Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Status transformer not able to propage conditional message to the Composite resource and Claim #34

Closed
ashishkurian opened this issue Nov 20, 2024 · 6 comments · Fixed by #35
Closed

Status transformer not able to propage conditional message to the Composite resource and Claim #34

ashishkurian opened this issue Nov 20, 2024 · 6 comments · Fixed by #35
Labels
bug Something isn't working

Comments

@ashishkurian
Copy link

What happened?

Status transformer failing to propagate conditional message to the Composite resource and Claim even though the StatusTransformationSuccess is True on the composite resource.

Expectation

I want to propagate the conditions.InstanceProfileRoleReady type to be in status: "False" with message "Encountered an error creating the instance profile role: <the error that I am capturing using regex>"

Current composite resource status conditions

image

What am I missing or doing incorrect here?

How can we reproduce it?

I am sharing my XRD, Composition and claim below. I assume I can set any type for the setConditions.condition.type as I have x-kubernetes-preserve-unknown-fields: true set under the conditions for the XRD.

In my iam role managed resource, I am deliberately creating an error so that I can propagate that error message to the composite and claim.

I have the following error on the managed aws iam role.

image

Manifest I am using.

apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
  name: xawsinstanceprofile.mycompany.com
spec:
  group: mycompany.com
  names:
    kind: XAwsInstanceProfile
    plural: xawsinstanceprofile
  claimNames:
    kind: AwsInstanceProfile
    plural: awsinstanceprofile
  versions:
    - name: v1alpha1
      served: true
      referenceable: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                myParameters:
                  type: object
                  description: My claim parameters
                  properties:
                    myId:
                      type: string
                      description: my Id
                  required:
                    - myId                      
              required:
                - myParameters
            status:
              type: object
              description: status of instance profile.
              properties:
                InstanceProfile:
                  description: Details of the created AWS Instanceprofile 
                  type: object
                  properties:
                    arn:
                      type: string
                  x-kubernetes-preserve-unknown-fields: true
                Condition:
                  description: Condition of the requested AWS Instanceprofile 
                  type: object
                  x-kubernetes-preserve-unknown-fields: true


---
# Definition

apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
  name: xawsinstanceprofile.mycompany.com
spec:
  group: mycompany.com
  names:
    kind: XAwsInstanceProfile
    plural: xawsinstanceprofile
  claimNames:
    kind: AwsInstanceProfile
    plural: awsinstanceprofile
  versions:
    - name: v1alpha1
      served: true
      referenceable: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                myParameters:
                  type: object
                  description: My claim parameters
                  properties:
                    myId:
                      type: string
                      description: my Id
                  required:
                    - myId                      
              required:
                - myParameters
            status:
              type: object
              description: status of instance profile.
              properties:
                InstanceProfile:
                  description: Details of the created AWS Instanceprofile 
                  type: object
                  properties:
                    arn:
                      type: string
                  x-kubernetes-preserve-unknown-fields: true
                Condition:
                  description: Condition of the requested AWS Instanceprofile 
                  type: object
                  x-kubernetes-preserve-unknown-fields: true

# Composition
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  name: xawsinstanceprofile.mycompany.com
spec:
  compositeTypeRef:
    apiVersion: mycompany.com/v1alpha1
    kind: XAwsInstanceProfile
  environment:
    environmentConfigs:
    - type: Reference
      ref:
        name: iaws-main
    - type: Reference
      ref:
        name: iaws-auto
  mode: Pipeline
  pipeline:
    - step: aws-instance-profile-role
      functionRef:
        name: function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        kind: GoTemplate
        source: Inline
        inline:
          template: |
            {{- $environmentConfigs := (index .context "apiextensions.crossplane.io/environment") }}
            {{- $eksClusterName := (index $environmentConfigs "eksClusterName") }}
            {{- $accountId := (index $environmentConfigs "accountId") }}
            # {{- $deletionPolicy := .observed.composite.resource.spec.crossplaneParameters.deletionPolicy }}
            {{- $deletionPolicy := "Delete" }}
            {{- $providerConfigRef := "providerconfig-aws" }}
            {{- $claimName := (index .observed.composite.resource.metadata.labels "crossplane.io/claim-name") }}
            ---
            apiVersion: iam.aws.crossplane.io/v1beta1
            kind: Role
            metadata:
              name: sc-role-servicerole-insproroashtest
              labels:
                resource: instance-profile-role-ashishtest
              annotations:
                gotemplating.fn.crossplane.io/composition-resource-name: InsProRoashtest
            spec:
              deletionPolicy: {{$deletionPolicy}}
              providerConfigRef:
                name: {{$providerConfigRef}}
              forProvider:
                assumeRolePolicyDocument: |
                  {
                    "Version": "2012-10-17",
                    "junk": "somejunk",
                    "Statement": [
                      {
                        "Effect": "Allow",
                        "Principal": {
                          "Service": [
                            "ec2.amazonaws.com"
                          ]
                        },
                        "Action": "sts:AssumeRole"
                      }
                    ]
                  }
                permissionsBoundary: {{ printf "arn:aws:iam::%s:policy/sc-policy-cdk-pipeline-permission-boundary" $accountId }}
                tags:
                  - key: claim-name
                    value: {{$claimName}}
                  - key: created-by
                    value: crossplane
                  - key: composition-name
                    value: AwsInstanceProfile

    - step: status-population
      functionRef:
        name: function-status-transformer
      input:
        apiVersion: function-status-transformer.fn.crossplane.io/v1beta1
        kind: StatusTransformation
        statusConditionHooks:
        - matchers:
          - resources:
            - name: "sc-role-servicerole-insproroashtest"
            conditions:
            - type: Synced
              status: "False"
              reason: ReconcileError
              message: "create failed: (?P<Error>.+)"
          setConditions:
          - target: CompositeAndClaim
            condition:
              type: InstanceProfileRoleReady
              status: "False"
              reason: FailedToCreate
              message: "Encountered an error creating the instance profile role: {{ .Error }}"
          createEvents:
          - target: CompositeAndClaim
            event:
              type: Warning
              reason: FailedToCreate
              message: "Encountered an error creating the instance profile role: {{ .Error }}"	  
# Claim			  
---
apiVersion: mycompany.com/v1alpha1
kind: AwsInstanceProfile
metadata:
  name: ashish-test
  namespace: mynamespace
spec:
  myParameters:
    myId: ashish-test

What environment did it happen in?

Status transformer function version: v0.4.0
Cloud provider: AWS
Kubernetes version: v1.29.1
Kubernetes distribution: EKS
Crossplane version: v1.17.3
@ashishkurian ashishkurian added the bug Something isn't working label Nov 20, 2024
@dalton-hill-0
Copy link
Collaborator

Hi @ashishkurian 👋

I believe the name is not matching.

The matcher is looking for sc-role-servicerole-insproroashtest.

        - matchers:
          - resources:
            - name: "sc-role-servicerole-insproroashtest"

That is the name of the resource being created.

            apiVersion: iam.aws.crossplane.io/v1beta1
            kind: Role
            metadata:
              name: sc-role-servicerole-insproroashtest

But we match on the "name" key in the desired resource map. This name is derived from the gotemplating.fn.crossplane.io/composition-resource-name annotation, which is set to InsProRoashtest.

            apiVersion: iam.aws.crossplane.io/v1beta1
            kind: Role
            metadata:
              annotations:
                gotemplating.fn.crossplane.io/composition-resource-name: InsProRoashtest

To resolve the issue, either change the matcher to look for InsProRoashtest, or change the resource name annotation to equal sc-role-servicerole-insproroashtest.

@ashishkurian
Copy link
Author

@dalton-hill-0 Thanks Dalton. Indeed that was the issue. I cannot believe that I did not try that option.

@dalton-hill-0
Copy link
Collaborator

No problem!
I can see how matchers[].resources[].name is interpreted as "match on the resource metadata.name". I thought about changing this, but ultimately we kept it this way as it is more consistent with other areas of Crossplane's API.

I'll go ahead and close out this issue.

@ashishkurian
Copy link
Author

@dalton-hill-0 It would be handy to mention this explicitly in the readme

@dalton-hill-0 dalton-hill-0 mentioned this issue Nov 21, 2024
Merged
2 tasks
@dalton-hill-0
Copy link
Collaborator

@ashishkurian - I have opened #35 to add this documentation, let me know what you think.

@ashishkurian
Copy link
Author

@dalton-hill-0 Looks well. I will be using the function more and probably we could find more such little improvements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clarifying Field Usage dalton-hill-0/function-status-transformer
2 participants
@ashishkurian @dalton-hill-0