late_initialize DBCluster and DBInstance fields that get defaulted by AWS

michaelhtm · michaelhtm · commit 5f602da413f0 · 2025-12-12T10:35:38.000-08:00
Some spec fields get default values from AWS after they are created.
These defaults cause the controller to keep requeuing, trying to set
them to null. With these changes, we late initialize these fields,
ensuring they are defaulted if the user does not define them
diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml
@@ -1,13 +1,13 @@
 ack_generate_info:
-  build_date: "2025-11-29T03:44:25Z"
-  build_hash: 23c7074fa310ad1ccb38946775397c203b49f024
+  build_date: "2025-12-12T18:06:45Z"
+  build_hash: 5c8b9050006ef6c7d3a97c279e7b1bc163f20a0a
   go_version: go1.25.4
-  version: v0.56.0
+  version: v0.56.0-3-g5c8b905
 api_directory_checksum: 90b0d1adcc91f4a1b1f1b436e3ac0c30d9271678
 api_version: v1alpha1
 aws_sdk_go_version: v1.32.6
 generator_config_info:
-  file_checksum: 23c3c400e5913ebaa0047af70fda453b065ce321
+  file_checksum: fbab0d4bb9fa74cc5e6e8d59465de73495fd73d7
   original_file_name: generator.yaml
 last_modification:
   reason: API generation
diff --git a/apis/v1alpha1/generator.yaml b/apis/v1alpha1/generator.yaml
@@ -225,6 +225,9 @@ resources:
         compare:
           # We have a custom comparison function...
           is_ignored: true
+      DatabaseInsightsMode:
+        late_initialize:
+          skip_incomplete_check: {}
     renames:
       operations:
         CreateDBCluster:
@@ -319,7 +322,8 @@ resources:
         - InvalidParameterCombination
     fields:
       AvailabilityZone:
-        late_initialize: {}
+        late_initialize:
+          skip_incomplete_check: {}
         is_immutable: true
       DBInstanceIdentifier:
         is_primary_key: true
@@ -328,7 +332,9 @@ resources:
           name: "STATUS"
       MasterUserPassword:
         is_secret: true
-      KMSKeyId:
+      KMSKeyID:
+        late_initialize:
+          skip_incomplete_check: {}
         references:
           resource: Key
           service_name: kms
@@ -352,9 +358,41 @@ resources:
           service_name: ec2
           path: Status.ID
       BackupTarget:
-        late_initialize: {}
+        late_initialize:
+          skip_incomplete_check: {}
       NetworkType:
-        late_initialize: {}
+        late_initialize:
+          skip_incomplete_check: {}
+      AutoMinorVersionUpgrade:
+        late_initialize:
+          skip_incomplete_check: {}
+      CACertificateIdentifier:
+        late_initialize:
+          skip_incomplete_check: {}
+      DatabaseInsightsMode:
+        late_initialize:
+          skip_incomplete_check: {}
+      LicenseModel:
+        late_initialize:
+          skip_incomplete_check: {}
+      MultiAZ:
+        late_initialize:
+          skip_incomplete_check: {}
+      PreferredBackupWindow:
+        late_initialize:
+          skip_incomplete_check: {}
+      PreferredMaintenanceWindow:
+        late_initialize:
+          skip_incomplete_check: {}
+      StorageEncrypted:
+        late_initialize:
+          skip_incomplete_check: {}
+      StorageThroughput:
+        late_initialize:
+          skip_incomplete_check: {}
+      StorageType:
+        late_initialize:
+          skip_incomplete_check: {}
       # Used by restore db instance from db snapshot
       DBSnapshotIdentifier:
         from:
@@ -397,6 +435,12 @@ resources:
       PerformanceInsightsRetentionPeriod:
         late_initialize:
           skip_incomplete_check: {}
+      DatabaseInsightsMode:
+        late_initialize:
+          skip_incomplete_check: {}
+      IOPS:
+        late_initialize:
+          skip_incomplete_check: {}
       Tags:
         compare:
           # We have a custom comparison function...
diff --git a/config/crd/common/bases/services.k8s.aws_iamroleselectors.yaml b/config/crd/common/bases/services.k8s.aws_iamroleselectors.yaml
@@ -63,6 +63,16 @@ spec:
                 required:
                 - names
                 type: object
+              resourceLabelSelector:
+                description: LabelSelector is a label query over a set of resources.
+                properties:
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                required:
+                - matchLabels
+                type: object
               resourceTypeSelector:
                 items:
                   properties:
diff --git a/config/crd/common/kustomization.yaml b/config/crd/common/kustomization.yaml
@@ -3,5 +3,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - bases/services.k8s.aws_iamroleselectors.yaml
   - bases/services.k8s.aws_fieldexports.yaml
+  - bases/services.k8s.aws_iamroleselectors.yaml
diff --git a/generator.yaml b/generator.yaml
@@ -225,6 +225,9 @@ resources:
         compare:
           # We have a custom comparison function...
           is_ignored: true
+      DatabaseInsightsMode:
+        late_initialize:
+          skip_incomplete_check: {}
     renames:
       operations:
         CreateDBCluster:
@@ -319,7 +322,8 @@ resources:
         - InvalidParameterCombination
     fields:
       AvailabilityZone:
-        late_initialize: {}
+        late_initialize:
+          skip_incomplete_check: {}
         is_immutable: true
       DBInstanceIdentifier:
         is_primary_key: true
@@ -328,7 +332,9 @@ resources:
           name: "STATUS"
       MasterUserPassword:
         is_secret: true
-      KMSKeyId:
+      KMSKeyID:
+        late_initialize:
+          skip_incomplete_check: {}
         references:
           resource: Key
           service_name: kms
@@ -352,9 +358,41 @@ resources:
           service_name: ec2
           path: Status.ID
       BackupTarget:
-        late_initialize: {}
+        late_initialize:
+          skip_incomplete_check: {}
       NetworkType:
-        late_initialize: {}
+        late_initialize:
+          skip_incomplete_check: {}
+      AutoMinorVersionUpgrade:
+        late_initialize:
+          skip_incomplete_check: {}
+      CACertificateIdentifier:
+        late_initialize:
+          skip_incomplete_check: {}
+      DatabaseInsightsMode:
+        late_initialize:
+          skip_incomplete_check: {}
+      LicenseModel:
+        late_initialize:
+          skip_incomplete_check: {}
+      MultiAZ:
+        late_initialize:
+          skip_incomplete_check: {}
+      PreferredBackupWindow:
+        late_initialize:
+          skip_incomplete_check: {}
+      PreferredMaintenanceWindow:
+        late_initialize:
+          skip_incomplete_check: {}
+      StorageEncrypted:
+        late_initialize:
+          skip_incomplete_check: {}
+      StorageThroughput:
+        late_initialize:
+          skip_incomplete_check: {}
+      StorageType:
+        late_initialize:
+          skip_incomplete_check: {}
       # Used by restore db instance from db snapshot
       DBSnapshotIdentifier:
         from:
@@ -397,6 +435,12 @@ resources:
       PerformanceInsightsRetentionPeriod:
         late_initialize:
           skip_incomplete_check: {}
+      DatabaseInsightsMode:
+        late_initialize:
+          skip_incomplete_check: {}
+      IOPS:
+        late_initialize:
+          skip_incomplete_check: {}
       Tags:
         compare:
           # We have a custom comparison function...
diff --git a/helm/crds/services.k8s.aws_iamroleselectors.yaml b/helm/crds/services.k8s.aws_iamroleselectors.yaml
@@ -63,6 +63,16 @@ spec:
                 required:
                 - names
                 type: object
+              resourceLabelSelector:
+                description: LabelSelector is a label query over a set of resources.
+                properties:
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                required:
+                - matchLabels
+                type: object
               resourceTypeSelector:
                 items:
                   properties:
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -51,6 +51,13 @@ spec:
         - "$(AWS_REGION)"
         - --aws-endpoint-url
         - "$(AWS_ENDPOINT_URL)"
+{{- if .Values.aws.identity_endpoint_url }}
+        - --aws-identity-endpoint-url
+        - "$(AWS_IDENTITY_ENDPOINT_URL)"
+{{- end }}
+{{- if .Values.aws.allow_unsafe_aws_endpoint_urls }}
+        - --allow-unsafe-aws-endpoint-urls
+{{- end }}
 {{- if .Values.log.enable_development_logging }}
         - --enable-development-logging
 {{- end }}
@@ -109,6 +116,8 @@ spec:
           value: {{ .Values.aws.region }}
         - name: AWS_ENDPOINT_URL
           value: {{ .Values.aws.endpoint_url | quote }}
+        - name: AWS_IDENTITY_ENDPOINT_URL
+          value: {{ .Values.aws.identity_endpoint_url | quote }}
         - name: ACK_WATCH_NAMESPACE
           value: {{ include "ack-rds-controller.watch-namespace" . }}
         - name: ACK_WATCH_SELECTORS
diff --git a/helm/values.schema.json b/helm/values.schema.json
@@ -171,9 +171,16 @@
         "region": {
           "type": "string"
         },
-        "endpoint": {
+        "endpoint_url": {
           "type": "string"
         },
+        "identity_endpoint_url": {
+          "type": "string"
+        },
+        "allow_unsafe_aws_endpoint_urls": {
+          "type": "boolean",
+          "default": false
+        },
         "credentials": {
           "description": "AWS credentials information",
           "properties": {
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -90,6 +90,8 @@ aws:
   # If specified, use the AWS region for AWS API calls
   region: ""
   endpoint_url: ""
+  identity_endpoint_url: ""
+  allow_unsafe_aws_endpoint_urls: false
   credentials:
     # If specified, Secret with shared credentials file to use.
     secretName: ""
diff --git a/pkg/resource/db_cluster/manager.go b/pkg/resource/db_cluster/manager.go
diff --git a/pkg/resource/db_instance/manager.go b/pkg/resource/db_instance/manager.go
