-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Claim with out of sync EC2 instance incorrectly shows SYNCED: True
#1448
Comments
@bobh66 mentioned in Slack that the related code is here:
|
fmt.Printf("\n\ncurrent : %#v\n", current.InstanceType)
fmt.Printf("\n\ncr.spec : %#v\n", cr.Spec.ForProvider.InstanceType)
fmt.Printf("\n\nobserved: %#v\n", observed.InstanceType)
if !cmp.Equal(current, &cr.Spec.ForProvider) {
if err := e.kube.Update(ctx, cr); err != nil {
return managed.ExternalObservation{}, errors.Wrap(err, errKubeUpdateFailed)
}
} Adding these debug lines with this use-case results in:
So, the comparison at line +195+ is indeed equal, but the observed value is what should be resulting in things being out of sync. I am not familiar with this code at all, but I am wondering, if the issue here is that since InstanceType can not be updated after the fact, maybe it is ignored when considering whether the object is in sync? |
This is the code that determined if an instance it up-to-date: provider-aws/pkg/clients/ec2/instance.go Line 61 in 4040d5c
|
@bobh66 Do you know if the sync status only takes into consideration fields that can be updated after object creation? That would make some sense, but it seems like, in that case, there should be a 3rd value for sync (or an additional field), so that
|
I don't know this code all that well but as a user I would expect the SYNCED field to represent the comparison of what exists in AWS with what was requested in the Managed Resource. So if the user changes the instanceType in the claim/MR, and it no longer matches what is built in AWS, then SYNCED should be False, regardless of whether the provider is actually capable of re-syncing those changes or not. If the instanceType field cannot be updated without a delete/rebuild then it should probably be immutable, but that's a whole separate can of worms. If the provider cannot update the instanceType then there should be an Event attached to the managed resource that indicates that the user's requested update cannot be achieved and that the MR should be (manually) deleted and allowed to re-create. For now this all may be wishful thinking, but it's clear that it's probably not quite right as it is. |
I believe what's happening here is that the underlying external resource field is immutable so we have no logic to try to update it, but also no way to mark the corresponding Kubernetes field as immutable. This results in the API server letting you change a field that it shouldn't, resulting in us appearing to silently accept the change and then do nothing about it. crossplane/crossplane-tools#40 tracks addressing this. |
Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as |
What happened?
I created my first configuration package to do some exploration of Crossplane and its functionality. This configuration package creates a very simple EC2 instance and an IAM user.
I installed the configuration package and then applied a claim, which worked as expected.
The claim allows the user to set the AWS Instance Type. In the initial claim, I set it to
t2.medium
.I then edited the
claim.yaml
and changed the instanceType parameter tot2.small
and re-applied it. I expected nothing to change, since this would require Crossplane to destroy the instance, however, I did expect the managed resource to go out of sync, which did not happen.How can we reproduce it?
Configuration Package
definition.yaml
composition.yaml
cat crossplane.yaml
Claims
claim.yaml
claim-changed.yaml
What environment did it happen in?
crossplane/crossplane:v1.9.0
v1.9.0
AWS
v1.24.4
v4.5.4
v1.23.6+k3s1
macOS 12.5.1
Alpine Linux v3.14
Linux colima 5.10.109-0-virt #1-Alpine SMP Mon, 28 Mar 2022 11:20:52 +0000 x86_64 Linux
The text was updated successfully, but these errors were encountered: