Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RDS] pendingModifiedValues not respected - caCertificateIdentifier causes reconcile loop #2060

Open
eloo-abi opened this issue May 13, 2024 · 2 comments
Open

[RDS] pendingModifiedValues not respected - caCertificateIdentifier causes reconcile loop #2060

eloo-abi opened this issue May 13, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@eloo-abi
Copy link
Contributor

What happened?

We are right now updating our rds certificates and have discovered a similar issue like described in this ticket #1889
At least we see additional unexpected behaviour here.

We do not want to set the applyImmediatelly to true and just want to use the common maintenance window configured in our instance.
But with that change in place we are getting reconcile loops caused by crossplane.
It looks like the pendingModifiedValues is not respected in the calculateDiff or isUpDate function.

We are getting a lot of this diffs in our logs

Found observed difference in dbinstance
  &v1alpha1.DBInstanceParameters{
  	... // 2 ignored and 3 identical fields
  	BackupRetentionPeriod:   nil,
  	BackupTarget:            nil,
- 	CACertificateIdentifier: nil,
+ 	CACertificateIdentifier: &"rds-ca-rsa2048-g1",
  	CharacterSetName:        nil,
  	CopyTagsToSnapshot:      nil,
  	... // 7 ignored and 41 identical fields
  }

and our instance are the whole time "updating"

in the status we see the pendingModifiedValues as expected:

    pendingModifiedValues:
      caCertificateIdentifier: rds-ca-rsa2048-g1

So i would expect crossplane is checking this two values and then ignore this change.
Further its weird that - CACertificateIdentifier: nil, is "nil" because in the forProvider.caCertificateIdentifier we had before the old value.

How can we reproduce it?

  • Create a MR for RDS with caCertificateIdentifier: rds-ca-2019
  • Apply a patch like this
k patch --patch '{"spec": {"forProvider": {"caCertificateIdentifier": "rds-ca-rsa2048-g1"}}}' --type merge <your-instance>
  • Ensure applyImmediately: false
  • See your dbinstance updating the whole time without any modification

What environment did it happen in?

Crossplane versions:
xpkg.upbound.io/crossplane/crossplane:v1.15.2
xpkg.upbound.io/crossplane-contrib/provider-aws:v0.47.2
@eloo-abi eloo-abi added the bug Something isn't working label May 13, 2024
@github-actions GitHub Actions
Copy link

Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

@github-actions github-actions bot added the stale label Aug 12, 2024
@eloo-abi
Copy link
Contributor Author

/fresh

@github-actions github-actions bot removed the stale label Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eloo-abi