Object delete fails when ProviderConfig Secret has been deleted already
bobh66 opened this issue · 2 comments
When deploying a K8S cluster, ProviderConfig for the kubernetes provider, and Objects in the same Composition, the Objects can get stuck in the deletion process if the Secret that the ProviderConfig refers to gets deleted before the Objects.
Because the delete process is unsequenced, the Cluster Secret that the ProviderConfig uses can get deleted before the Objects, leading to this:
conditions:
- lastTransitionTime: "2022-05-03T19:05:33Z"
reason: Deleting
status: "False"
type: Ready
- lastTransitionTime: "2022-05-03T19:13:46Z"
message: 'connect failed: cannot get credentials: cannot get credentials secret:
Secret "footest-bv9r4-4zzkr" not found'
reason: ReconcileError
status: "False"
type: Synced
How can we reproduce it?
Use a single Composition to deploy a K8S Cluster, ProviderConfig for the kubernetes provider, and one or more Objects.
Observe that upon deletion the Objects can get stuck in the above state.
What environment did it happen in?
Crossplane version: 1.7
Given that the failure is in the Connect function, I'm not sure what the solution should be, as Connect() cannot return a valid Kubernetes client object or external{} interface without the credentials, and the Observe will fail anyway since the Cluster is gone.
If someone can suggest a solution I'm happy to push a PR.
I was thinking about this some more and if the Connect() fails because the credentials are unavailable, it can return an external{} interface with a client.Client == nil, and Observe() can check for meta.WasDeleted(cr) and client.Client == nil and return an empty managed resource so the delete will finish.
I'll push a PR for review.