Is there an existing issue for this?
Affected Resource(s)
compute.gcp.m.upbound.io/v1beta1 - FirewallPolicy
Resource MRs required to reproduce the bug
apiVersion: compute.gcp.m.upbound.io/v1beta1
kind: FirewallPolicy
metadata:
name: mvlz-hierarchical-firewall-policy
labels:
mvlz.io/layer: foundation
mvlz.io/component: security
mvlz.io/policy-type: hierarchical
annotations:
crossplane.io/external-name: compute/v1beta1/firewallpolicy
spec:
forProvider:
parent: "organizations/ORG_ID"
shortName: mvlz-common-firewall-policy
description: "MVLZ hierarchical firewall policy providing organization-wide governance rules"
providerConfigRef:
name: gcp-provider-config
kind: ClusterProviderConfig
Steps to Reproduce
Creating Firewall Policy with kubectl apply -f <e.g. provided manifest>
What happened?
Attempting to deploy a GCP firewall policy results in requiring a non-existent API field 'parentId'.
This is definitely not Crossplane V2 related behaviour. The use of v1 API (apiVersion: compute.gcp.upbound.io/v1beta1) leads to exactly the same outcome. In both v1 (https://github.com/crossplane-contrib/provider-upjet-gcp/blob/main/package/crds/compute.gcp.upbound.io_firewallpolicies.yaml) and v2 (https://github.com/crossplane-contrib/provider-upjet-gcp/blob/main/package/crds/compute.gcp.m.upbound.io_firewallpolicies.yaml) CRDs API schema there's no such field 'parentId'.
Relevant Error Output Snippet
kubectl get managed
NAME SYNCED READY EXTERNAL-NAME AGE
firewallpolicy.compute.gcp.m.upbound.io/mvlz-hierarchical-firewall-policy False compute/v1beta1/firewallpolicy 23s
kubectl describe firewallpolicy.compute.gcp.m.upbound.io/mvlz-hierarchical-firewall-policy
Name: mvlz-hierarchical-firewall-policy
Namespace: crossplane-system
Labels: mvlz.io/component=security
mvlz.io/layer=foundation
mvlz.io/policy-type=hierarchical
Annotations: crossplane.io/external-name: compute/v1beta1/firewallpolicy
API Version: compute.gcp.m.upbound.io/v1beta1
Kind: FirewallPolicy
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning CannotObserveExternalResource 8s (x6 over 40s) managed/compute.gcp.m.upbound.io/v1beta1, kind=firewallpolicy failed to observe the resource: [{0 Error when reading or editing ComputeFirewallPolicy "compute/v1beta1/firewallpolicy": googleapi: Error 400: Required field 'parentId' not specified, required []}]Crossplane Version
2.0.2
Provider Version
2.0.0
Kubernetes Version
Client Version: v1.34.0 Kustomize Version: v5.7.1 Server Version: v1.33.4-gke.1036000
Kubernetes Distribution
GKE
Additional Info
No response
Is there an existing issue for this?
Affected Resource(s)
compute.gcp.m.upbound.io/v1beta1 - FirewallPolicy
Resource MRs required to reproduce the bug
Steps to Reproduce
Creating Firewall Policy with
kubectl apply -f <e.g. provided manifest>What happened?
Attempting to deploy a GCP firewall policy results in requiring a non-existent API field 'parentId'.
This is definitely not Crossplane V2 related behaviour. The use of v1 API (apiVersion: compute.gcp.upbound.io/v1beta1) leads to exactly the same outcome. In both v1 (https://github.com/crossplane-contrib/provider-upjet-gcp/blob/main/package/crds/compute.gcp.upbound.io_firewallpolicies.yaml) and v2 (https://github.com/crossplane-contrib/provider-upjet-gcp/blob/main/package/crds/compute.gcp.m.upbound.io_firewallpolicies.yaml) CRDs API schema there's no such field 'parentId'.
Relevant Error Output Snippet
kubectl get managed NAME SYNCED READY EXTERNAL-NAME AGE firewallpolicy.compute.gcp.m.upbound.io/mvlz-hierarchical-firewall-policy False compute/v1beta1/firewallpolicy 23s kubectl describe firewallpolicy.compute.gcp.m.upbound.io/mvlz-hierarchical-firewall-policy Name: mvlz-hierarchical-firewall-policy Namespace: crossplane-system Labels: mvlz.io/component=security mvlz.io/layer=foundation mvlz.io/policy-type=hierarchical Annotations: crossplane.io/external-name: compute/v1beta1/firewallpolicy API Version: compute.gcp.m.upbound.io/v1beta1 Kind: FirewallPolicy ... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning CannotObserveExternalResource 8s (x6 over 40s) managed/compute.gcp.m.upbound.io/v1beta1, kind=firewallpolicy failed to observe the resource: [{0 Error when reading or editing ComputeFirewallPolicy "compute/v1beta1/firewallpolicy": googleapi: Error 400: Required field 'parentId' not specified, required []}]Crossplane Version
2.0.2
Provider Version
2.0.0
Kubernetes Version
Client Version: v1.34.0 Kustomize Version: v5.7.1 Server Version: v1.33.4-gke.1036000
Kubernetes Distribution
GKE
Additional Info
No response