Open humoflife opened 3 months ago
Confirming that this issue is in the provider. Reproduced as follows through MR yaml.
Applied the following to create the cluster with logging:
apiVersion: rds.aws.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: rds/v1beta1/clusterendpoint
labels:
testing.upbound.io/example-name: default-ce
name: example-ce
spec:
forProvider:
enabledCloudwatchLogsExports:
- postgresql
engine: aurora-postgresql
manageMasterUserPassword: true
masterUsername: cpadmin
region: us-west-1
skipFinalSnapshot: true
writeConnectionSecretToRef:
name: sample-rds-cluster-secret
namespace: upbound-system
Then applied the following to try to turn logs off:
apiVersion: rds.aws.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
meta.upbound.io/example-id: rds/v1beta1/clusterendpoint
labels:
testing.upbound.io/example-name: default-ce
name: example-ce
spec:
forProvider:
enabledCloudwatchLogsExports: []
engine: aurora-postgresql
manageMasterUserPassword: true
masterUsername: cpadmin
region: us-west-1
skipFinalSnapshot: true
writeConnectionSecretToRef:
name: sample-rds-cluster-secret
namespace: upbound-system
See attached screenshot that shows that logs are still turned on:
It also shows that the enabledCloudWatchLogsExport
is still set after applying an empty array per below.
k get cluster.rds.aws.upbound.io/example-ce -o yaml
apiVersion: rds.aws.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
crossplane.io/external-create-pending: "2024-05-01T20:21:30Z"
crossplane.io/external-create-succeeded: "2024-05-01T20:21:30Z"
crossplane.io/external-name: example-ce
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"rds.aws.upbound.io/v1beta1","kind":"Cluster","metadata":{"annotations":{"meta.upbound.io/example-id":"rds/v1beta1/clusterendpoint"},"labels":{"testing.upbound.io/example-name":"default-ce"},"name":"example-ce"},"spec":{"forProvider":{"enabledCloudwatchLogsExports":[],"engine":"aurora-postgresql","manageMasterUserPassword":true,"masterUsername":"cpadmin","region":"us-west-1","skipFinalSnapshot":true},"writeConnectionSecretToRef":{"name":"sample-rds-cluster-secret","namespace":"upbound-system"}}}
meta.upbound.io/example-id: rds/v1beta1/clusterendpoint
creationTimestamp: "2024-05-01T20:21:30Z"
finalizers:
- finalizer.managedresource.crossplane.io
generation: 6
labels:
testing.upbound.io/example-name: default-ce
name: example-ce
resourceVersion: "46846"
uid: 532eb99c-47fd-4530-934b-a17e3aead6db
spec:
deletionPolicy: Delete
forProvider:
allocatedStorage: 1
availabilityZones:
- us-west-1b
- us-west-1c
backupRetentionPeriod: 1
dbClusterParameterGroupName: default.aurora-postgresql15
dbSubnetGroupName: default
deleteAutomatedBackups: true
enabledCloudwatchLogsExports:
- postgresql
engine: aurora-postgresql
engineMode: provisioned
engineVersion: "15.4"
manageMasterUserPassword: true
masterUsername: cpadmin
networkType: IPV4
port: 5432
preferredBackupWindow: 06:58-07:28
preferredMaintenanceWindow: tue:06:26-tue:06:56
region: us-west-1
skipFinalSnapshot: true
tags:
crossplane-kind: cluster.rds.aws.upbound.io
crossplane-name: example-ce
crossplane-providerconfig: default
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
name: default
writeConnectionSecretToRef:
name: sample-rds-cluster-secret
namespace: upbound-system
status:
atProvider:
allocatedStorage: 1
arn: arn:aws:rds:us-west-1:218131738736:cluster:example-ce
availabilityZones:
- us-west-1b
- us-west-1c
backtrackWindow: 0
backupRetentionPeriod: 1
clusterResourceId: cluster-UR7HFRWZEZHJNWQPX3HQ2HOS7U
copyTagsToSnapshot: false
dbClusterInstanceClass: ""
dbClusterParameterGroupName: default.aurora-postgresql15
dbSubnetGroupName: default
dbSystemId: ""
deleteAutomatedBackups: true
deletionProtection: false
enableGlobalWriteForwarding: false
enableHttpEndpoint: false
enabledCloudwatchLogsExports:
- postgresql
endpoint: example-ce.cluster-cp00ewyprrnv.us-west-1.rds.amazonaws.com
engine: aurora-postgresql
engineMode: provisioned
engineVersion: "15.4"
engineVersionActual: "15.4"
globalClusterIdentifier: ""
hostedZoneId: Z10WI91S59XXQN
iamDatabaseAuthenticationEnabled: false
id: example-ce
iops: 0
kmsKeyId: ""
manageMasterUserPassword: true
masterUserSecret:
- kmsKeyId: arn:aws:kms:us-west-1:218131738736:key/65b01394-d118-4176-b3c6-562bec1ccf2e
secretArn: arn:aws:secretsmanager:us-west-1:218131738736:secret:rds!cluster-3dcfdc5b-cfb7-40aa-969e-6313d85708ab-tL8TsT
secretStatus: active
masterUsername: cpadmin
networkType: IPV4
port: 5432
preferredBackupWindow: 06:58-07:28
preferredMaintenanceWindow: tue:06:26-tue:06:56
readerEndpoint: example-ce.cluster-ro-cp00ewyprrnv.us-west-1.rds.amazonaws.com
replicationSourceIdentifier: ""
skipFinalSnapshot: true
storageEncrypted: false
storageType: ""
tags:
crossplane-kind: cluster.rds.aws.upbound.io
crossplane-name: example-ce
crossplane-providerconfig: default
tagsAll:
crossplane-kind: cluster.rds.aws.upbound.io
crossplane-name: example-ce
crossplane-providerconfig: default
vpcSecurityGroupIds:
- sg-e733d3af
conditions:
- lastTransitionTime: "2024-05-01T20:22:15Z"
reason: Available
status: "True"
type: Ready
- lastTransitionTime: "2024-05-01T20:21:30Z"
reason: ReconcileSuccess
status: "True"
type: Synced
- lastTransitionTime: "2024-05-01T20:22:13Z"
reason: Success
status: "True"
type: LastAsyncOperation
Conversely, when starting with a new cluster and applying an empty array, the enabledCoudWatchLogs
array is in the request map and absent from the atProvider
fields.
apiVersion: rds.aws.upbound.io/v1beta1
kind: Cluster
metadata:
annotations:
crossplane.io/external-create-pending: "2024-05-01T20:36:56Z"
crossplane.io/external-create-succeeded: "2024-05-01T20:36:56Z"
crossplane.io/external-name: example-ce
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"rds.aws.upbound.io/v1beta1","kind":"Cluster","metadata":{"annotations":{"meta.upbound.io/example-id":"rds/v1beta1/clusterendpoint"},"labels":{"testing.upbound.io/example-name":"default-ce"},"name":"example-ce"},"spec":{"forProvider":{"enabledCloudwatchLogsExports":[],"engine":"aurora-postgresql","manageMasterUserPassword":true,"masterUsername":"cpadmin","region":"us-west-1","skipFinalSnapshot":true},"writeConnectionSecretToRef":{"name":"sample-rds-cluster-secret","namespace":"upbound-system"}}}
meta.upbound.io/example-id: rds/v1beta1/clusterendpoint
creationTimestamp: "2024-05-01T20:36:56Z"
finalizers:
- finalizer.managedresource.crossplane.io
generation: 3
labels:
testing.upbound.io/example-name: default-ce
name: example-ce
resourceVersion: "48453"
uid: b5e5b4d0-22ab-4e4d-bb6e-44a04a3d4078
spec:
deletionPolicy: Delete
forProvider:
allocatedStorage: 1
availabilityZones:
- us-west-1b
- us-west-1c
backupRetentionPeriod: 1
dbClusterParameterGroupName: default.aurora-postgresql15
dbSubnetGroupName: default
deleteAutomatedBackups: true
engine: aurora-postgresql
engineMode: provisioned
engineVersion: "15.4"
manageMasterUserPassword: true
masterUsername: cpadmin
networkType: IPV4
port: 5432
preferredBackupWindow: 09:02-09:32
preferredMaintenanceWindow: mon:09:43-mon:10:13
region: us-west-1
skipFinalSnapshot: true
tags:
crossplane-kind: cluster.rds.aws.upbound.io
crossplane-name: example-ce
crossplane-providerconfig: default
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
name: default
writeConnectionSecretToRef:
name: sample-rds-cluster-secret
namespace: upbound-system
status:
atProvider:
allocatedStorage: 1
arn: arn:aws:rds:us-west-1:218131738736:cluster:example-ce
availabilityZones:
- us-west-1b
- us-west-1c
backtrackWindow: 0
backupRetentionPeriod: 1
clusterResourceId: cluster-FLOH7SKAAPV4FF6OR2PJKIS5CI
copyTagsToSnapshot: false
dbClusterInstanceClass: ""
dbClusterParameterGroupName: default.aurora-postgresql15
dbSubnetGroupName: default
dbSystemId: ""
deleteAutomatedBackups: true
deletionProtection: false
enableGlobalWriteForwarding: false
enableHttpEndpoint: false
endpoint: example-ce.cluster-cp00ewyprrnv.us-west-1.rds.amazonaws.com
engine: aurora-postgresql
engineMode: provisioned
engineVersion: "15.4"
engineVersionActual: "15.4"
globalClusterIdentifier: ""
hostedZoneId: Z10WI91S59XXQN
iamDatabaseAuthenticationEnabled: false
id: example-ce
iops: 0
kmsKeyId: ""
manageMasterUserPassword: true
masterUserSecret:
- kmsKeyId: arn:aws:kms:us-west-1:218131738736:key/65b01394-d118-4176-b3c6-562bec1ccf2e
secretArn: arn:aws:secretsmanager:us-west-1:218131738736:secret:rds!cluster-bb3dae8d-cce6-480e-8b9d-24504c736336-dn79Cu
secretStatus: active
masterUsername: cpadmin
networkType: IPV4
port: 5432
preferredBackupWindow: 09:02-09:32
preferredMaintenanceWindow: mon:09:43-mon:10:13
readerEndpoint: example-ce.cluster-ro-cp00ewyprrnv.us-west-1.rds.amazonaws.com
replicationSourceIdentifier: ""
skipFinalSnapshot: true
storageEncrypted: false
storageType: ""
tags:
crossplane-kind: cluster.rds.aws.upbound.io
crossplane-name: example-ce
crossplane-providerconfig: default
tagsAll:
crossplane-kind: cluster.rds.aws.upbound.io
crossplane-name: example-ce
crossplane-providerconfig: default
vpcSecurityGroupIds:
- sg-e733d3af
conditions:
- lastTransitionTime: "2024-05-01T20:38:01Z"
reason: Available
status: "True"
type: Ready
- lastTransitionTime: "2024-05-01T20:36:56Z"
reason: ReconcileSuccess
status: "True"
type: Synced
- lastTransitionTime: "2024-05-01T20:37:59Z"
reason: Success
status: "True"
type: LastAsyncOperation
when entirely omitting the enabledCloudwatchLogsExports field which is possible through function-go-templating, then the external resource array is cleared and logging will stop.
Hi @humoflife, thank you for bringing up this issue, is this still valid with the provider version 1.4.0?
Is there an existing issue for this?
Affected Resource(s)
rds.aws.upbound.io/v1beta1: Cluster
Resource MRs required to reproduce the bug
rds.aws.upbound.io/v1beta1: Cluster rds.aws.upbound.io/v1beta1: SubnetGroup ec2.aws.upbound.io/v1beta1: Subnet ec2.aws.upbound.io/v1beta1: VPC
Steps to Reproduce
Create an rds.aws.upbound.io/v1beta1: Cluster.
Enable cloudwatch logs as follows on initial install.
enabledCloudwatchLogsExport:
postgresql
Consecutively, try to turn cloudwatch logs off.
enabledCloudwatchLogsExport: []
What happened?
The enabledCloudwatchLogsExport is not updated, and the logs are not turned off.
Relevant Error Output Snippet
Crossplane Version
v1.14.3-up.1
Provider Version
v0.47.1
Kubernetes Version
v1.29.1
Kubernetes Distribution
EKS
Additional Info
This behavior may impact more than the RDS enabledCloudwatchLogsExport array. Perhaps more arrays that need to be explicitly cleared to remove a configuration are not? Perhaps this can and/or should be centrally solved in Upjet instead of for a specific provider GVK?