Skip to content

SQS Queue fails to reconcile due to newlines and whitespace #2421

New issue
New issue
Closed
aws-controllers-k8s/sqs-controller
#75
Closed
SQS Queue fails to reconcile due to newlines and whitespace#2421
aws-controllers-k8s/sqs-controller
#75
Assignees
rushmash91
Labels
kind/bugCategorizes issue or PR as related to a bug.service/sqsIndicates issues or PRs that are related to sqs-controller.
@davevans

Description

@davevans
davevans
opened on Apr 9, 2025

Describe the bug
SQS topics that define the Policy or RedrivePolicy field fail to reconcile because of differences in whitespace and newlines.

eg a queue defined by the below

apiVersion: sqs.services.k8s.aws/v1alpha1
kind: Queue
metadata:
  name: my-queue
spec:
  queueName: my-queue
  kmsMasterKeyID: alias/my-KMS-key
  visibilityTimeout: "20"
  messageRetentionPeriod: "1209600"

  policy: |
    {
      "Statement": [{
        "Sid": "MySid",
        "Effect": "Allow",
        "Principal": {
          "AWS": "arn:aws:iam::123456789012:role/some-role"
        },
        "Action": ["sqs:SendMessage", "sqs:ReceiveMessage", "sqs:DeleteMessage"],
        "Resource": "arn:aws:sqs:ap-southeast-2:123456789012:my-queue"
      }]
    }

  redrivePolicy: |
    {
      "deadLetterTargetArn": "arn:aws:sqs:ap-southeast-2:123456789012:my-queue-dlq",
      "maxReceiveCount": 5
    }

results in an error logged by the SQS ACK controller

{
  "level": "info",
  "ts": "2025-04-08T20:40:51.340Z",
  "logger": "ackrt",
  "msg": "desired resource state has changed",
  "kind": "Queue",
  "namespace": "my-namespace",
  "name": "my-queue",
  "account": "123456789012",
  "role": "",
  "region": "ap-southeast-2",
  "is_adopted": false,
  "generation": 2,
  "diff": [
    {
      "Path": { "Parts": ["Spec", "KMSDataKeyReusePeriodSeconds"] },
      "A": null,
      "B": "300"
    },
    {
      "Path": { "Parts": ["Spec", "Policy"] },
      "A": "{\n  \"Statement\": [{\n    \"Sid\": \"MySid\",\n    \"Effect\": \"Allow\",\n    \"Principal\": {\n      \"AWS\": \"arn:aws:iam::123456789012:role/some-role\"\n    },\n    \"Action\": [\"sqs:SendMessage\", \"sqs:ReceiveMessage\", \"sqs:DeleteMessage\"],\n    \"Resource\": \"arn:aws:sqs:ap-southeast-2:123456789012:my-queue\"\n  }]\n}\n",
      "B": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"MySid\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:role/some-role\"},\"Action\":[\"sqs:SendMessage\",\"sqs:ReceiveMessage\",\"sqs:DeleteMessage\"],\"Resource\":\"arn:aws:sqs:ap-southeast-2:123456789012:my-queue\"}]}"
    },
    {
      "Path": { "Parts": ["Spec", "RedrivePolicy"] },
      "A": "{\n  \"deadLetterTargetArn\": \"arn:aws:sqs:ap-southeast-2:123456789012:my-queue-dlq\",\n  \"maxReceiveCount\": 5\n}\n",
      "B": "{\"deadLetterTargetArn\":\"arn:aws:sqs:ap-southeast-2:123456789012:my-queue-dlq\",\"maxReceiveCount\":5}"
    }
  ]
}

Steps to reproduce

Create the queue resource as defined above. View reconciliation errors from SQS controller.

Expected outcome
SQS JSON policies should be able to specified as per the documentation ( https://aws-controllers-k8s.github.io/community/docs/tutorials/sqs-example/#create-an-sqs-queue ) without formatting causing reconciliation errors.

Environment

  • Kubernetes version is v1.30
  • Using AWS EKS v1.30
  • AWS service targeted is SQS

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.service/sqsIndicates issues or PRs that are related to sqs-controller.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions