[Bug]: BucketLifecycleConfiguration reports Ready: True / Synced: True but never creates the lifecycle in AWS #1986
Description
Is there an existing issue for this?
- I have searched the existing issues
Affected Resource(s)
BucketLifecycleConfiguration (s3.aws.m.upbound.io/v1beta1)
Resource MRs required to reproduce the bug
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: BucketLifecycleConfiguration
metadata:
name: my-test-lifecycle
namespace: crossplane-system
spec:
forProvider:
bucket: my-existing-bucket # bucket must already exist in AWS
region: us-east-1
rule:
- abortIncompleteMultipartUpload:
- daysAfterInitiation: 2
filter:
- prefix: ""
id: my_default_rule
status: Enabled
transition:
- days: 0
storageClass: INTELLIGENT_TIERING
transitionDefaultMinimumObjectSize: all_storage_classes_128K
managementPolicies:
- '*'
providerConfigRef:
name: my-provider-config
Steps to Reproduce
- Create an S3 bucket in AWS (e.g. my-existing-bucket)
- Apply the BucketLifecycleConfiguration manifest above (kubectl apply)
- Wait for the resource to reconcile (~1 minute)
- Check the resource status with kubectl get BucketLifecycleConfiguration my-test-lifecycle -o yaml
- Check the actual AWS lifecycle with aws s3api get-bucket-lifecycle-configuration --bucket my-existing-bucket
What happened?
The managed resource reports Ready: True, Synced: True, and LastAsyncOperation: Success — but the lifecycle configuration is never created in AWS.
status:
atProvider:
bucket: my-existing-bucket
id: ""
region: us-east-1
rule:
- abortIncompleteMultipartUpload:
- daysAfterInitiation: 2
filter:
- prefix: ""
id: my_default_rule
status: Enabled
transition:
- days: 0
storageClass: INTELLIGENT_TIERING
transitionDefaultMinimumObjectSize: all_storage_classes_128K
conditions:
- reason: ReconcileSuccess
status: "True"
type: Synced
- reason: Available
status: "True"
type: Ready
- reason: Success
status: "True"
type: LastAsyncOperation
AWS CLI confirms the lifecycle does not exist:
$ aws s3api get-bucket-lifecycle-configuration --bucket my-existing-bucket
An error occurred (NoSuchLifecycleConfiguration) when calling the
GetBucketLifecycleConfiguration operation: The lifecycle configuration does not exist
Additional observed behaviour:
- Provider logs show External resource is up to date on every reconcile — no Async create starting is ever logged
- Performing a kubectl patch on any spec.forProvider field (e.g. changing transitionDefaultMinimumObjectSize to varies_by_storage_class) triggers a proper Successfully requested update event, after which Terraform actually applies the lifecycle to AWS.
- This means the bug is in the initial Create / Observe path, not in the Update path
- The atProvider.rule is populated with the exact content of forProvider.rule despite no AWS resource existing, indicating the provider is mirroring forProvider into atProvider without performing an actual AWS API call
- All other BucketLifecycleConfiguration resources in the same cluster that were created before a provider pod restart also show this behaviour. Only a spec change (triggering an Update event) recovers them
- Other S3 subresource kinds (BucketVersioning, BucketPolicy, BucketACL, etc.) do not exhibit this behaviour — they correctly create the resource on first reconcile
Relevant Error Output Snippet
Provider pod logs (DEBUG level) — note the absence of any Async create entry:
DEBUG provider-aws Connecting to the service provider {"name": "my-test-lifecycle", ...}
DEBUG provider-aws Observing the external resource {"name": "my-test-lifecycle", ...}
DEBUG provider-aws External resource is up to date {"name": "my-test-lifecycle", "external-name": "my-existing-bucket", "requeue-after": "..."}Crossplane Version
2.1.3
Provider Version
2.4.0
Kubernetes Version
v1.34.3-eks-ac2d5a0
Kubernetes Distribution
EKS