You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When configuring an AWS Cognito UserPool with a Verification Message Template set (spec.forProvider.verificationMessageTemplate[0].emailMessage), it conflicts with emailVerificationMessage even if it's not set.
It seems to automatically set the emailVerificationMessage with the same string.
The UserPool was created correctly in AWS, with the expected email template, but the claim never gets the Ready status as true, and keeps logging the conflict error:
Status:
At Provider:
Conditions:
Last Transition Time: 2023-05-26T18:41:08Z
Reason: Creating
Status: False
Type: Ready
Last Transition Time: 2023-05-26T18:59:54Z
Message: observe failed: cannot run refresh: refresh failed: Conflicting configuration arguments: "verification_message_template.0.email_message": conflicts with email_verification_message
Conflicting configuration arguments: "verification_message_template.0.email_subject": conflicts with email_verification_subject
Conflicting configuration arguments: "verification_message_template.0.sms_message": conflicts with sms_verification_message
Conflicting configuration arguments: "sms_verification_message": conflicts with verification_message_template.0.sms_message
Conflicting configuration arguments: "email_verification_message": conflicts with verification_message_template.0.email_message
Conflicting configuration arguments: "email_verification_subject": conflicts with verification_message_template.0.email_subject
Reason: ReconcileError
Status: False
Type: Synced
Last Transition Time: 2023-05-26T18:42:51Z
Reason: Finished
Status: True
Type: AsyncOperation
Last Transition Time: 2023-05-26T18:42:51Z
Reason: Success
Status: True
Type: LastAsyncOperation
If I change the composition and set only the emailVerificationMessage instead of the verificationMessageTemplate[0].emailMessage the problem still happens.
How can we reproduce it?
I'm using the 0.29.0 version of the upbound/provider-aws:v0.29.0, but the problem also happens with the 0.35.0.
This is the composition:
apiVersion: apiextensions.crossplane.io/v1kind: Compositionmetadata:
name: cognito.aws.toff.techlabels:
provider: awsspec:
compositeTypeRef:
apiVersion: aws.toff.tech/v1alpha1kind: XCognitoresources:
- name: EmailIdentitybase:
apiVersion: ses.aws.upbound.io/v1beta1kind: EmailIdentityspec:
forProvider:
email: test-mail@toffa.tecgregion: us-west-2patches:
- fromFieldPath: spec.parameters.emailFromtoFieldPath: spec.forProvider.email
- type: ToCompositeFieldPathfromFieldPath: status.atProvider.arntoFieldPath: status.emailIdentityArn
- name: UserPoolbase:
apiVersion: cognitoidp.aws.upbound.io/v1beta1kind: UserPoolspec:
deletionPolicy: OrphanforProvider:
name: ""accountRecoverySetting:
- recoveryMechanism:
- name: verified_emailpriority: 1adminCreateUserConfig:
- allowAdminCreateUserOnly: trueinviteMessageTemplate:
- emailMessage: "Something has gone wrong, please request a new invite and contact support@toff.tech if this persists. Please provide support the following information to assist you: \n UserType: \n UserId: {username}\nCode: {####}"emailSubject: "Invitation"smsMessage: "Password Invitation\n{####} {username}"aliasAttributes:
- email
- phone_numberautoVerifiedAttributes:
- emailemailConfiguration:
- replyToEmailAddress: test-mail@toff.tecgemailSendingAccount: "DEVELOPER"fromEmailAddress: test-mail@toff.tecgmfaConfiguration: OPTIONALsoftwareTokenMfaConfiguration:
- enabled: truepasswordPolicy:
- minimumLength: 10requireLowercase: falserequireNumbers: truerequireUppercase: falserequireSymbols: truetemporaryPasswordValidityDays: 7region: us-west-2verificationMessageTemplate:
- emailMessage: "Something has gone wrong, please request a new invite and contact support@toff.tech if this persists. Please provide support the following information to assist you: \n UserType: {UserType} \n UserId: {username}\nCode: {####}"emailSubject: "Password Reset"smsMessage: "Password Reset\n{####}"patches:
- fromFieldPath: spec.idtoFieldPath: spec.forProvider.name
- type: ToCompositeFieldPathfromFieldPath: status.atProvider.arntoFieldPath: status.userPoolArn
- type: CombineFromCompositecombine:
variables:
- fromFieldPath: spec.parameters.emailReplyTo
- fromFieldPath: spec.parameters.userTypestrategy: stringstring:
fmt: "Something has gone wrong, please request a new invite and contact %s if this persists. Please provide support the following information to assist you:\nUserType: %s\nUserId: {username}\nCode: {####}"toFieldPath: spec.forProvider.verificationMessageTemplate[0].emailMessage
- type: CombineFromCompositecombine:
variables:
- fromFieldPath: spec.parameters.emailReplyTo
- fromFieldPath: spec.parameters.userTypestrategy: stringstring:
fmt: "Something has gone wrong, please request a new invite and contact %s if this persists. Please provide support the following information to assist you:\nUserType: %s\nUserId: {username}\nCode: {####}"toFieldPath: spec.forProvider.adminCreateUserConfig[0].inviteMessageTemplate[0].emailMessage
- fromFieldPath: status.emailIdentityArntoFieldPath: spec.forProvider.emailConfiguration[0].sourceArn
- fromFieldPath: spec.parameters.emailReplyTotoFieldPath: spec.forProvider.emailConfiguration[0].replyToEmailAddress
- fromFieldPath: spec.parameters.emailFromtoFieldPath: spec.forProvider.emailConfiguration[0].fromEmailAddress
- fromFieldPath: spec.parameters.strongPasswordtransforms:
- type: mapmap:
"false": "6""true": "10"
- type: convertconvert:
toType: inttoFieldPath: spec.forProvider.passwordPolicy[0].minimumLength
- fromFieldPath: spec.parameters.strongPasswordtransforms:
- type: convertconvert:
toType: booltoFieldPath: spec.forProvider.passwordPolicy[0].requireNumbers
- fromFieldPath: spec.parameters.strongPasswordtransforms:
- type: convertconvert:
toType: booltoFieldPath: spec.forProvider.passwordPolicy[0].requireSymbols
- fromFieldPath: spec.parameters.tagstoFieldPath: spec.forProvider.tagspolicy:
mergeOptions:
keepMapValues: truetype: FromCompositeFieldPath
What happened?
When configuring an AWS Cognito UserPool with a Verification Message Template set (
spec.forProvider.verificationMessageTemplate[0].emailMessage
), it conflicts withemailVerificationMessage
even if it's not set.It seems to automatically set the
emailVerificationMessage
with the same string.This behavior apparently is expected in the terraform provider (https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/cognitoidp/user_pool_test.go#L1405-L1407) but not in Crossplane provider.
The UserPool was created correctly in AWS, with the expected email template, but the claim never gets the Ready status as true, and keeps logging the conflict error:
If I change the composition and set only the
emailVerificationMessage
instead of theverificationMessageTemplate[0].emailMessage
the problem still happens.How can we reproduce it?
I'm using the 0.29.0 version of the upbound/provider-aws:v0.29.0, but the problem also happens with the 0.35.0.
This is the composition:
This is the claim:
What environment did it happen in?
Client Version: v1.25.9
Kustomize Version: v4.5.7
Server Version: v1.25.9
The text was updated successfully, but these errors were encountered: