-
Notifications
You must be signed in to change notification settings - Fork 915
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Delay Deletion of Connection Details #5787
Comments
See the |
I actually tried Usages, but from what I can see you cannot point it to a Connection Detail secret. |
Right - you want to point it at the MR or XR resource that creates the Connection Detail |
If I set a Usage for
Here's one of my usages spec:
by:
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Grant
resourceRef:
name: test-postgres-g6qlx-b65wp
of:
apiVersion: dbaas.idp.example.edu/v1alpha1
kind: XDatabase
resourceRef:
name: test-postgres-g6qlx
replayDeletion: true |
That |
What would you point to for a Connection Details secret, though? It's composed of secrets from multiple MRs and the secret is deleted as soon as the XR is deleted. |
Are there MRs within the Composite that are consuming the Connection Details secret? Or are the consumers of the secret external to the XR? |
The reconciler removes the ConnectionDetails as soon as the Composite is marked deleted: https://github.com/crossplane/crossplane/blob/master/internal/controller/apiextensions/composite/reconciler.go#L504 |
Yes, the providerconfig for the sql-provider is using the Connection Details secret for its credentials. I wonder if like providerConfigUsage, there should be a connectionDetailsUsage to determine if the secret is being referenced in any provider credentials? |
I would create a |
Actually that might not help since it's the connectiondetails |
hmm.. that may be something to think about. |
What happened?
I'm currently writing a composition that creates a GCP Cloud SQL database instance, users, databases, and connection details. I'm also creating database grants using provider-sql. After the database instance is created, a providerconfig using the connection details secret is used for the sql-provider credentials. This works as expected for creation, but on deletion of the XRD the connection detail secret is deleted before the grant resources that depend on it are removed. This leaves the grant resources hanging and erroring because its providerconfig cannot find the required secret.
How can we reproduce it?
definition.yaml
composition.yaml
example XR
What environment did it happen in?
Crossplane version: v1.15.2
The text was updated successfully, but these errors were encountered: