search

crossplane-contrib / provider-upjet-aws

AWS Provider for Crossplane.
https://marketplace.upbound.io/providers/upbound/provider-family-aws/
Apache License 2.0
148 stars 125 forks source link

[Bug]: ECR LifecyclePolicy updating not possible #1558

Open applike-ss opened 2 weeks ago

applike-ss commented 2 weeks ago

Is there an existing issue for this?

Affected Resource(s)

apiVersion: ecr.aws.upbound.io/v1beta1 kind: LifecyclePolicy

Resource MRs required to reproduce the bug

apiVersion: ecr.aws.upbound.io/v1beta1
kind: LifecyclePolicy
metadata:
  name: xyz
spec:
  deletionPolicy: Delete
  forProvider:
    policy: |
      {
        "rules": [
          {
            "rulePriority": 10,
            "description": "Keep latest tags",
            "selection": {
              "tagStatus": "tagged",
              "tagPrefixList": [
                "latest"
              ],
              "countType": "imageCountMoreThan",
              "countNumber": 1
            },
            "action": {
              "type": "expire"
            }
          },
          {
            "rulePriority": 20,
            "description": "Keep 5 deployed tags",
            "selection": {
              "tagStatus": "tagged",
              "tagPrefixList": [
                "deployed-"
              ],
              "countType": "imageCountMoreThan",
              "countNumber": 5
            },
            "action": {
              "type": "expire"
            }
          },
          {
            "rulePriority": 30,
            "description": "Remove untagged images",
            "selection": {
              "tagStatus": "untagged",
              "countType": "imageCountMoreThan",
              "countNumber": 1
            },
            "action": {
              "type": "expire"
            }
          },
          {
            "rulePriority": 40,
            "description": "Keep last 30 images",
            "selection": {
              "tagStatus": "any",
              "countType": "imageCountMoreThan",
              "countNumber": 30
            },
            "action": {
              "type": "expire"
            }
          }
        ]
      }
    region: eu-central-1
    repository: xyz
  initProvider: {}
  managementPolicies:
    - '*'
  providerConfigRef:
    name: default
---
apiVersion: ecr.aws.upbound.io/v1beta1
kind: LifecyclePolicy
metadata:
  name: xyz
spec:
  deletionPolicy: Delete
  forProvider:
    policy: |
      {
        "rules": [
          {
            "rulePriority": 10,
            "description": "Keep 3 latest tags",
            "selection": {
              "tagStatus": "tagged",
              "tagPrefixList": [
                "latest"
              ],
              "countType": "imageCountMoreThan",
              "countNumber": 3
            },
            "action": {
              "type": "expire"
            }
          },
          {
            "rulePriority": 20,
            "description": "Keep 5 deployed tags",
            "selection": {
              "tagStatus": "tagged",
              "tagPrefixList": [
                "deployed-"
              ],
              "countType": "imageCountMoreThan",
              "countNumber": 5
            },
            "action": {
              "type": "expire"
            }
          },
          {
            "rulePriority": 30,
            "description": "Remove untagged images",
            "selection": {
              "tagStatus": "untagged",
              "countType": "imageCountMoreThan",
              "countNumber": 1
            },
            "action": {
              "type": "expire"
            }
          },
          {
            "rulePriority": 40,
            "description": "Keep last 30 images",
            "selection": {
              "tagStatus": "any",
              "countType": "imageCountMoreThan",
              "countNumber": 30
            },
            "action": {
              "type": "expire"
            }
          }
        ]
      }
    region: eu-central-1
    repository: xyz
  initProvider: {}
  managementPolicies:
    - '*'
  providerConfigRef:
    name: default
---

Steps to Reproduce

apply doc 1, wait for it to become ready, then apply doc 2 and see how the update triggers an error and resource does not get synced

What happened?

I did expect crossplane to update/recreate the lifecycle policy upon updating the k8s resource.

This did not happen.

Instead I do get this message in the synced field:

Relevant Error Output Snippet

update failed: async update failed: refuse to update the external
        resource because the following update requires replacing it: cannot
        change the value of the argument "policy" from
        "{\"rules\":[{\"action\":{\"type\":\"expire\"},\"description\":\"Keep
        the latest
        tag\",\"rulePriority\":10,\"selection\":{\"countNumber\":1,\"countType\":\"imageCountMoreThan\",\"tagPrefixList\":[\"latest\"],\"tagStatus\":\"tagged\"}},{\"action\":{\"type\":\"expire\"},\"description\":\"Keep
        5 deployed
        tags\",\"rulePriority\":20,\"selection\":{\"countNumber\":5,\"countType\":\"imageCountMoreThan\",\"tagPrefixList\":[\"deployed-\"],\"tagStatus\":\"tagged\"}},{\"action\":{\"type\":\"expire\"},\"description\":\"Remove
        untagged
        images\",\"rulePriority\":30,\"selection\":{\"countNumber\":1,\"countType\":\"imageCountMoreThan\",\"tagStatus\":\"untagged\"}},{\"action\":{\"type\":\"expire\"},\"description\":\"Keep
        last 30
        images\",\"rulePriority\":40,\"selection\":{\"countNumber\":30,\"countType\":\"imageCountMoreThan\",\"tagStatus\":\"any\"}}]}"
        to "{\"rules\":[{\"action\":{\"type\":\"expire\"},\"description\":\"Keep
        3 latest
        tags\",\"rulePriority\":10,\"selection\":{\"countNumber\":3,\"countType\":\"imageCountMoreThan\",\"tagPrefixList\":[\"latest\"],\"tagStatus\":\"tagged\"}},{\"action\":{\"type\":\"expire\"},\"description\":\"Keep
        5 deployed
        tags\",\"rulePriority\":20,\"selection\":{\"countNumber\":5,\"countType\":\"imageCountMoreThan\",\"tagPrefixList\":[\"deployed-\"],\"tagStatus\":\"tagged\"}},{\"action\":{\"type\":\"expire\"},\"description\":\"Remove
        untagged
        images\",\"rulePriority\":30,\"selection\":{\"countNumber\":1,\"countType\":\"imageCountMoreThan\",\"tagStatus\":\"untagged\"}},{\"action\":{\"type\":\"expire\"},\"description\":\"Keep
        last 30
        images\",\"rulePriority\":40,\"selection\":{\"countNumber\":30,\"countType\":\"imageCountMoreThan\",\"tagStatus\":\"any\"}}]}"

Crossplane Version

v1.17.1-up.1

Provider Version

v1.16.0

Kubernetes Version

v1.31.0-eks-a737599

Kubernetes Distribution

EKS

Additional Info

No response