Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parameter "cloud": Not Properly Applied to API Requests #6

Open
2mind opened this issue Nov 1, 2024 · 1 comment
Open

Parameter "cloud": Not Properly Applied to API Requests #6

2mind opened this issue Nov 1, 2024 · 1 comment

Comments

@2mind
Copy link

2mind commented Nov 1, 2024

Description:

In version xpkg.upbound.io/hcs/provider-huaweicloud:v0.0.3, the cloud parameter specified in the credentials configuration is not correctly applied, causing API requests to default to myhuaweicloud.com. This issue arises even when other configuration parameters (e.g., region, access_key, secret_key) are correctly recognized. This results in API requests targeting the default endpoint instead of the specified custom endpoint, producing an authentication error.

Details:

The error occurs specifically when using a custom cloud endpoint. Even when set to a specific endpoint, requests default to https://iam.my-region-1.myhuaweicloud.com instead of the specified cloud endpoint.

Error Output:

Warning  CannotObserveExternalResource  0s (x5 over 34s)  managed/cce.huaweicloud.crossplane.io/v1alpha1, kind=cluster  
cannot run refresh: refresh failed: Action forbidden: [GET https://iam.my-region-1.myhuaweicloud.com/v3/projects?name=my-region-1], 
request_id: , error message: {"error":{"message":"InvalidAccessKeyId","code":403}}

Example Secret Configuration:

apiVersion: v1
kind: Secret
metadata:
  name: huaweicloud-secret
  namespace: crossplane-system
type: Opaque
stringData:
  credentials: |
    {
      "region": "my-region-1",
      "access_key": "$(echo -n "${HUAWEICLOUD_ACCESS_KEY}")",
      "secret_key": "$(echo -n "${HUAWEICLOUD_SECRET_KEY}")",
      "cloud": "my-endpoint.com",
      "max_retries": "5",
      "insecure": "false"
    }

Example Resource Configuration:

The error was observed when creating a Cluster resource:

apiVersion: cce.huaweicloud.crossplane.io/v1alpha1
kind: Cluster
metadata:
  labels:
    testing.upbound.io/example-name: cluster
  name: cluster
spec:
  deletionPolicy: Delete
  forProvider:
    containerNetworkType: eni
    eniSubnetCidr: 10.28.4.0/24
    eniSubnetId: f0e4cc5a-b07f-4395-a105-7f831376086c
    flavorId: cce.s2.large
    name: cluster
    subnetId: db259567-2a47-437b-bcba-9958b7e36e0d
    vpcId: ba9eb4e3-f441-4076-a4d5-363cb86b4de6
  managementPolicies:
  - '*'
  providerConfigRef:
    name: provider-huaweicloud

Expected Behavior:

The cloud parameter should be correctly applied to route requests to the specified endpoint (e.g., https://iam.my-region-1.my-endpoint.com), allowing full access to the custom endpoint.

Steps to Reproduce:

Configure the Huawei Provider with a secret that includes the cloud parameter, as shown above.
Deploy a Cluster resource.
Observe that API requests ignore the specified endpoint and continue to target myhuaweicloud.com.

Additional Information:

Please advise on any workarounds or additional configuration steps that may address this behavior.
@2mind
Copy link
Author

2mind commented Nov 1, 2024

"cloud" parameter is present in schema.json (link)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@2mind