这是indexloc提供的服务,不要输入任何密码
Skip to content

LastAsyncOperation condition not updated after async operations complete #32

New issue
New issue
Open
Open
LastAsyncOperation condition not updated after async operations complete#32
@abix5

Description

@abix5
abix5
opened on Nov 5, 2025

Provider Information

  • Provider: xpkg.upbound.io/yandexcloud/crossplane-provider-yc
  • Version: v0.12.0
  • Affected Resource: KafkaUser (mdb.yandex-cloud.jet.crossplane.io/v1alpha1)

Problem

The LastAsyncOperation and AsyncOperation status conditions are not updated after asynchronous operations complete in Yandex Cloud. This makes it impossible to reliably detect when resource updates (e.g., password changes) have been fully applied.

Expected vs Actual Behavior

Expected: When a KafkaUser password is updated, the LastAsyncOperation condition should update its lastTransitionTime when the operation completes in Yandex Cloud.

Actual: The LastAsyncOperation and AsyncOperation conditions retain old timestamps even after new operations complete, causing:

  • No visibility into operation completion status
  • GitOps tools show "Synced" while changes are still in progress
  • Unreliable automation workflows

Reproduction

  1. Create a KafkaUser with password reference:
apiVersion: mdb.yandex-cloud.jet.crossplane.io/v1alpha1
kind: KafkaUser
metadata:
  name: test-kafka-user
spec:
  forProvider:
    clusterId: <cluster-id>
    name: test-user
    passwordSecretRef:
      name: kafka-credentials
      namespace: default
      key: password
    permission:
      - topicName: test-topic
        role: ACCESS_ROLE_PRODUCER
  managementPolicies: ["Create","Observe","Update","Delete","LateInitialize"]
  providerConfigRef:
    name: provider-upjet-yc

  1. Wait for resource creation (verify Ready: True and Synced: True)

  2. Update the password in the referenced secret

  3. Wait for provider to detect the change and trigger reconciliation

  4. Observe conditions after operation completes in Yandex Cloud:

kubectl get kafkauser test-kafka-user -o jsonpath='{.status.conditions}' | jq .

Observed Behavior

Timeline Example:

  • T+0m - Password changed, resource generation updated
  • T+1m - Provider emits UpdatedExternalResource event
  • T+3m - Operation completes in Yandex Cloud (verified via console)
  • T+5m - Conditions still show old timestamps from previous operation

Status Conditions:

conditions:
  - lastTransitionTime: "2025-10-20T15:39:48Z"  # OLD - never updated
    reason: ReconcileSuccess
    status: "True"
    type: Synced
  - lastTransitionTime: "2025-10-20T15:39:49Z"  # OLD - never updated
    reason: Available
    status: "True"
    type: Ready
  - lastTransitionTime: "2025-11-05T13:55:47Z"  # OLD - from previous operation
    reason: Finished
    status: "True"
    type: AsyncOperation
  - lastTransitionTime: "2025-11-05T13:56:08Z"  # OLD - from previous operation
    reason: Success
    status: "True"
    type: LastAsyncOperation

Events Show Activity:

TYPE      REASON                        MESSAGE
Normal    UpdatedExternalResource       Successfully requested update of external resource
Warning   CannotUpdateManagedResource   Operation cannot be fulfilled... the object has been modified

Environment

  • Provider: v0.12.0 (xpkg.upbound.io/yandexcloud/crossplane-provider-yc:v0.12.0)
  • Kubernetes: v1.28+
  • Crossplane: v2.0.2
  • Management Policies: ["Create","Observe","Update","Delete","LateInitialize"]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions