search

crossplane-contrib / provider-upjet-aws

Official AWS Provider for Crossplane by Upbound.
https://marketplace.upbound.io/providers/upbound/provider-aws
Apache License 2.0
137 stars 112 forks source link

[Bug]: Secret Manager Version Resource Update Causing Sync Errors #1373

Open blakeromano opened 1 week ago

blakeromano commented 1 week ago

Is there an existing issue for this?

Affected Resource(s)

Resource MRs required to reproduce the bug

---
apiVersion: secretsmanager.aws.upbound.io/v1beta1
kind: Secret
metadata:
  name: test
  labels:
    name: test
spec:
  forProvider:
    name: test
    region: us-east-2
  managementPolicies:
  - Create
  - LateInitialize
  - Observe
  - Update
  providerConfigRef:
    name: aws-provider
---
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
metadata:
  name: test
spec:
  forProvider:
    manifest:
      apiVersion: v1
      kind: Secret
      metadata:
        name: test
        namespace: crossplane-system
      stringData:
        secret: |-
          {
            "test": "test"
          }
  providerConfigRef:
    name: kubernetes-provider
---
apiVersion: secretsmanager.aws.upbound.io/v1beta1
kind: SecretVersion
metadata:
  name: test
spec:
  initProvider:
    versionStages:
      - AWSCURRENT
  forProvider:
    region: us-east-1
    secretIdSelector:
      matchLabels:
        name: test
    secretStringSecretRef:
      key: secret
      name: test
      namespace: crossplane-system
  managementPolicies:
  - Create
  - LateInitialize
  - Observe
  - Update
  providerConfigRef:
    name: aws-provider

Steps to Reproduce

Apply the managed resources, go to the AWS Console, manually update the AWS Secret. Wait until Crossplane reconciles again (to speed this up I added Delete to the managementPolicies). See the error.

What happened?

I'd expect because the initProvider is set to only initialize it the secretVersion to AWSCURRENT that when the version is no longer current it would ignore that change and continue reconciling and get into a good state.

Relevant Error Output Snippet

conditions:
  - lastTransitionTime: "2024-06-23T17:16:18Z"
    message: 'update failed: async update failed: failed to update the resource: [{0
      updating Secrets Manager Secret "ARN"
      Version Stage "AWSCURRENT": InvalidParameterException: The parameter RemoveFromVersionId
      can''t be empty. Staging label AWSCURRENT is currently attached to version VERSION-ID,
      so you must explicitly reference that version in RemoveFromVersionId.  []}]'
    reason: ReconcileError
    status: "False"
    type: Synced
  - lastTransitionTime: "2024-06-23T17:15:09Z"
    reason: Available
    status: "True"
    type: Ready
  - lastTransitionTime: "2024-06-23T17:16:18Z"
    message: 'async update failed: failed to update the resource: [{0 updating Secrets
      Manager Secret "ARN"
      Version Stage "AWSCURRENT": InvalidParameterException: The parameter RemoveFromVersionId
      can''t be empty. Staging label AWSCURRENT is currently attached to version VERSION-ID,
      so you must explicitly reference that version in RemoveFromVersionId.  []}]'
    reason: AsyncUpdateFailure
    status: "False"
    type: LastAsyncOperation

Crossplane Version

1.16.0

Provider Version

1.7.0

Kubernetes Version

Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.4", GitCommit:"fa3d7990104d7c1f16943a67f11b154b71f6a132", GitTreeState:"clean", BuildDate:"2023-07-19T12:14:48Z", GoVersion:"go1.20.6", Compiler:"gc", Platform:"darwin/arm64"} Kustomize Version: v5.0.1 Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.3", GitCommit:"25b4e43193bcda6c7328a6d147b1fb73a33f1598", GitTreeState:"clean", BuildDate:"2023-06-15T00:38:14Z", GoVersion:"go1.20.5", Compiler:"gc", Platform:"linux/arm64"}

Kubernetes Distribution

Kind and EKS

Additional Info

No response