SslCert k8s resource persists after CloudSQL instance is deleted

[lambchr]

What happened?

I created a composition with:

• CloudSQLInstance (using provider-gcp)
• SslCert (using the provider-jet-gcp)
  when I deleted an XR for this composition the SslCert managed resource persists with the following event, as the CloudSQLInstance was deleted first.

  Warning  CannotDeleteExternalResource  3m16s (x20606 over 24h)  managed/sql.gcp.jet.crossplane.io/v1alpha1, kind=sslcert  cannot destroy: destroy failed: Error, failed to delete ssl cert "clamb-test-crossplane-c399068f" in instance "clamb-test-crossplane-c399068f": googleapi: Error 409: The instance or operation is not in an appropriate state to handle the request., invalidState:

Note there are two other issues (1, 2) created in other providers, that seem to be having the same problem. Maybe this should be solved in the crossplane repo?

How can we reproduce it?

• Create a composition with the CloudSQLInstance and SslCert resources
• Create an XR your composition, wait for it to be ready
• Delete the XR
• Check and the SslCert will persist if the CloudSQLInstance was deleted first

What environment did it happen in?

Crossplane version: v0.19.0
Provider-gcp version: v0.19.0
Provider-jet-gcp version: v0.1.0-preview
Running on GKE

[turkenh]

Thanks for reporting 👍

Just to make sure, how long did you wait? I am wondering if it requires some time until the certificate is marked as unused.

This also seems related: https://stackoverflow.com/questions/62237910/can-not-delete-google-managed-ssl-certificate

[lambchr]

Hey, thanks for taking a look, I think I left the cert around for at least a day before I noticed the k8s resource hadn't been deleted