ACK S3 controller performs incorrect LifecycleConfigurationRule schema validation

[kblaszcz]

Description
ACK S3 controller doesn't require filter field or prefix field to exist in the manifest when creating LifecycleRule. AWS API doc assumes that either filter or prefix exists - See Filter description for more details here - https://docs.aws.amazon.com/AmazonS3/latest/API/API_LifecycleRule.html

Steps to reproduce

1. Create following manifest file:

apiVersion: s3.services.k8s.aws/v1alpha1
kind: Bucket
metadata:
  name: test-random-name-bucket
spec:
  name: test-random-name-bucket
  lifecycle:
    rules:
      - id: NoncurrentVersion
        # filter:
        #   prefix: logs/
        status: Enabled
        noncurrentVersionTransitions:
          - noncurrentDays: 30
            storageClass: STANDARD_IA

  tagging:
    tagSet:
      - key: "Name"
        value: "test-random-name-bucket"

2. Apply this manifest on your cluster with S3 controller installed
3. See what happens:
   1. You will get bucket get 'created' response,
   2. bucket will be created without lifecycle rules,
   3. kubectl get buckets test-random-name-bucket -o yaml will show 'api error MalformedXML: The XML you provided was not well-formed or did not validate against our published schema'

Expected outcome
Should fail on schema validation and directly respond to user.

Environment

• Kubernetes version: v1.33.4-eks-e386d34
• Using EKS with Platform version eks.12
• AWS service targeted - S3

[github-actions]

Hello @kblaszcz 👋 Thank you for opening an issue in ACK! A maintainer will triage this issue soon.

We encourage community contributions, so if you're interested in tackling this yourself or suggesting a solution, please check out our Contribution and Code of Conduct guidelines.

You can find more information about ACK on our website.

[rushmash91]

Hi @kblaszcz ,
Thank you for raising this issue!

ACK controllers are designed as declarative wrappers around AWS service APIs that provide a 1:1 mapping between Kubernetes resources and AWS resources. We focus on declarative state management rather than implementing custom strategies or API patterns beyond what AWS natively provides.

ACK intentionally mirrors AWS API behavior rather than adding additional validation beyond what's required for CRD functionality. The AWS S3 API is the source of truth for validation rules. The error message from AWS provides the necessary feedback for users to correct their configuration.

[rushmash91]

Feel free to reopen if you have comments or other questions 🙂

/close

[ack-prow]

@rushmash91: Closing this issue.

In response to this:

Feel free to reopen if you have comments or other questions 🙂

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.