search

tagesjump / provider-upjet-yc

Crossplane provider for Yandex.Cloud
https://marketplace.upbound.io/providers/tages/provider-upjet-yc
Apache License 2.0
22 stars 1 forks source link

Bucket - using grant (acl conflict) #4

Closed abix5 closed 5 months ago

abix5 commented 6 months ago 
apiVersion: storage.yandex-cloud.jet.crossplane.io/v1alpha1
kind: Bucket
metadata:
  name: bucket-test
  annotations:
    argocd.argoproj.io/sync-wave: '-1'
spec:
  forProvider:
    accessKeyRef:
      name: upjet-sa-s3-static-key
    secretKeySecretRef:
      name: upjet-bucket-creds
      namespace: crossplane-system
      key: attribute.secret_key
    # acl: private
    grant:
      - id: ajerahbbona80b3knndo
        permissions:
          - FULL_CONTROL
        type: CanonicalUser
    bucket: p-bucket-upjet
  providerConfigRef:
    name: p-upjet-yc

Name:         bucket-test
Namespace:    
Labels:       <none>
Annotations:  argocd.argoproj.io/sync-wave: -1
              crossplane.io/external-create-pending: 2024-01-21T15:38:26Z
              crossplane.io/external-create-succeeded: 2024-01-21T15:38:31Z
              crossplane.io/external-name: p-bucket-upjet
              terrajet.crossplane.io/provider-meta: null
API Version:  storage.yandex-cloud.jet.crossplane.io/v1alpha1
Kind:         Bucket
Metadata:
  Creation Timestamp:  2024-01-21T15:38:26Z
  Finalizers:
    finalizer.managedresource.crossplane.io
  Generation:        3
  Resource Version:  614795105
  UID:               892b392a-12b0-4261-a2dd-42ca29f583c4
Spec:
  Deletion Policy:  Delete
  For Provider:
    Access Key:  YCAJEkF1c1AiCDXf7Ppk4ldM6
    Access Key Ref:
      Name:  upjet-sa-s3-static-key
    Acl:     private
    Anonymous Access Flags:
    Bucket:                 p-bucket-upjet
    Default Storage Class:  STANDARD
    Folder Id:              b1guugseh3jmtmgukcs5
    Grant:
      Id:  ajerahbbona80b3knndo
      Permissions:
        FULL_CONTROL
      Type:  CanonicalUser
    Secret Key Secret Ref:
      Key:        attribute.secret_key
      Name:       upjet-bucket-creds
      Namespace:  crossplane-system
    Versioning:
  Provider Config Ref:
    Name:  provider-upjet-yc
Status:
  At Provider:
    Bucket Domain Name: p-bucket-upjet.storage.yandexcloud.net
    Id:                  p-bucket-upjet
  Conditions:
    Last Transition Time:  2024-01-21T15:38:32Z
    Reason:                Available
    Status:                True
    Type:                  Ready
    Last Transition Time:  2024-01-21T15:38:33Z
    Message:               observe failed: cannot run refresh: refresh failed: Conflicting configuration arguments: "acl": conflicts with grant: File name: main.tf.json
Conflicting configuration arguments: "grant": conflicts with acl: File name: main.tf.json
    Reason:  ReconcileError
    Status:  False
    Type:    Synced
Events:
  Type     Reason                         Age              From                                                                  Message
  ----     ------                         ----             ----                                                                  -------
  Normal   CreatedExternalResource        5s               managed/storage.yandex-cloud.jet.crossplane.io/v1alpha1, kind=bucket  Successfully requested creation of external resource
  Warning  CannotObserveExternalResource  2s (x3 over 3s)  managed/storage.yandex-cloud.jet.crossplane.io/v1alpha1, kind=bucket  cannot run refresh: refresh failed: Conflicting configuration arguments: "acl": conflicts with grant: File name: main.tf.json
Conflicting configuration arguments: "grant": conflicts with acl: File name: main.tf.json

As you can see, I don’t specify the acl parameter, but after sync he sets it himself and talks about a conflict. As a result, the resource hangs.

ssch1337 commented 5 months ago

Hi, I tried to reproduce this bug in all possible test cases, but I was not successful.

Crossplane versions:

  • Chart Version: 1.14.5
  • Chart Application Version: 1.14.5

Provider:

  • Version: v0.1.5
  • Image: xpkg.upbound.io/tages/provider-upjet-yc:v0.1.5

I noticed a different apiVersion. I assume you have confused it with the official unsupported YandexCloud provider, which most likely has this bug. Our provider uses: storage.yandex-cloud.upjet.crossplane.io

The difference in apiVersion was made for a smooth transition between the official and our own provider.

You can see the API reference: Upbound Marketplace and DocCrd.

If you manage to reproduce this bug with our provider, please post a message in this thread!

Thanks for your issue, it helps us to be better!