Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sensitive inputs for the array are not transferred to terraform #202

Closed
turkenf opened this issue May 10, 2023 · 1 comment
Closed

Sensitive inputs for the array are not transferred to terraform #202

turkenf opened this issue May 10, 2023 · 1 comment
Labels
bug Something isn't working is:triaged

Comments

@turkenf
Copy link
Collaborator

turkenf commented May 10, 2023
edited
Loading

What happened?

While trying to create the AWS elasticache.User resource, the sensitive inputs that are arrays are not transferred to the terraform and the resource cannot be created.

How can we reproduce it?

When I apply the following example:

apiVersion: elasticache.aws.upbound.io/v1beta1
kind: User
metadata:
  annotations:
    meta.upbound.io/example-id: elasticache/v1beta1/user
  labels:
    testing.upbound.io/example-name: test
  name: sample-user
spec:
  forProvider:
    userName: "testUserName"
    accessString: "on ~* +@all"
    engine: "REDIS"
    region: us-west-1
    authenticationMode:
    - type: "password"
      passwordsSecretRef:
      - key: example-key-one
        name: elasticache-user-one
        namespace: upbound-system
      - key: example-key-two
        name: elasticache-user-two
        namespace: upbound-system          
  writeConnectionSecretToRef:
    name: user-conn
    namespace: default
---
apiVersion: v1
kind: Secret
metadata:
  annotations:
    meta.upbound.io/example-id: elasticache/v1beta1/user
  labels:
    testing.upbound.io/example-name: user
  name: elasticache-user-one
  namespace: upbound-system
type: Opaque
stringData:
  example-key-one: "Upboundtest1Upboundtest1!"
---
apiVersion: v1
kind: Secret
metadata:
  annotations:
    meta.upbound.io/example-id: elasticache/v1beta1/user
  labels:
    testing.upbound.io/example-name: user
  name: elasticache-user-two
  namespace: upbound-system
type: Opaque
stringData:
  example-key-two: "Upboundtest2Upboundtest2!"

I get the following error:

    message: "apply failed: creating ElastiCache User (sample-user): InvalidParameterCombination:
      A user with Authentication Mode: password, must have at least one password\n\tstatus
      code: 400, request id: 9ab65218-6dda-46a3-a0a3-4ef1c424cce7: "

And the main.tf.json file:

{
    "provider": {
        "aws": {
            "access_key": "",
            "region": "us-west-1",
            "secret_key": "",
            "token": ""
        }
    },
    "resource": {
        "aws_elasticache_user": {
            "sample-user": {
                "access_string": "on ~* +@all",
                "authentication_mode": [
                    {
                        "type": "password"
                    }
                ],
                "engine": "REDIS",
                "lifecycle": {
                    "prevent_destroy": true
                },
                "tags": {
                    "crossplane-kind": "user.elasticache.aws.upbound.io",
                    "crossplane-name": "sample-user",
                    "crossplane-providerconfig": "default"
                },
                "user_id": "sample-user",
                "user_name": "testUserName"
            }
        }
    },
    "terraform": {
        "required_providers": {
            "aws": {
                "source": "hashicorp/aws",
                "version": "4.66.0"
            }
        }
    }
}

I also tried this resource with no-password-required parameter:

apiVersion: elasticache.aws.upbound.io/v1beta1
kind: User
metadata:
  annotations:
    meta.upbound.io/example-id: elasticache/v1beta1/user
  labels:
    testing.upbound.io/example-name: test
  name: sample-user
spec:
  forProvider:
    userName: "testUserName"
    accessString: "on ~* +@all"
    engine: "REDIS"
    region: us-west-1
    authenticationMode:
    - type: "no-password-required"         
  writeConnectionSecretToRef:
    name: user-conn
    namespace: default

In this case, the resource is active in the AWS console, but READY=False becomes SYNCED=False and the following error is observed:

    message: 'observe failed: cannot get connection details: cannot get connection
      details: cannot expand wildcards: cannot expand wildcards for segments: "passwords[*]":
      "passwords": unexpected wildcard usage'
@turkenf turkenf added bug Something isn't working needs:triage labels May 10, 2023
@turkenf turkenf changed the title Sensitive inputs for the array do not transferred to terraform Sensitive inputs for the array are not transferred to terraform May 10, 2023
@turkenf turkenf mentioned this issue May 10, 2023
Closed
@turkenf turkenf mentioned this issue May 10, 2023
Merged
1 task
@turkenf turkenf mentioned this issue Jul 6, 2023
Closed
@turkenf
Copy link
Collaborator Author

turkenf commented Feb 27, 2024

Fixed in this PR: #355

@turkenf turkenf closed this as completed Feb 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working is:triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@turkenf