chore: requeue after CreateBucket call (#202)

Issue [#2730](aws-controllers-k8s/community#2730)

Description of changes:
Currently, the s3 controller attempts to sync all its fields right after
it calls create.

In ACK runtime, we set the resource as unmanaged if we receive an AWS
error after create, assuming the resource creation failed.

With this change, we ensure sdkCreate is only responsible for creating
the bucket, and returning a requeue error, that will trigger an update
reconciliation loop, ensuring all bucket fields are synced on update

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Author: michaelhtm

apis/v1alpha1/ack-generate-metadata.yaml

@@ -1,9 +1,9 @@
 ack_generate_info:
-  build_date: "2026-01-14T10:41:47Z"
-  build_hash: e743d683160cf0f58a4864e052cdcb0927335ca7
-  go_version: go1.25.5
-  version: v0.57.0
-api_directory_checksum: 8a79c5d90ef817140c340896677c51d4d61b1aec
+  build_date: "2026-02-16T23:44:33Z"
+  build_hash: 917b9ac49daec562bb6504697d5f1b719c9797b4
+  go_version: go1.25.4
+  version: v0.57.0-3-g917b9ac
+api_directory_checksum: eacd8486c6745fb88c373c09fd904d2268e5538f
 api_version: v1alpha1
 aws_sdk_go_version: v1.32.6
 generator_config_info:

pkg/resource/bucket/hook.go

@@ -234,135 +234,6 @@ func (rm *resourceManager) customFindBucket(
 	return &resource{ko}, nil
 }
 
-func (rm *resourceManager) createPutFields(
-	ctx context.Context,
-	r *resource,
-) error {
-	isDirectoryBucket := r.ko.Spec.Name != nil && IsDirectoryBucketName(*r.ko.Spec.Name)
-
-	// Directory buckets only support: Encryption, Lifecycle, Policy, Tagging
-	// Skip all other operations for directory buckets
-
-	if !isDirectoryBucket {
-		// Other configuration options (Replication) require versioning to be
-		// enabled before they can be configured
-		if r.ko.Spec.Versioning != nil {
-			if err := rm.syncVersioning(ctx, r); err != nil {
-				return err
-			}
-		}
-
-		if r.ko.Spec.Accelerate != nil {
-			if err := rm.syncAccelerate(ctx, r); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "Accelerate")
-			}
-		}
-		if len(r.ko.Spec.Analytics) != 0 {
-			if err := rm.syncAnalytics(ctx, r, nil); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "Analytics")
-			}
-		}
-		if r.ko.Spec.CORS != nil {
-			if err := rm.syncCORS(ctx, r); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "CORS")
-			}
-		}
-	}
-
-	// Encryption is supported for both bucket types
-	if r.ko.Spec.Encryption != nil {
-		if err := rm.syncEncryption(ctx, r); err != nil {
-			return errors.Wrapf(err, ErrSyncingPutProperty, "Encryption")
-		}
-	}
-
-	if !isDirectoryBucket {
-		if len(r.ko.Spec.IntelligentTiering) != 0 {
-			if err := rm.syncIntelligentTiering(ctx, r, nil); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "IntelligentTiering")
-			}
-		}
-		if len(r.ko.Spec.Inventory) != 0 {
-			if err := rm.syncInventory(ctx, r, nil); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "Inventory")
-			}
-		}
-	}
-
-	// Lifecycle is supported for both bucket types
-	if r.ko.Spec.Lifecycle != nil {
-		if err := rm.syncLifecycle(ctx, r); err != nil {
-			return errors.Wrapf(err, ErrSyncingPutProperty, "Lifecycle")
-		}
-	}
-
-	if !isDirectoryBucket {
-		if r.ko.Spec.Logging != nil {
-			if err := rm.syncLogging(ctx, r); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "Logging")
-			}
-		}
-		if len(r.ko.Spec.Metrics) != 0 {
-			if err := rm.syncMetrics(ctx, r, nil); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "Metrics")
-			}
-		}
-		if r.ko.Spec.Notification != nil {
-			if err := rm.syncNotification(ctx, r); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "Notification")
-			}
-		}
-		if r.ko.Spec.OwnershipControls != nil {
-			if err := rm.syncOwnershipControls(ctx, r); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "OwnershipControls")
-			}
-		}
-		// PublicAccessBlock may need to be set in order to use Policy, so sync it
-		// first
-		if r.ko.Spec.PublicAccessBlock != nil {
-			if err := rm.syncPublicAccessBlock(ctx, r); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "PublicAccessBlock")
-			}
-		}
-	}
-
-	// Policy is supported for both bucket types
-	if r.ko.Spec.Policy != nil {
-		if err := rm.syncPolicy(ctx, r, isDirectoryBucket); err != nil {
-			return errors.Wrapf(err, ErrSyncingPutProperty, "Policy")
-		}
-	}
-
-	if !isDirectoryBucket {
-		if r.ko.Spec.Replication != nil {
-			if err := rm.syncReplication(ctx, r); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "Replication")
-			}
-		}
-		if r.ko.Spec.RequestPayment != nil {
-			if err := rm.syncRequestPayment(ctx, r); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "RequestPayment")
-			}
-		}
-	}
-
-	// Tagging is supported for both bucket types (uses S3 Control API for directory buckets)
-	if r.ko.Spec.Tagging != nil {
-		if err := rm.syncTagging(ctx, r); err != nil {
-			return errors.Wrapf(err, ErrSyncingPutProperty, "Tagging")
-		}
-	}
-
-	if !isDirectoryBucket {
-		if r.ko.Spec.Website != nil {
-			if err := rm.syncWebsite(ctx, r); err != nil {
-				return errors.Wrapf(err, ErrSyncingPutProperty, "Website")
-			}
-		}
-	}
-	return nil
-}
-
 // customUpdateBucket patches each of the resource properties in the backend AWS
 // service API and returns a new resource with updated fields.
 func (rm *resourceManager) customUpdateBucket(

pkg/resource/bucket/sdk.go

@@ -1,3 +1,3 @@
-	if err := rm.createPutFields(ctx, desired); err != nil {
-		return nil, err
-	}
+	ackcondition.SetSynced(&resource{ko}, corev1.ConditionFalse, aws.String("bucket created, requeue for updates"), nil)
+	err = ackrequeue.NeededAfter(fmt.Errorf("Reconciling to sync additional fields"), time.Second)
+	return &resource{ko}, err

templates/hooks/bucket/sdk_create_post_set_output.go.tpl

@@ -229,7 +229,7 @@ def delete_bucket(bucket: Bucket):
         return
 
     # Delete k8s resource
-    _, deleted = k8s.delete_custom_resource(bucket.ref)
+    _, deleted = k8s.delete_custom_resource(bucket.ref, DELETE_WAIT_AFTER_SECONDS)
     assert deleted is True
 
     time.sleep(DELETE_WAIT_AFTER_SECONDS)
@@ -240,6 +240,7 @@ def basic_bucket(s3_client) -> Generator[Bucket, None, None]:
     try:
         bucket = create_bucket("bucket")
         assert k8s.get_resource_exists(bucket.ref)
+        k8s.wait_on_condition(bucket.ref, "ACK.ResourceSynced", "True", wait_periods=5)
 
         # assert bucket ARN is present in status
         bucket_k8s = bucket.resource_data = k8s.get_resource(bucket.ref)

test/e2e/tests/test_bucket.py

@@ -173,6 +173,7 @@ def test_adopt_or_create_policy(
         tags.assert_ack_system_tags(
             tags=tagging.tag_set,
         )
+        time.sleep(5)
         tags.assert_equal_without_ack_tags(
             expected=initial_tags,
             actual=tagging.tag_set,