Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 bucket with loggingConfiguration never becomes READY #2082

Open
kubevalet opened this issue Jul 18, 2024 · 3 comments
Open

S3 bucket with loggingConfiguration never becomes READY #2082

kubevalet opened this issue Jul 18, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@kubevalet
Copy link

What happened?

Seems like this #1382

{
  "atProvider": {
    "arn": "arn:aws:s3:::test-s3-log44-jl5lq-2x787"
  },
  "conditions": [
    {
      "lastTransitionTime": "2024-07-18T15:07:57Z",
      "reason": "Creating",
      "status": "False",
      "type": "Ready"
    },
    {
      "lastTransitionTime": "2024-07-18T15:07:57Z",
      "reason": "ReconcileSuccess",
      "status": "True",
      "type": "Synced"
    }
  ]
}

Makes this tech completely unusable in environments where security compliance is required e.g. SOC2

How can we reproduce it?

Define a bucket with loggingConfiguration set ... here's my describe output (I already had to revert the change):

Spec:
  Deletion Policy:  Orphan
  For Provider:
    Location Constraint:  us-west-2
    Logging Configuration:
      Target Bucket:   log-bucket-dev-usw220240712151134571000000001
      Target Prefix:   test-s3-log44/
    Object Ownership:  BucketOwnerEnforced
    Payment Configuration:
      Payer:  BucketOwner
    Public Access Block Configuration:
      Block Public Acls:        true
      Block Public Policy:      true
      Ignore Public Acls:       true
      Restrict Public Buckets:  true
    Server Side Encryption Configuration:
      Rules:
        Apply Server Side Encryption By Default:
          Sse Algorithm:  AES256
    Versioning Configuration:
      Status:  Suspended
  Management Policies:
    *
  Provider Config Ref:
    Name:  provider-config-aws

What environment did it happen in?

Crossplane version: 1.15.1
AWS provider 0.48.1
@kubevalet kubevalet added the bug Something isn't working label Jul 18, 2024
@kubevalet
Copy link
Author

fwiw, tried to build this myself to fix the issue but can't get to build (on Ubuntu):

build/run make -j4
==== building the cross container (this could take minutes the first time)
=== cross build image failed for build-bb8e9112/cross-amd64
18:12:55 [ .. ] docker build build-bb8e9112/cross-amd64
Dockerfile:63
--------------------
  62 |     # Node JS and chrome support
  63 | >>> RUN curl -fsSL https://deb.nodesource.com/setup_12.x | bash - && \
  64 | >>>     curl -fsSL https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
  65 | >>>     echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google.list && \
  66 | >>>     DEBIAN_FRONTEND=noninteractive apt-get update && \
  67 | >>>     DEBIAN_FRONTEND=noninteractive apt-get install -yy -q --no-install-recommends \
  68 | >>>     nodejs \
  69 | >>>     google-chrome-stable \
  70 | >>>     xvfb && \
  71 | >>>     DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
  72 | >>>     DEBIAN_FRONTEND=noninteractive apt-get autoremove -y && \
  73 | >>>     DEBIAN_FRONTEND=noninteractive apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
  74 | >>>     rm -f /etc/apt/sources.list.d/google.list
  75 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c curl -fsSL https://deb.nodesource.com/setup_12.x | bash - &&     curl -fsSL https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - &&     echo \"deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main\" > /etc/apt/sources.list.d/google.list &&     DEBIAN_FRONTEND=noninteractive apt-get update &&     DEBIAN_FRONTEND=noninteractive apt-get install -yy -q --no-install-recommends     nodejs     google-chrome-stable     xvfb &&     DEBIAN_FRONTEND=noninteractive apt-get upgrade -y &&     DEBIAN_FRONTEND=noninteractive apt-get autoremove -y &&     DEBIAN_FRONTEND=noninteractive apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* &&     rm -f /etc/apt/sources.list.d/google.list" did not complete successfully: exit code: 100
make[3]: *** [Makefile:31: img.build] Error 1
make[2]: *** [../makelib/common.mk:337: do.build.artifacts.linux_amd64] Error 2
make[1]: *** [../makelib/common.mk:347: build.all] Error 2
make: *** [../makelib/common.mk:353: build] Error 2

@kubevalet
Copy link
Author

make -j4 doesn't work for me either (v0.48.1 tag):

18:21:04 [ OK ] docker build build-bb8e9112/provider-aws-amd64
18:21:04 [ .. ] Building package provider-aws-v0.48.1.xpkg for linux_amd64
up: error: xpkg.buildCmd.Run(): unable to calculate manifest: blob sha256:3f8d134e558f5d650473d7aa7dffcf54d7b7abf6f17b937790efa019a3080b1f not found
18:21:07 [FAIL]
make[3]: *** [build/makelib/xpkg.mk:87: xpkg.build.provider-aws] Error 1
make[2]: *** [build/makelib/common.mk:337: do.build.artifacts.linux_amd64] Error 2
make[1]: *** [build/makelib/common.mk:347: build.all] Error 2
make: *** [build/makelib/common.mk:353: build] Error 2

@ChristianAvila
Copy link
Contributor

I found a similar error using a newest docker version, this PR #2067 resolve the compatibility with docker version >= 1.25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ChristianAvila @kubevalet