Skip to content

Namespaced ProviderConfigUsage should consider ProviderConfig namespace. #7154

New issue
New issue
Open
Open
Namespaced ProviderConfigUsage should consider ProviderConfig namespace.#7154
crossplane/crossplane-runtime
#935
 (+1)
Labels
bugSomething isn't working
@kostyaplis

Description

@kostyaplis
kostyaplis
opened on Feb 19, 2026

What happened?

Cannot delete ProviderConfig in empty namespace A, if there is a ProviderConfig with the same name in namespace B and it has Managed Resources.

How can we reproduce it?

Tested with Azure provider family
Create 2 test namespaces:

kubectl create ns test-1
kubectl create ns test-2

Create ProviderConfig and ResourceGroup in test-1

---
apiVersion: azure.m.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: test
  namespace: test-1
spec:
  clientID: redacted
  credentials:
    source: OIDCTokenFile
  subscriptionID: redacted
  tenantID: redacted

---
apiVersion: azure.m.upbound.io/v1beta1
kind: ResourceGroup
metadata:
  name: test
  namespace: test-1
spec:
  forProvider:
    location: westus3
  providerConfigRef:
    name: test
    kind: ProviderConfig

Create just a ProviderConfig in test-2

---
apiVersion: azure.m.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: test
  namespace: test-2
spec:
  clientID: redacted
  credentials:
    source: OIDCTokenFile
  subscriptionID: redacted
  tenantID: redacted

Check ProviderConfig in test-2 namespace. Note users: 1 even though no Managed Resources created in the namespace yet.

~ kubectl get providerconfig.azure.m.upbound.io/test -o yaml
apiVersion: azure.m.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  annotations: redacted
  creationTimestamp: "2026-02-19T10:44:10Z"
  finalizers:
  - in-use.crossplane.io
  generation: 1
  name: test
  namespace: test-2
  resourceVersion: "991515324"
  uid: 868c0ba8-1e4b-4c7f-b5c4-166fdca806cd
spec:
  clientID: redacted
  credentials:
    source: OIDCTokenFile
  subscriptionID: redacted
  tenantID: redacted
status:
  users: 1

Double-check that there are no ProviderConfigUsages in test-2 namespace:

~ k get providerconfigusages.azure.m.upbound.io
No resources found in test-2 namespace.

Delete ProviderConfig in test-2 namespace. Check its status. Note deletion message: Blocking deletion while usages still exist

~ kubectl delete providerconfig.azure.m.upbound.io/test
providerconfig.azure.m.upbound.io "test" deleted from test-2 namespace
~ k get providerconfig.azure.m.upbound.io/test -o yaml
apiVersion: azure.m.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  annotations: redacted
  creationTimestamp: "2026-02-19T10:44:10Z"
  deletionGracePeriodSeconds: 0
  deletionTimestamp: "2026-02-19T11:02:11Z"
  finalizers:
  - in-use.crossplane.io
  generation: 2
  name: test
  namespace: test-2
  resourceVersion: "991539498"
  uid: 868c0ba8-1e4b-4c7f-b5c4-166fdca806cd
spec:
  clientID: redacted
  credentials:
    source: OIDCTokenFile
  subscriptionID: redacted
  tenantID: redacted
status:
  conditions:
  - lastTransitionTime: "2026-02-19T11:02:11Z"
    message: Blocking deletion while usages still exist
    reason: InUse
    status: "True"
    type: Terminating
  users: 1

What environment did it happen in?

Crossplane version: v2.1.3
Azure family: v2.3.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions