Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nextReconcile does not work as expected #42

Closed
hayone1 opened this issue Aug 5, 2024 · 5 comments
Closed

nextReconcile does not work as expected #42

hayone1 opened this issue Aug 5, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@hayone1
Copy link

hayone1 commented Aug 5, 2024

What happened?

After setting the following fields: shouldLoopInfinitely: true, nextReconcile: 300s field, It's expected that the HTTP API endpoint is called in that interval repeatedly but it isn't'

How can we reproduce it?

It's a wso2 API, but It should be reproducible with any API.
This is a sample to the disposable request created.

apiVersion: http.crossplane.io/v1alpha2
kind: DisposableRequest
metadata:
  annotations:
    crossplane.io/composition-resource-name: sso-admin-oauth
    crossplane.io/external-create-pending: '2024-08-05T09:42:00Z'
    crossplane.io/external-create-succeeded: '2024-08-05T09:42:00Z'
    crossplane.io/external-name: sso-admin-oauth
    name: sso-admin-oauth
  creationTimestamp: '2024-08-05T09:42:00Z'
  finalizers:
    - finalizer.managedresource.crossplane.io
  generateName: sso-admin-oauth-
  generation: 5
  labels:
    crossplane.io/claim-name: ''
    crossplane.io/claim-namespace: ''
    crossplane.io/composite: sso-admin-oauth
  name: sso-admin-oauth
  resourceVersion: 'xxxxxxx'
  uid: xxxxxxx-xxxxxxxxx
spec:
  deletionPolicy: Orphan
  forProvider:
    # fields are pulled from a secret
    body: >-
      username={{ sso-admin-user:sso-ns:username }}&password={{
      sso-admin-user:sso-ns:password }}&client_id={{
      sso-admin-user:sso-ns:client_id }}&client_secret={{
      sso-admin-user:sso-ns:client_secret }}&grant_type={{
      sso-admin-user:sso-ns:grant_type }}&scope={{ sso-admin-user:sso-ns:scope }}
    expectedResponse: .statusCode == 200 and .body.access_token != null and .body.expires_in > 0
    headers:
      Content-Type:
        - application/x-www-form-urlencoded
    insecureSkipTLSVerify: false
    method: POST
    nextReconcile: 300s
    rollbackRetriesLimit: 5
    secretInjectionConfigs:
      - responsePath: .body.access_token
        secretKey: access_token
        secretRef:
          name: sso-admin-oauth
          namespace: infra
      - responsePath: .body.refresh_token
        secretKey: refresh_token
        secretRef:
          name: sso-admin-oauth
          namespace: infra
      - responsePath: .body.expires_in | tostring
        secretKey: expires_in
        secretRef:
          name: sso-admin-oauth
          namespace: infra
    shouldLoopInfinitely: true
    url: http://sso-cloud.sso-ns.svc.cluster.local:9763/oauth2/token
    waitTimeout: 5m
  managementPolicies:
    - '*'
  providerConfigRef:
    name: default
status:
  conditions:
    - lastTransitionTime: '2024-08-05T09:42:00Z'
      reason: Available
      status: 'True'
      type: Ready
    - lastTransitionTime: '2024-08-05T09:42:00Z'
      reason: ReconcileSuccess
      status: 'True'
      type: Synced
  lastReconcileTime: '2024-08-05T09:42:01Z'
  requestDetails:
    body: >-
      username={{ sso-admin-user:sso-ns:username }}&password={{
      sso-admin-user:sso-ns:password }}&client_id={{
      sso-admin-user:sso-ns:client_id }}&client_secret={{
      sso-admin-user:sso-ns:client_secret }}&grant_type={{
      sso-admin-user:sso-ns:grant_type }}&scope={{ sso-admin-user:sso-ns:scope }}
    headers:
      Content-Type:
        - application/x-www-form-urlencoded
    method: POST
    url: http://sso-cloud.sso-ns.svc.cluster.local:9763/oauth2/token
  response:
    #body is sent to a secret successfully
    body: >-
      {
        "access_token": "{{sso-admin-oauth:sso-ns:access_token}}",
        "refresh_token": "{{sso-admin-oauth:sso-ns:refresh_token}}",
        "scope": "openid",
        "token_type": "Bearer",
        "expires_in": {{sso-admin-oauth:sso-ns:expires_in}}
      }
    headers:
      Cache-Control:
        - no-store
      Content-Type:
        - application/json
      Date:
        - Mon, 05 Aug 2024 09:42:01 GMT
      Pragma:
        - no-cache
      Server:
        - WSO2 Carbon Server
      Vary:
        - accept-encoding
      X-Content-Type-Options:
        - nosniff
      X-Frame-Options:
        - DENY
      X-Xss-Protection:
        - 1; mode=block
    statusCode: 200
  synced: true

What environment did it happen in?

Crossplane version: 1.16.0

Additional details

  • Cloud provider or hardware configuration: Self Hosted
  • Kubernetes version (use kubectl version): k8s v1.24.16
  • Kubernetes distribution (e.g. Tectonic, GKE, OpenShift): RKE v2.7.6
  • OS (e.g. from /etc/os-release): Oracle Linux Server 8.10
  • Kernel (e.g. uname -a): 5.4.17-2136.332.5.2.el8uek.x86_64
@hayone1 hayone1 added the bug Something isn't working label Aug 5, 2024
@arielsepton
Copy link
Member

Hey @hayone1,

Thank you for reaching out.

This isn’t a bug. When you set the expectedResponse field, the DisposableRequest completes reconciliation once the condition is met. Please remove the expectedResponse field and try again.

@hayone1
Copy link
Author

hayone1 commented Aug 6, 2024

Hi @arielsepton

Thanks for clarifying. I'll test and close this soon.
You probably should add this neat piece of info the the crd definition and the disposable request example as well.

@hayone1 hayone1 closed this as completed Aug 6, 2024
@hayone1
Copy link
Author

hayone1 commented Aug 7, 2024

Hi There,

Reopening the issue as It actually still does not seem to work.

From the creationTimestamp, lastReconcileTime and the fact that the token is an expired one, It's safe to assume that another reconciliation didn't happen.

I'll paste the latest manifest:

apiVersion: http.crossplane.io/v1alpha2
kind: DisposableRequest
metadata:
  annotations:
    crossplane.io/composition-resource-name: sso-admin-oauth
    crossplane.io/external-create-pending: '2024-08-07T16:13:50Z'
    crossplane.io/external-create-succeeded: '2024-08-07T16:13:51Z'
    crossplane.io/external-name: sso-admin-oauth
  creationTimestamp: '2024-08-07T16:13:50Z'
  finalizers:
    - finalizer.managedresource.crossplane.io
  generateName: sso-admin-oauth-
  generation: 7
  labels:
    crossplane.io/claim-name: ''
    crossplane.io/claim-namespace: ''
    crossplane.io/composite: sso-admin-oauth
    name: sso-admin-oauth
  name: sso-admin-oauth
  ownerReferences:
    - apiVersion: sso.dstack.io/v1alpha1
      blockOwnerDeletion: true
      controller: true
      kind: ClusterWsoAuth
      name: sso-admin-oauth
      uid: c74378de-f384-46fe-be41-7afdfc33f741
  resourceVersion: '156138222'
  uid: 47670119-7ad4-4a42-a3cd-39d22c911eac
spec:
  deletionPolicy: Orphan
  forProvider:
    body: >-
      username={{ sso-admin-user:infra:username }}&password={{
      sso-admin-user:infra:password }}&client_id={{
      sso-admin-user:infra:client_id }}&client_secret={{
      sso-admin-user:infra:client_secret }}&grant_type={{
      sso-admin-user:infra:grant_type }}&scope={{ sso-admin-user:infra:scope }}
    headers:
      Content-Type:
        - application/x-www-form-urlencoded
    insecureSkipTLSVerify: false
    method: POST
    nextReconcile: 669s
    rollbackRetriesLimit: 5
    secretInjectionConfigs:
      - responsePath: .body.access_token
        secretKey: access_token
        secretRef:
          name: sso-admin
          namespace: default
      - responsePath: .body.refresh_token
        secretKey: refresh_token
        secretRef:
          name: sso-admin
          namespace: default
      - responsePath: .body.id_token
        secretKey: id_token
        secretRef:
          name: sso-admin
          namespace: default
    shouldLoopInfinitely: true
    url: http://sso-wso2is.infra.svc.cluster.local:9763/oauth2/token
    waitTimeout: 5m
  managementPolicies:
    - '*'
  providerConfigRef:
    name: default
status:
  conditions:
    - lastTransitionTime: '2024-08-07T16:13:51Z'
      reason: Available
      status: 'True'
      type: Ready
    - lastTransitionTime: '2024-08-07T16:13:51Z'
      reason: ReconcileSuccess
      status: 'True'
      type: Synced
  lastReconcileTime: '2024-08-07T16:13:51Z'
  requestDetails:
    body: >-
      username={{ sso-admin-user:infra:username }}&password={{
      sso-admin-user:infra:password }}&client_id={{
      sso-admin-user:infra:client_id }}&client_secret={{
      sso-admin-user:infra:client_secret }}&grant_type={{
      sso-admin-user:infra:grant_type }}&scope={{ sso-admin-user:infra:scope }}
    headers:
      Content-Type:
        - application/x-www-form-urlencoded
    method: POST
    url: http://sso-wso2is.infra.svc.cluster.local:9763/oauth2/token
  response:
    body: >-
      {"access_token":"{{sso-admin-oauth:infra:access_token}}","refresh_token":"{{sso-admin-oauth:infra:refresh_token}}","scope":"openid","id_token":"{{sso-admin-oauth:infra:id_token}}","token_type":"Bearer","expires_in":669}
    headers:
      Cache-Control:
        - no-store
      Content-Type:
        - application/json
      Date:
        - Wed, 07 Aug 2024 16:13:50 GMT
      Pragma:
        - no-cache
      Server:
        - WSO2 Carbon Server
      Vary:
        - accept-encoding
      X-Content-Type-Options:
        - nosniff
      X-Frame-Options:
        - DENY
      X-Xss-Protection:
        - 1; mode=block
    statusCode: 200
  synced: true

@hayone1 hayone1 reopened this Aug 7, 2024
@arielsepton
Copy link
Member

Hi @hayone1,

Thank you for the update.

I noticed that you have the rollbackRetriesLimit set. Could you try removing it and see if the reconciliation process resumes as expected? The rollbackRetriesLimit can stop the reconciliation if an error occurs, which might be affecting the loop.

Let me know if this helps!

@hayone1
Copy link
Author

hayone1 commented Aug 22, 2024

Apologies for the late response, I was away from this space for a while.

Yes it does seem to work just fine after removing rollbackRetriesLimit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hayone1 @arielsepton