search

crossplane-contrib / provider-upjet-aws

Official AWS Provider for Crossplane by Upbound.
https://marketplace.upbound.io/providers/upbound/provider-aws
Apache License 2.0
137 stars 112 forks source link

[Bug]: Opensearch DomainPolicy domainNameRef issue #1381

Open headyj opened 4 days ago

headyj commented 4 days ago

Is there an existing issue for this?

Affected Resource(s)

Resource MRs required to reproduce the bug

No response

Steps to Reproduce

Just trying to add an access policy to my opensearch domain:

apiVersion: opensearch.aws.upbound.io/v1beta1
kind: Domain
metadata:
  name: company-opensearch
spec:
  forProvider:
    clusterConfig:
      - instanceType: m6g.large.search
    domainName: company-opensearch
    advancedSecurityOptions:
      - enabled: true
        masterUserOptions:
          - masterUserArn: "arn:aws:iam::****:user/******"
    cognitoOptions:
      - enabled: true
        userPoolId: eu-west-2_zgGOIjTf1
        identityPoolId: eu-west-2:******
        roleArn: arn:aws:iam::******:role/******
    ebsOptions:
      - ebsEnabled: true
        volumeSize: 100
        volumeType: gp3
    engineVersion: OpenSearch_2.13
    encryptAtRest:
      - enabled: true
    nodeToNodeEncryption:
      - enabled: true
    domainEndpointOptions:
      - enforceHttps: true
        tlsSecurityPolicy: "Policy-Min-TLS-1-2-2019-07"
    region: eu-west-2
  providerConfigRef:
    name:  provider-aws-opensearch
---
apiVersion: opensearch.aws.upbound.io/v1beta1
kind: DomainPolicy
metadata:
  name: opensearch-access-policy
spec:
  forProvider:
    domainNameRef:
      name: company-opensearch
    accessPolicies: |
      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Action": "es:*",
                  "Principal": "*",
                  "Effect": "Allow",
                  "Condition": {
                      "IpAddress": {"aws:SourceIp": "********/32"}
                  },
                  "Resource": "*"
              }
          ]
      }
    region: eu-west-2
  providerConfigRef:
    name:  provider-aws-opensearch

is returning the following error:

async create failed: failed to create the resource: [{0 updating OpenSearch Domain Policy (): ValidationException: 2 validation errors detected: Value ''arn:aws:es:eu-west-2:*******:domain/company-opensearch'' at ''domainName'' failed to satisfy constraint: Member must satisfy regular expression pattern: [a-z][a-z0-9\-]+; Value ''arn:aws:es:eu-west-2:*******:domain/company-opensearch'' at ''domainName'' failed to satisfy constraint: Member must have length less than or equal to 28  []}]'


### What happened?

It's the first time I try to create a DomainPolicy, so no difference. Just that it doesn't seems to work as expected

### Relevant Error Output Snippet

_No response_

### Crossplane Version

1.16.0

### Provider Version

1.8.0 (also tried with 1.7.0)

### Kubernetes Version

1.29

### Kubernetes Distribution

EKS

### Additional Info

_No response_