Closed haarchri closed 2 months ago
mbbush
commented
2 months ago @haarchri Are you seeing this when you create a ZoneAssociation with a spec.forProvider.region that's not equal to the spec.forProvider.vpcRegion? Can you try to produce an uptest manifest that fails?
And just to confirm, it's not reasonable to say "just set both region parameters to the same region" because doing this across regions is part of the point of this resource, right?
haarchri
commented
2 months ago We have both regions the same pre v1.x it was working and external-name was without region - after v1.2, v1.3 the external-name flaps between zone-id:vpc-id:region and zone-id:vpc-id - the other issue we see is that paused annotation or observe is not working - the provider is removing the association ...
jeanduplessis
commented
2 months ago It looks like https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/config/externalname.go#L686 does not match the new format. However, the TF code is backward compatible with the old ID. This probably happened during one of the recent TF provider bumps.
haarchri
commented
2 months ago this resource can have two formats of external-names or ?!
mbbush
commented
2 months ago I'm surprised to hear you say you're also seeing problems with the paused annotation or management policies. That part doesn't make sense to me how it could be related.
There are some resources for which terraform returns a different id format when they're created vs observed/imported. Object.s3 is one of them. But I don't know if that's what you're seeing or not.
haarchri
commented
2 months ago Before yesterday, we using ZoneAssociation from the official AWS provider v1.3.1 here along with a HostedZone from a community AWS provider. This setup allowed them to add their local VPC to the HostedZone and link zones from resolver VPC (other AWS-Account) without any problems.
However, when we switched to using only the official AWS provider v1.3.1 for their Zones yesterday, issues began to emerge. Specifically, if you set up the Zone use to the local VPC, the resolver VPC will be added by ZoneAssociation in status.atProvider.vpc. This causes the Zone Resource to disconnect the ZoneAssociation in the next reconcile loop.
We initially thought there was a problem with the pause or observe settings not working on the ZoneAssociation.
To fix this, we changed the VPC settings in the Zone Resource to use spec.initProvider.vpc[]. After making this adjustment, the external name in ZoneAssociation no longer includes the region information - and we see now both VPCs (local + resolver VPC) in status.atProvider.vpc
haarchri
commented
2 months ago The issue is in our example: https://github.com/crossplane-contrib/provider-upjet-aws/blob/main/examples/route53/v1beta1/zoneassociation.yaml#L39 we need to Change the vpc to initProvider
Is there an existing issue for this?
Affected Resource(s)
Resource MRs required to reproduce the bug
Steps to Reproduce
t.b.d
What happened?
we are experiencing issues with the ZoneAssociation provider is changing the external name from Z07140233D46T81NLRIZ3:vpc-12345678910 to Z07140233D46T81NLRIZ3:vpc-12345678910:eu-central-1 and back to Z07140233D46T81NLRIZ3:vpc-12345678910
Relevant Error Output Snippet
No response
Crossplane Version
v1.14.x
Provider Version
v1.3.1
Kubernetes Version
No response
Kubernetes Distribution
No response
Additional Info
in terraform provider-aws you can see the following information:
The VPC is in the same region where you have configured the Terraform AWS Provider:
% terraform import aws_route53_zone_association.example Z123456ABCDEFG:vpc-12345678The VPC is not in the same region where you have configured the Terraform AWS Provider:
% terraform import aws_route53_zone_association.example Z123456ABCDEFG:vpc-12345678:us-east-2