WAFv2 controller loggingConfiguration not applied after initial creation of webacl #2701
Description
Describe the bug
Thanks a lot to @rushmash91 for adding support for loggingConfiguration in aws-controllers-k8s/wafv2-controller#29 . However we think we might have run into a bug with applying config after webacl is created.
We are trying to create a webacl and add an existing cloudwatch log group to it via loggingConfiguration. As we dont know the ARN of the log group until after creation (it is created by cloudwatchlogs-controller at the same time) we apply a patch to the webacl after creation where we set the loggingConfiguration
When the patch is applied we see our resource being updated, we get the error "Logging has not been enabled for the WebACL", (as expected from what we can tell from code? but should then continue?) but then there is no PutLoggingConfiguration request going out.
If we instead hardcode the loggingConfiguration in the webacl template at creation time as a test, it works and the loggingConfiguration is created. Is there something wrong with the delta apply or logic?
Steps to reproduce
Create webacl without loggingConfiguration. Add loggingConfiguration after webacl is already created by ack controller.
Expected outcome
PutLoggingConfiguration should happen and apply the config
Environment
-
Kubernetes version
-
Using EKS (yes/no), if so version?
Yes 1.34 -
AWS service targeted (S3, RDS, etc.)
wafv2