prevent DB Instance desired field state flapping (#151)

Both ModifyDBInstance and DescribeDBInstances returns a DBInstance struct that contains the *previously set* values for various mutable fields. This is problematic because it causes a "flopping" behaviour when the user has modified a Spec field from value A to value B but the output shape from ModifyDBInstance for that field contains value A, the standard SetOutput Go code generated above will set the Spec field to the *old* value again. The next time the reconciler runs, it will read the latest observed resource, see a difference between the desired and the latest state (that actually does not exist because the difference is comparing the value of the fields before they were changed) and attempt to modify the field from value B to value A again, causing a flop loop.

Luckily, the Output shape's DBInstance struct contains a `PendingModifiedValues` struct which contains those field values that the user specified. So, we can use these to "reset" the Spec back to the appropriate user-specified values.

This commit does exactly this. It looks in the `PendingModifiedValues` struct for any non-nil field that matches a field in the `Spec` and if it finds a match, sets the `Spec` field to the value in `PendingModifiedValues`. This solves the flapping problem for all of the fields in `PendingModifiedValues`, including `DBInstanceClass`, `AllocatedStorage`, `MultiAZ` and `StorageType`.

Fixes Issue aws-controllers-k8s/community#1773
Fixes Issue aws-controllers-k8s/community#1716
Fixes Issue aws-controllers-k8s/community#1376

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Author: jaypipes

apis/v1alpha1/ack-generate-metadata.yaml

@@ -1,8 +1,8 @@
 ack_generate_info:
-  build_date: "2023-05-01T22:38:52Z"
-  build_hash: 6657565bb742e5cd4cd340d01d5e4786b5fbabc0
-  go_version: go1.19
-  version: v0.26.0
+  build_date: "2023-05-11T22:58:32Z"
+  build_hash: 9e2542cf2c0f92c014524c269474055cca758d70
+  go_version: go1.19.4
+  version: v0.26.0-3-g9e2542c
 api_directory_checksum: b3f33aebf366349bde7945f7b627ae788a18c0d5
 api_version: v1alpha1
 aws_sdk_go_version: v1.44.232

config/controller/deployment.yaml

@@ -73,6 +73,9 @@ spec:
           capabilities:
             drop:
               - ALL
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       terminationGracePeriodSeconds: 10
       serviceAccountName: ack-rds-controller
       hostIPC: false

helm/crds/services.k8s.aws_adoptedresources.yaml

@@ -145,10 +145,7 @@ spec:
                             blockOwnerDeletion:
                               description: If true, AND if the owner has the "foregroundDeletion"
                                 finalizer, then the owner cannot be deleted from the
-                                key-value store until this reference is removed. See
-                                https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
-                                for how the garbage collector interacts with this
-                                field and enforces the foreground deletion. Defaults
+                                key-value store until this reference is removed. Defaults
                                 to false. To set this field, a user needs "delete"
                                 permission of the owner, otherwise 422 (Unprocessable
                                 Entity) will be returned.

helm/templates/_helpers.tpl

@@ -33,7 +33,7 @@ If release name contains chart name it will be used as a full name.
 
 {{- define "watch-namespace" -}}
 {{- if eq .Values.installScope "namespace" -}}
-{{- .Release.Namespace -}}
+{{ .Values.watchNamespace | default .Release.Namespace }}
 {{- end -}}
 {{- end -}}
 

helm/templates/deployment.yaml

@@ -116,6 +116,9 @@ spec:
           capabilities:
             drop:
               - ALL
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       terminationGracePeriodSeconds: 10
       nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }}
       {{ if .Values.deployment.tolerations -}}

helm/values.schema.json

@@ -196,6 +196,9 @@
       "type": "string",
       "enum": ["cluster", "namespace"]
     },
+    "watchNamespace": {
+      "type": "string"
+    },    
     "resourceTags": {
       "type": "array",
       "items": {

helm/values.yaml

@@ -31,7 +31,7 @@ deployment:
 
 # If "installScope: cluster" then these labels will be applied to ClusterRole
 role:
- labels: {}
+  labels: {}
 
 metrics:
   service:
@@ -72,6 +72,10 @@ log:
 # cluster wide.
 installScope: cluster
 
+# Set the value of the "namespace" to be watched by the controller
+# This value is only used when the `installScope` is set to "namespace". If left empty, the default value is the release namespace for the chart.
+watchNamespace: ""
+
 resourceTags:
   # Configures the ACK service controller to always set key/value pairs tags on
   # resources that it manages.