[Bug]: PrivateDnsZone deletion fails

[jankaacc]

Is there an existing issue for this?

• I have searched the existing issues

Affected Resource(s)

network.azure.upbound.io/v1beta1 - PrivateDNSZone

Resource MRs required to reproduce the bug

This occurs when you try to delete composite resource that consists of PrivateDNSZone nad PrivateDNSZoneVirtualNetworkLink

Definition

---
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
  name: xprivatednszones.azure.composite.io
spec:
  group: azure.composite.io
  defaultCompositeDeletePolicy: Foreground
  names:
    kind: XPrivateDnsZone
    plural: xprivatednszones
    singular: xprivatednszone
  claimNames:
    kind: PrivateDnsZone
    plural: privatednszones
    singular: privatednszone
  versions:
    - name: v1alpha1
      served: true
      referenceable: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              required:
                - dnsName
                - networkName
              properties:
                dnsName:
                  description: 'DnsName: Subdomain name of private Dns zone.'
                  type: string
                networkName:
                  description: 'NetworkName: Name of the Network managed resource
                    to attach this DNS to.'
                  type: string
                networkId:
                  type: string
            status:
              type: object
              properties:
                dnsVnetId:
                  type: string
                  description: DNS Vnet Id where Private DNS Zone was linked
                privateDnsId:
                  type: string
                  description: Private DNS Zone Id

composition:

apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  creationTimestamp: "2024-09-17T09:27:11Z"
  name: xprivatednszones.azure.composite.io
spec:
  compositeTypeRef:
    apiVersion: azure.composite.io/v1alpha1
    kind: XPrivateDnsZone
  mode: Pipeline
  pipeline:
  - functionRef:
      name: function-patch-and-transform
    input:
      apiVersion: pt.fn.crossplane.io/v1beta1
      kind: Resources
      resources:
      - base:
          apiVersion: network.azure.upbound.io/v1beta1
          kind: PrivateDNSZone
          metadata:
            annotations:
              crossplane.io/external-name: null
            name: null
          spec:
            forProvider:
              resourceGroupName: null
            providerConfigRef:
              name: customer-b7a5aefd-d58d-446f-ba7b-b37cd3ef8ab6
        name: privatednszone
        patches:
        - fromFieldPath: metadata.name
          policy:
            fromFieldPath: Required
          toFieldPath: metadata.name
          type: FromCompositeFieldPath
        - fromFieldPath: spec.dnsName
          policy:
            fromFieldPath: Required
          toFieldPath: metadata.annotations[crossplane.io/external-name]
          transforms:
          - string:
              fmt: '%s.gwc1.azure.aztec.cloud'
              type: Format
            type: string
          type: FromCompositeFieldPath
        - fromFieldPath: spec.networkName
          policy:
            fromFieldPath: Required
          toFieldPath: spec.forProvider.resourceGroupName
          type: FromCompositeFieldPath
        - fromFieldPath: status.atProvider.id
          toFieldPath: status.privateDnsId
          type: ToCompositeFieldPath
      - base:
          apiVersion: network.azure.upbound.io/v1beta1
          kind: PrivateDNSZoneVirtualNetworkLink
          metadata:
            annotations:
              crossplane.io/external-name: null
            name: null
          spec:
            forProvider:
              privateDnsZoneName: null
              registrationEnabled: true
              resourceGroupName: null
              virtualNetworkId: null
            providerConfigRef:
              name: customer-b7a5aefd-d58d-446f-ba7b-b37cd3ef8ab6
        name: privatednszone-link-spoke
        patches:
        - fromFieldPath: metadata.name
          policy:
            fromFieldPath: Required
          toFieldPath: metadata.name
          transforms:
          - string:
              fmt: vnetlink-local-%s
              type: Format
            type: string
          type: FromCompositeFieldPath
        - fromFieldPath: spec.dnsName
          policy:
            fromFieldPath: Required
          toFieldPath: spec.forProvider.privateDnsZoneName
          transforms:
          - string:
              fmt: '%s.gwc1.azure.aztec.cloud'
              type: Format
            type: string
          type: FromCompositeFieldPath
        - fromFieldPath: spec.networkName
          policy:
            fromFieldPath: Required
          toFieldPath: spec.forProvider.resourceGroupName
          type: FromCompositeFieldPath
        - fromFieldPath: spec.networkId
          toFieldPath: spec.forProvider.virtualNetworkId
          policy:
            fromFieldPath: Required
          type: FromCompositeFieldPath
    step: patch-and-transform

Claim

apiVersion: azure.composite.io/v1alpha1
kind: PrivateDnsZone
metadata:
  name: dafndev4-a-dns-5  # Specify the name of the private DNS zone managed resource
  namespace: customer  # This namespace value is static. Please do not change.
spec:
  dnsName: dafndev4-a-dns-5 # Specify the name of the private DNS zone managed resource.
  networkName: rg-d-gwc1-dafndev4-a-networking  # Name your resource group
  networkId: /subscriptions/b7a5aefd-d58d-446f-ba7b-b37cd3ef8ab6/resourceGroups/rg-d-gwc1-dafndev4-a-networking/providers/Microsoft.Network/virtualNetworks/vnet-d-gwc1-dafndev4-a

Steps to Reproduce

1. Fill with you domain, and your provider-configs
2. Submit claim
3. Delete claim

in about 70 % of cases privateDNSZone is not deleted

Related to #819

What happened?

example Private DNS Zone not being deleted events:

    Type:                  LastAsyncOperation
Events:
  Type     Reason                       Age                 From                                                           Message
  ----     ------                       ----                ----                                                           -------
  Normal   CreatedExternalResource      29m                 managed/network.azure.upbound.io/v1beta1, kind=privatednszone  Successfully requested creation of external resource
  Warning  CannotUpdateManagedResource  28m                 managed/network.azure.upbound.io/v1beta1, kind=privatednszone  Operation cannot be fulfilled on privatednszones.network.azure.upbound.io "dafndev4-a-dns-5-2h47n": the object has been modified; please apply your changes to the latest version and try again
  Normal   DeletedExternalResource      17m (x25 over 17m)  managed/network.azure.upbound.io/v1beta1, kind=privatednszone  Successfully requested deletion of external resource

Relevant Error Output Snippet

No response

Crossplane Version

v1.15.2

Provider Version

v1.5.0

Kubernetes Version

No response

Kubernetes Distribution

No response

Additional Info

No response

[turkenf]

Hi @jankaacc, thank you for raising this, I'm closing this for now as I can't reproduce the issue, see #829
Feel free to reopen it.