Upsert Resource on Adopt-or-Create #2481
Description
Describe the bug
When using specifically the adopt-or-create annotation, there is some unexpected behavior when trying to adopt an existing queue. The expected functionality is that if we are using adopt-or-create and not marking the resource as read-only, the CR should become the source of truth and upsert when adopting the resource.
I have an SQS queue that is currently deployed that has some different configurations than what what my CR has. There are two fields, one is visibilityTimeout and one is the policy field. I essentially have noticed that our deployed resources have some issues that I'm looking to standardize so i'm expecting these differences.
When I deploy the CR in the cluster, I'm getting errors trying to adopt the resource:
operation error SQS: CreateQueue, https response error StatusCode: 400, RequestID: e1b5bf5b-142e-5f3a-84b4-dfc59989e68c, QueueAlreadyExists: A queue already exists with the same name and a different value for attribute VisibilityTimeout
Steps to reproduce
Create a queue that has a visibility timeout and/or resource policy that you're looking to change, have this be unmanaged (I had it created via terraform). In my example, the deployed visibility timeout uses 300.
Create a CR using adopt-or-create annotation and does not include adoption-fields annotation:
metadata:
annotations:
argocd.argoproj.io/sync-wave: '-1'
services.k8s.aws/adoption-policy: adopt-or-create
finalizers:
- finalizers.sqs.services.k8s.aws/Queue
generation: 2
labels:
app: my-app
app.kubernetes.io/instance: my-app
queue-type: primary
name: my-queue
namespace: namespace
spec:
delaySeconds: '0'
maximumMessageSize: '262144'
messageRetentionPeriod: '1209600'
queueName: my-queue
receiveMessageWaitTimeSeconds: '0'
visibilityTimeout: 30
When this deploys in the cluster, I'm getting a reconcile error:
operation error SQS: CreateQueue, https response error StatusCode: 400, RequestID: e1b5bf5b-142e-5f3a-84b4-dfc59989e68c, QueueAlreadyExists: A queue already exists with the same name and a different value for attribute VisibilityTimeout
I have attempted to switch this to using adopt and then supplying adoption-fields to see if I can work around this, but when I use the adopt tag instead of adopt-or-create and provide the adoption-fields property, I'm still seeing the same error as above.
Expected outcome
I'm expecting this to be an upsert, so that if the adopted resource has values different than what is deployed, it'll update the resource to match the manifest, rather than throwing an error saying that there is a mismatch.
Environment
ACK Versions:
Helm 46.25.7
SQS Controller public.ecr.aws/aws-controllers-k8s/sqs-controller:1.1.11 (which I think should have the recent release for this fix https://github.com/aws-controllers-k8s/sqs-controller/releases/tag/v1.1.11 -> https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.46.1)
- Kubernetes version: 1.30
- Using EKS (yes/no), if so version? yes, eks.30
- AWS service targeted (S3, RDS, etc.) SQS, but also seeing it in S3 depending on the props, I'm more concerned about SQS than s3 through at this current moment