Cannot set external-name to security group

[fernandezcuesta]

What happened?

When external-name annotation is set to a security group, AWS provider fails to create/import the object with the following error:

Invalid id: "system-nodegroup-us-east-2-main" (expecting "sg-...") 

How can we reproduce it?

Have a securitygroup added in a composition which adds the external-name annotation, as for example:

    - name: sg-system-nodegroup
      base:
        apiVersion: ec2.aws.upbound.io/v1beta1
        kind: SecurityGroup
        spec:
          forProvider:
            description: Allow everything IN from local, everything OUT
      patches:
        - type: PatchSet
          patchSetName: common-patches
        - type: FromCompositeFieldPath
          fromFieldPath: spec.parameters.vpcId
          toFieldPath: spec.forProvider.vpcId
        - &setName
          type: CombineFromComposite
          toFieldPath: metadata.name
          combine:
            variables:
            - fromFieldPath: spec.resourceConfig.region
            - fromFieldPath: spec.parameters.clusterName
            strategy: string
            string:
              fmt: "system-nodegroup-%s-%s"
        - <<: *setName
          toFieldPath: spec.forProvider.tags.Name
        - <<: *setName
          toFieldPath: metadata.annotations["crossplane.io/external-name"]
        - <<: *setName
          toFieldPath: spec.forProvider.name

What environment did it happen in?

• Universal Crossplane Version: v1.11.2
• Provider Version: v0.31.0
• Kubernetes Version: 1.25.6

[haarchri]

the external-name identifier for SecurityGroup in AWS is in format sg-.....

https://github.com/upbound/provider-aws/blob/main/config/externalname.go#L185

you set system-nodegroup-us-east-2-main which is wrong - if you want to set the Name in AWS you need to add a tag with Name key

[fernandezcuesta]

Hi, I understood from the error that this was the case, but as a user I didn't spot this in the documentation (moreover, external-name is describe as a good practice in the docs).
It looks like the purpose of the external-name annotation is leading to misunderstanding, I'd really appreciate if this could be clarified (as asked in this issue).

[github-actions]

This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[github-actions]

This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[GMartinez-Sisti]

/fresh

[github-actions]

This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[GMartinez-Sisti]

/fresh