Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Creating or importing rds-cluster with kms-key supplied by selector fails #1523

Closed
1 task done
kaessert opened this issue Oct 14, 2024 · 0 comments · Fixed by #1533
Closed
1 task done

[Bug]: Creating or importing rds-cluster with kms-key supplied by selector fails #1523

kaessert opened this issue Oct 14, 2024 · 0 comments · Fixed by #1533
Labels
bug Something isn't working needs:triage

Comments

@kaessert
Copy link

kaessert commented Oct 14, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Affected Resource(s)

cluster.rds.aws.upbound.io/v1beta2

Resource MRs required to reproduce the bug

apiVersion: kms.aws.upbound.io/v1beta1
kind: Key
metadata:
  labels:
    testing.upbound.io/example-name: sample-key
  name: sample-key
spec:
  forProvider:
    deletionWindowInDays: 7
    description: Created with Crossplane
    region: us-west-1
---

apiVersion: rds.aws.upbound.io/v1beta1
kind: Cluster
metadata:
  annotations:
    meta.upbound.io/example-id: rds/v1beta1/clusterendpoint
  labels:
    testing.upbound.io/example-name: default-ce
  name: kms-test
spec:
  forProvider:
    engine: aurora-postgresql
    masterPasswordSecretRef:
      key: password
      name: sample-cluster-password
      namespace: upbound-system
    masterUsername: cpadmin
    region: us-west-1
    skipFinalSnapshot: true
    storageEncrypted: true
    kmsKeyIdSelector:
      matchLabels:
        testing.upbound.io/example-name: sample-key
  writeConnectionSecretToRef:
    name: sample-rds-cluster-secret
    namespace: upbound-system

Steps to Reproduce

Create a kms-key and an rds-cluster with the supplied configuration or import an existing rds-cluster with the given configuration.

What happened?

After applying the provided configuration, an rds-cluster is created with the proper kms-key. However, subsequent reconciliation-loops will error-out, as well as do imports if the cluster resource is orphaned and re-imported.

Relevant Error Output Snippet

- lastTransitionTime: "2024-10-14T09:47:42Z"
      message: 'update failed: async update failed: refuse to update the external
        resource because the following update requires replacing it: cannot change
        the value of the argument "kms_key_id" from "arn:aws:kms:us-west-1:609897127049:key/fe56bc8c-8eaa-44fd-bb42-1639cb4d1267"
        to "fe56bc8c-8eaa-44fd-bb42-1639cb4d1267"'
      reason: ReconcileError
      status: "False"
      type: Synced


### Crossplane Version

v1.17.1-up.1

### Provider Version

v1.15.0

### Kubernetes Version

v1.31.0

### Kubernetes Distribution

Kind

### Additional Info

_No response_
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs:triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add PathARNExtractor for kms_key_id to rds cluster turkenf/provider-aws
1 participant
@kaessert