.co
...
  versions:
   - name: v1alpha1
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                CSPAccountConfig:
                  type: object
                  properties:
                    field1:
                      type: string

Use a composition to create an object of the 2nd schema using patch reference from an object of the 1st one:

apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  name: src-dst
...
    - name: dst
      base:
        apiVersion: kubernetes.crossplane.io/v1alpha1
        kind: Object
        spec:
          metadata:
            name: dst-obj
          references:
            - patchesFrom:
                apiVersion: test.crossplane.co/v1alpha1
                kind: CSPAccount
                name: src
                fieldPath: spec.parameters
              toFieldPath: spec.CSPAccountConfig

When the desired object is created, append to the dst schema another field (which exists in src schema):

                    field2:
                      type: string

The dst-obj is not updated to include that newly added field automatically. The manual workaround which does the job is to e.g. update a label of the dst-obj object into the provider object definition which triggers its reconciliation (so dst-obj field2 value is updated to the one that field2 field of src object has).

What environment did it happen in?

• Crossplane version: v1.13.2
• Cloud provider or hardware configuration: AWS
• Kubernetes version: v1.26.10-eks-4f4795d
• Kubernetes distribution: EKS
• OS: Amazon Linux 2
• Kernel: 5.10.192-183.736.amzn2.x86_64

[cwichka]

Hi @nsilve - what kubernetes provider version you are using ?

I started observing this issue when upgrading recently provider-kubernetes from v0.9.0 to v0.10.0 and crossplane from v1.14.1 to v1.14.5. the following object with patchFrom hangs

    - name: dp-cluster-secret
      base:
        apiVersion: kubernetes.crossplane.io/v1alpha1
        kind: Object
        metadata:
          name: dp-cluster-secret
        spec:
          providerConfigRef:
            name: kube-in-cluster-provider-conf
          forProvider:
            manifest:
              apiVersion: v1
              kind: Secret
              metadata:
                namespace: crossplane
              type: Opaque
          references:
            - patchesFrom:
                apiVersion: kubernetes.crossplane.io/v1alpha1
                kind: Object
                namespace: crossplane
                name: dp-secret-object
                fieldPath: status.atProvider.manifest.data.token
              toFieldPath: data.kubeApiBearerToken
            - patchesFrom:
                apiVersion: v1
                kind: Secret
                namespace: crossplane
                name: dp-secret
                fieldPath: data.kubeconfig
              toFieldPath: data.kubeconfig

[nsilve]

I was using v0.9.0 version of Kubernetes provider.