Wrong jsonPath to get sensitive parameters with latest 1.4.0

[llavaud]

What happened?

It seems this PR #406 introduced a bug. With an AWS IAM AccessKey, I endup with the following error, because of a wrong jsonPath (spec.forProvider.status.atProvider.secret)

cannot store sensitive parameters into params: cannot expand wildcard for xp resource: cannot expand wildcards for segments: \"spec.forProvider.status.atProvider.secret\": spec.forProvider.status: not an object"

How can we reproduce it?

1. use the latest provider-aws-iam 1.5.0 builded with the latest upjet 1.4.0
2. create an AWS IAM AccessKey resource and look for the reconcile error in the object status

[ulucinar]

Hi @llavaud, Thanks for reporting this issue. I've successfully reproduced it. The root cause of the issue is for resources with sensitive attributes and a non-object spec.forProvider.status or spec.initProvider.status field, the fieldpath library's ExpandWildcards errors instead of returning an empty set of expanded parameters. For more context, please refer to the description of https://github.com/crossplane/upjet/pull/417.

We've prepared an upjet fix and consume it in https://github.com/crossplane-contrib/provider-upjet-aws/pull/1344.

Thank you!

[ulucinar]

The fix is expected with the v1.6.0 version of the provider.