s3 bucket settings not defined in the MR are removed after upgrade to v0.46.0

[mprochnicki]

What happened?

I upgraded provider-aws from version 0.45.2 to version 0.46.0, this resulted in removal of s3 bucket settings that were not defined in MR manifest.

Unfortunately part of s3 bucket settings (notificationConfiguration) must be managed by separate tool outside of Crossplane, and this worked in previous versions.

Enabling management policies and using ["Observe", "Create", "Update", "Delete"] didn't resolved the issue.

How can we reproduce it?

1. Create s3 bucket using below manifest and provider-aws v0.45.2 (or older):

apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
  name: bucket-name
spec:
  deletionPolicy: Delete
  forProvider:
    locationConstraint: us-east-1
    objectOwnership: BucketOwnerEnforced
    paymentConfiguration:
      payer: BucketOwner
    publicAccessBlockConfiguration:
      blockPublicAcls: true
      blockPublicPolicy: true
      ignorePublicAcls: true
      restrictPublicBuckets: true
    serverSideEncryptionConfiguration:
      rules:
        - applyServerSideEncryptionByDefault:
            kmsMasterKeyId: kms-key-id
            kmsMasterKeyIdRef:
              name: kms-key-name
            sseAlgorithm: aws:kms
          bucketKeyEnabled: true
    tagging:
      tagSet:
        - key: key
          value: value

2. Manually configure "Event Notifications" (notificationConfiguration)
3. Upgrade provider-aws to v0.46.0
4. Observe "Event Notifications" settings being removed

What environment did it happen in?

Crossplane version: 1.14.5

[MisterMX]

Having two different points of truth is not supported by this provider. If something has been overwritten, it might be due to the controllers always considering the MR as the target definition.

If there is a bug, maybe with LateInitialize, please let us know.

[mprochnicki]

I would like behavior from circled description, but enabling management policies and using ["Observe", "Create", "Update", "Delete"] didn't worked:

I found that this PR #1974 introduced notification configuration reset, even when it has never been set in the MR. Shouldn't this be dependent on management policies?

[MisterMX]

I can't really say much about Management policies as they are a feature that is coming from https://github.com/crossplane/crossplane-runtime. It is not honored by the provider itself.

Anyways, https://github.com/crossplane-contrib/provider-aws/pull/1974/files#diff-a8eef2da98b1ec4eedcdafbeb44237c0a1065cd0bf9c3f34124cb67c143113efR290 is run during the update step so it would probably apply given the management policy above.

[mprochnicki]

I tried with ["Observe", "Create", "LateInitialize", "Delete"] and that resulted in creation of default s3 bucket, without any settings from spec.forProvider object.

Is there a way to use the provider for objects creation with defined spec, and do not update them after?