CannotObserveExternalResource Elasticache User

[dspereira004]

What happened?

Creating an Elasticache user of type IAM apparently works (the user does appear in the AWS Console), but then we end up with the following warning:

Events:
  Type     Reason                         Age                     From                                                   Message
  ----     ------                         ----                    ----                                                   -------
  Warning  CannotObserveExternalResource  2m34s (x1126 over 18h)  managed/elasticache.aws.upbound.io/v1beta1, kind=user  cannot get connection details: cannot get connection details: cannot expand wildcards: cannot expand wildcards for segments: "passwords[*]": "passwords": unexpected wildcard usage

Looks like Crossplane cannot observe the resource it has created...

How can we reproduce it?

Create an Elasticache user with:

---
apiVersion: elasticache.aws.upbound.io/v1beta1
kind: User
metadata:
  labels:
    cluster/name: cluster
  name: redis-user
spec:
  forProvider:
    userName: "redis-user"
    accessString: "on ~* +@all"
    engine: "REDIS"
    region: eu-west-3
    noPasswordRequired: false
    authenticationMode:
      - type: iam
  providerConfigRef:
    name: default

What environment did it happen in?

• Crossplane Version: 1.12.1
• Provider Version: 0.35.0
• Kubernetes Version: 1.23.17-eks-c12679a
• Kubernetes Distribution: EKS

[turkenf]

Hi @dspereira004,

Thank you for raising this issue. We encountered this issue while working on the elasticache: cannot create users with passwords issue and it can be reproduced.

[turkenf]

Blocked by: crossplane/upjet#202

[wochinge]

We have the same with with Firehose deliverystream resource

   Warning  CannotObserveExternalResource  44m (x16 over 78m)     managed/firehose.aws.upbound.io/v1beta1, kind=deliverystream  cannot get connection details: cannot get connection details: cannot expand wildcards: cannot expand wildcards for segments: "splunk_configuration[*].hec_token": "splunk_configuration": unexpected wildcard usage                                                                                                                                                                                                                                                                                                   

   Warning  CannotObserveExternalResource  4m20s (x151 over 78m)  managed/firehose.aws.upbound.io/v1beta1, kind=deliverystream  cannot get connection details: cannot get connection details: cannot expand wildcards: cannot expand wildcards for segments: "http_endpoint_configuration[*].access_key": "http_endpoint_configuration": unexpected wildcard usage                                                                                                                                                                                                                                                                                  

[turkenf]

The relevant upstream issue has been fixed and closed, will test this issue after upgrading the https://github.com/crossplane/upjet

[turkenf]

This issue has been fixed with Provider versions 0.47.3 and 1.1.1. I am closing this now, feel free to reopen it if you encounter any issues.