search

crossplane-contrib / provider-upjet-aws

AWS Provider for Crossplane.
https://marketplace.upbound.io/providers/upbound/provider-family-aws/
Apache License 2.0
146 stars 123 forks source link

cognito: `UserPool` CRD has many parameters as array while they are not #443

Closed yibo-long closed 1 month ago

yibo-long commented 1 year ago

What happened?

Many parameters in cognitoidp.aws.upbound.io/v1beta1.UserPool are specified as an array while it actually should be object since they should only be either set once or optional.

Those are what we got issues while trying to use:

How can we reproduce it?

We have composition like this:

---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  name: cognito.aws.span.io
  labels:
    provider: aws
spec:
  writeConnectionSecretsToNamespace: upbound-system
  compositeTypeRef:
    apiVersion: aws.span.io/v1alpha1
    kind: XCognito
  resources:
  - name: UserPool
    base:
      apiVersion: cognitoidp.aws.upbound.io/v1beta1
      kind: UserPool
      spec:
        forProvider:
          name: ""
          accountRecoverySetting:
            recoveryMechanism:
              name: verified_email
              priority: 1
          adminCreateUserConfig:
            allowAdminCreateUserOnly: true
...

While trying to use this composition, it got those errors:

cannot render composed resource from resource template at index 0: cannot use dry-run create to name composed resource: UserPool.cognitoidp.aws.upbound.io "*****" is invalid: [spec.forProvider.accountRecoverySetting: Invalid value: "object": spec.forProvider.accountRecoverySetting in body must be of type array: "object", spec.forProvider.adminCreateUserConfig: Invalid value: "object": spec.forProvider.adminCreateUserConfig in body must be of type array: "object" ... ]

So it requires an array like for those config while it doesn't make sense as an array:

---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  name: cognito.aws.span.io
  labels:
    provider: aws
spec:
  writeConnectionSecretsToNamespace: upbound-system
  compositeTypeRef:
    apiVersion: aws.span.io/v1alpha1
    kind: XCognito
  resources:
  - name: UserPool
    base:
      apiVersion: cognitoidp.aws.upbound.io/v1beta1
      kind: UserPool
      spec:
        forProvider:
          name: ""
          accountRecoverySetting:
          - recoveryMechanism:
            - name: verified_email
              priority: 1
          adminCreateUserConfig:
          - allowAdminCreateUserOnly: true

What environment did it happen in?

yibo-long commented 1 year ago

Now I see this comes from the schema of Terraform: https://github.com/hashicorp/terraform-provider-aws/blob/1076f598ee88175e7409c5887edcf87e6cbeab20/internal/service/cognitoidp/user_pool.go#L39 While AWS is not specifying them as array: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html

So it's probably an expected result, but I am curious why it's implemented in this way.

turkenf commented 1 year ago

This issue has been blocked due to issue: One-element arrays could be considered as objects

github-actions[bot] commented 2 months ago

This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

github-actions[bot] commented 1 month ago

This issue is being closed since there has been no activity for 14 days since marking it as stale. If you still need help, feel free to comment or reopen the issue!