Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not prefix JSON fieldpaths starting with status.atProvider in resource.GetSensitiveParameters #417

Merged
merged 1 commit into from
Jun 6, 2024

Conversation

ulucinar
Copy link
Collaborator

@ulucinar ulucinar commented Jun 6, 2024

Description of your changes

Fixes #416

If the MR API has a spec.forProvider.status field and there are sensitive attributes, then fieldpath.Paved.ExpandWildcards complains instead of expanding as an empty slice, which breaks the reconciliation.

This bug has been observed with the AccessKey.iam resource of crossplane-contrib/[email protected], where we have introduced the sensitive parameters under the spec.initProvider API tree by consuming the upjet changes from #406, and reported in #416.

This bug only affects those resources with a spec.forProvider.status field and with sensitive attributes, which are removed from status.atProvider in the corresponding CRD schema but still represented in the connection details mapping so that the corresponding sensitive information can be published in the connections details secret.

Before #406, such mappings were effectively being ignored by the fieldpath.Paved.ExpandWildcards because such sensitive attributes are removed, during code generation, from status.atProvider. However, #406 now prefixes such JSON fieldpath expressions with spec.forProvider (and spec.initProvider) and if there already exists a spec.forProvider.status field, then the fieldpath library now errors instead of expanding the expressions as an empty slice (as it does in other cases).

Arguably we could address this in the fieldpath library but this PR proposes to address this issue by reverting back to the old conditions: If the JSON fieldpath expression starts with a status.atProvider, then we do not prefix it with spec.forProvider or spec.initProvider, which restores the old behavior as there should not exist the corresponding status.atProvider fields and the fieldpath library now correctly handles the wildcard expansion by returning an empty expanded set instead of erroring.

I have:

  • Read and followed Upjet's contribution process.
  • Run make reviewable to ensure this PR is ready for review.
  • Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Tested with crossplane-contrib/provider-upjet-aws#1344.

…urce.GetSensitiveParameters

- If the MR API has a spec.forProvider.status field and there are sensitive attributes, then
  fieldpath.Paved.ExpandWildcards complains instead of expanding as an empty slice, which
  breaks the reconciliation.

Signed-off-by: Alper Rifat Ulucinar <[email protected]>
Copy link
Member

@sergenyalcin sergenyalcin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ulucinar LGTM!

@ulucinar ulucinar merged commit 7ab5e20 into crossplane:main Jun 6, 2024
6 checks passed
@ulucinar ulucinar deleted the fix-416 branch June 6, 2024 11:22
Copy link

github-actions bot commented Jun 6, 2024

Successfully created backport PR #418 for release-1.4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Wrong jsonPath to get sensitive parameters with latest 1.4.0
2 participants