Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acm: renewalEligibility = INELIGIBLE -> reconciler update every second #747

Closed
haarchri opened this issue Jun 26, 2021 · 2 comments · Fixed by #995
Closed

acm: renewalEligibility = INELIGIBLE -> reconciler update every second #747

haarchri opened this issue Jun 26, 2021 · 2 comments · Fixed by #995
Labels
bug Something isn't working

Comments

@haarchri
Copy link
Member

What happened?

the combination for renewCertificate = true and renewalEligibility = INELIGIBLE gets the reconciler in a status try update every second - looks that the code https://github.com/crossplane/provider-aws/blob/master/pkg/controller/acm/controller.go#L224-L237 is the problem cr.Spec.ForProvider.RenewCertificate is never set to false

API Version:  acm.aws.crossplane.io/v1alpha1
Kind:         Certificate
[...]
Spec:
[...]
  For Provider:
    Renew Certificate:    true
[...]
Status:
  At Provider:
    Renewal Eligibility:  INELIGIBLE

2021-06-26T10:50:22.316+0200	DEBUG	provider-aws	External resource is up to date	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate", "uid": "c39b89de-9141-4732-beeb-f0c693569dff", "version": "867671", "external-name": "arn:aws:acm:eu-central-1:255932642927:certificate/d0dc7e4a-67d5-4a01-863c-21874921a6cc", "requeue-after": "2021-06-26T10:51:22.316+0200"}
2021-06-26T10:50:22.337+0200	DEBUG	provider-aws	Reconciling	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate"}
2021-06-26T10:50:22.570+0200	DEBUG	provider-aws	External resource is up to date	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate", "uid": "c39b89de-9141-4732-beeb-f0c693569dff", "version": "868975", "external-name": "arn:aws:acm:eu-central-1:255932642927:certificate/d0dc7e4a-67d5-4a01-863c-21874921a6cc", "requeue-after": "2021-06-26T10:51:22.570+0200"}
2021-06-26T10:50:22.769+0200	DEBUG	provider-aws	Reconciling	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate"}
2021-06-26T10:50:23.002+0200	DEBUG	provider-aws	External resource is up to date	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate", "uid": "c39b89de-9141-4732-beeb-f0c693569dff", "version": "868979", "external-name": "arn:aws:acm:eu-central-1:255932642927:certificate/d0dc7e4a-67d5-4a01-863c-21874921a6cc", "requeue-after": "2021-06-26T10:51:23.002+0200"}
2021-06-26T10:50:23.034+0200	DEBUG	provider-aws	Reconciling	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate"}
2021-06-26T10:50:23.245+0200	DEBUG	provider-aws	External resource is up to date	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate", "uid": "c39b89de-9141-4732-beeb-f0c693569dff", "version": "868980", "external-name": "arn:aws:acm:eu-central-1:255932642927:certificate/d0dc7e4a-67d5-4a01-863c-21874921a6cc", "requeue-after": "2021-06-26T10:51:23.245+0200"}
2021-06-26T10:50:23.564+0200	DEBUG	provider-aws	Reconciling	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate"}
2021-06-26T10:50:23.791+0200	DEBUG	provider-aws	External resource is up to date	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate", "uid": "c39b89de-9141-4732-beeb-f0c693569dff", "version": "868982", "external-name": "arn:aws:acm:eu-central-1:255932642927:certificate/d0dc7e4a-67d5-4a01-863c-21874921a6cc", "requeue-after": "2021-06-26T10:51:23.791+0200"}
2021-06-26T10:50:23.810+0200	DEBUG	provider-aws	Reconciling	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate"}
2021-06-26T10:50:24.036+0200	DEBUG	provider-aws	External resource is up to date	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate", "uid": "c39b89de-9141-4732-beeb-f0c693569dff", "version": "868983", "external-name": "arn:aws:acm:eu-central-1:255932642927:certificate/d0dc7e4a-67d5-4a01-863c-21874921a6cc", "requeue-after": "2021-06-26T10:51:24.036+0200"}
2021-06-26T10:50:24.358+0200	DEBUG	provider-aws	Reconciling	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate"}
2021-06-26T10:50:24.610+0200	DEBUG	provider-aws	External resource is up to date	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate", "uid": "c39b89de-9141-4732-beeb-f0c693569dff", "version": "868990", "external-name": "arn:aws:acm:eu-central-1:255932642927:certificate/d0dc7e4a-67d5-4a01-863c-21874921a6cc", "requeue-after": "2021-06-26T10:51:24.610+0200"}
2021-06-26T10:50:24.625+0200	DEBUG	provider-aws	Reconciling	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate"}
2021-06-26T10:50:24.875+0200	DEBUG	provider-aws	External resource is up to date	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate", "uid": "c39b89de-9141-4732-beeb-f0c693569dff", "version": "868991", "external-name": "arn:aws:acm:eu-central-1:255932642927:certificate/d0dc7e4a-67d5-4a01-863c-21874921a6cc", "requeue-after": "2021-06-26T10:51:24.875+0200"}
2021-06-26T10:50:25.138+0200	DEBUG	provider-aws	Reconciling	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate"}
2021-06-26T10:50:25.350+0200	DEBUG	provider-aws	External resource is up to date	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate", "uid": "c39b89de-9141-4732-beeb-f0c693569dff", "version": "868995", "external-name": "arn:aws:acm:eu-central-1:255932642927:certificate/d0dc7e4a-67d5-4a01-863c-21874921a6cc", "requeue-after": "2021-06-26T10:51:25.350+0200"}
2021-06-26T10:50:25.364+0200	DEBUG	provider-aws	Reconciling	{"controller": "managed/certificate.acm.aws.crossplane.io", "request": "/poc-certificate"}

What environment did it happen in?

Crossplane version: v1.2.3
Provider AWS v0.19.0
@haarchri haarchri added the bug Something isn't working label Jun 26, 2021
@RafalMaleska
Copy link

after the certificate is used by any AWS service - the status changes to "ELIGIBLE" but the status of the MR remains SYNCED=False

@muvaf
Copy link
Member

muvaf commented Jul 27, 2021

@haarchri it seems like it is set to false, but since it's a spec update, we need to issue an Update on the CR.

On another note, I'm not sure if renewing certificate action would be really compatible here as is. Let's say I have a composition and I want cert to be renewed when necessary, so I set it to true. According to the code, it will try to renew it indefinitely because spec will be overridden to true by composite reconciler. IMO, we should find another way to handle renewal (possibly remove it until then)

@haarchri haarchri mentioned this issue Oct 21, 2021
Closed
6 tasks
@haarchri haarchri mentioned this issue Dec 10, 2021
Merged
2 tasks
tektondeploy pushed a commit to gtn3010/provider-aws that referenced this issue Mar 12, 2024
@portswigger-tim
fix(iam): Policy ID should contain path and the external-name derived…
2868102 
… from the ID should be the name part only (crossplane-contrib#747)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
3 participants
@muvaf @RafalMaleska @haarchri