kpt live apply command stuck while the yaml has the wrong namespace.

[hilliao]

I followed the instructions at https://github.com/GoogleCloudPlatform/blueprints/tree/a814f19df7a68e9e099203468177b4921bbb102b/catalog/project to create a project specific namespace. When the following IAM yaml file is applied with the commented line uncommented, the kpt live apply returned within 5 seconds. It took me almost 1 hour to figure out I was missing the namespace. None of the logs had any clues about why the kpt live apply was stuck as namespace: delete-me-356017 was missing. No IAM policy was created as expected. It was annoying to have a bug like this without explicit error.
iam-exampe.yaml

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: iam-editor-delete-me-356017
#  namespace: delete-me-356017
spec:
  member: user:someone@gmail.com # kpt-set: ${google-account-user}
  role: roles/editor
  resourceRef:
    kind: Project
    namespace: projects # kpt-set: ${projects-namespace}
    name: name-of-kind-project # kpt-set: ${project-name}

Kptfile

apiVersion: kpt.dev/v1
kind: Kptfile
metadata:
  name: delete-me-356017
  annotations:
    blueprints.cloud.google.com/title: blueprint of project delete-me-356017
info:
  description: blueprint for project delete-me-356017
pipeline:
  mutators:
    - image: gcr.io/kpt-fn/apply-setters:v0.1
      configPath: setters.yaml

setters.yaml

apiVersion: v1
kind: ConfigMap
metadata: # kpt-merge: /setters
  name: setters
data:
  projects-namespace: projects
  project-name: delete-me-356017
  google-account-user: user:hil@company.com

Observe the stuck command. I had to Ctrl+C.

$ kpt fn render && kpt live init --namespace ${NAMESPACE}
Package "delete-me-356017": 
[RUNNING] "gcr.io/kpt-fn/apply-setters:v0.1"
[PASS] "gcr.io/kpt-fn/apply-setters:v0.1" in 400ms
  Results:
    [info] spec.bindings[0].members[0].member: set field value to "user:hilliao@gmail.com"
    [info] spec.resourceRef.namespace: set field value to "projects"
    [info] spec.resourceRef.name: set field value to "delete-me-356017"

Successfully executed 1 function(s) in 1 package(s).
initializing Kptfile inventory info (namespace: config-control)...success
$ kpt live apply 
W0711 11:28:12.717846 2832869 gcp.go:120] WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead.
To learn more, consult https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke
installing inventory ResourceGroup CRD.
configmap/setters created
iampartialpolicy.iam.cnrm.cloud.google.com/iam-storage-delete-me-356017 created
2 resource(s) applied. 2 created, 0 unchanged, 0 configured, 0 failed
configmap/setters reconcile pending
E0711 11:28:14.092293 2832869 task.go:270] Empty object UID from ResourceCache (status: NotFound): default_iam-storage-delete-me-356017_iam.cnrm.cloud.google.com_IAMPartialPolicy
iampartialpolicy.iam.cnrm.cloud.google.com/iam-storage-delete-me-356017 reconcile pending
configmap/setters reconciled
^C

[hilliao]

cross reference from kpt's issue per @kaariger 's request

[hilliao]

@kaariger , the linked issue shows karlkfi believes reconciliation was stuck. I think the expected behavior is to fail as the namespace was not correctly specified. DO you agree?

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days