Add Certificate refs for https listeners

Signed-off-by: EdgeJ <[email protected]>

apis/elbv2/generator-config.yaml

@@ -3,6 +3,7 @@ ignore:
   field_paths:
     - CreateListenerInput.LoadBalancerArn
     - CreateListenerInput.DefaultActions
+    - CreateListenerInput.Certificates
     # Type has a json key of type_, so it's reimplemented with loadBalancerType
     - CreateLoadBalancerInput.Type
   resource_names:

apis/elbv2/v1alpha1/custom_types.go

@@ -91,6 +91,16 @@ type CustomAction struct {
 
 // CustomListenerParameters includes the custom fields of Listener.
 type CustomListenerParameters struct {
+	// [HTTPS and TLS listeners] The default certificate for the listener.
+	// +optional
+	CertificateARN *string `json:"certificateArn,omitempty"`
+
+	// Reference to Certificates for Certificate ARN
+	CertificateARNRef *xpv1.Reference `json:"certificateArnRef,omitempty"`
+
+	// Selector for references to Certificate for CertificateArn
+	CertificateARNSelector *xpv1.Selector `json:"certificateArnSelector,omitempty"`
+
 	// The actions for the default rule.
 	// +kubebuilder:validation:Required
 	DefaultActions []*CustomAction `json:"defaultActions"`

apis/elbv2/v1alpha1/referencers.go

@@ -21,15 +21,30 @@ import (
 	"github.com/pkg/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	acm "github.com/crossplane/provider-aws/apis/acm/v1beta1"
 	ec2 "github.com/crossplane/provider-aws/apis/ec2/v1beta1"
 )
 
 // ResolveReferences resolves references for Listeners
 func (mg *Listener) ResolveReferences(ctx context.Context, c client.Reader) error {
 	r := reference.NewAPIResolver(c, mg)
 
-	// resolve loadbalancer ARN reference
+	// resolve certificate ARN reference
 	rsp, err := r.Resolve(ctx, reference.ResolutionRequest{
+		CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.CertificateARN),
+		Reference:    mg.Spec.ForProvider.CertificateARNRef,
+		Selector:     mg.Spec.ForProvider.CertificateARNSelector,
+		To:           reference.To{Managed: &acm.Certificate{}, List: &acm.CertificateList{}},
+		Extract:      reference.ExternalName(),
+	})
+	if err != nil {
+		return errors.Wrap(err, "spec.forProvider.certificateArn")
+	}
+	mg.Spec.ForProvider.CertificateARN = reference.ToPtrValue(rsp.ResolvedValue)
+	mg.Spec.ForProvider.CertificateARNRef = rsp.ResolvedReference
+
+	// resolve loadbalancer ARN reference
+	rsp, err = r.Resolve(ctx, reference.ResolutionRequest{
 		CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.LoadBalancerARN),
 		Reference:    mg.Spec.ForProvider.LoadBalancerARNRef,
 		Selector:     mg.Spec.ForProvider.LoadBalancerARNSelector,

examples/elbv2/listener.yaml

@@ -37,3 +37,25 @@ spec:
     protocol: HTTP
   providerConfigRef:
     name: example
+---
+apiVersion: elbv2.aws.crossplane.io/v1alpha1
+kind: Listener
+metadata:
+  name: test-listener-https
+spec:
+  forProvider:
+    region: us-east-1
+    certificateArnRef:
+      name: dev.crossplane.io
+    defaultActions:
+      - actionType: forward
+        forwardConfig:
+          targetGroups:
+            - targetGroupArnRef:
+                name: test-targetgroup
+    loadBalancerArnRef:
+      name: test-loadbalancer
+    port: 443
+    protocol: HTTPS
+  providerConfigRef:
+    name: example

package/crds/elbv2.aws.crossplane.io_listeners.yaml

@@ -71,18 +71,33 @@ spec:
                     items:
                       type: string
                     type: array
-                  certificates:
+                  certificateArn:
                     description: '[HTTPS and TLS listeners] The default certificate
-                      for the listener. You must provide exactly one certificate.
-                      Set CertificateArn to the certificate ARN but do not set IsDefault.'
-                    items:
-                      properties:
-                        certificateARN:
+                      for the listener.'
+                    type: string
+                  certificateArnRef:
+                    description: Reference to Certificates for Certificate ARN
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  certificateArnSelector:
+                    description: Selector for references to Certificate for CertificateArn
+                    properties:
+                      matchControllerRef:
+                        description: MatchControllerRef ensures an object with the
+                          same controller reference as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
                           type: string
-                        isDefault:
-                          type: boolean
-                      type: object
-                    type: array
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                    type: object
                   defaultActions:
                     description: The actions for the default rule.
                     items:

pkg/controller/elbv2/listener/setup.go

@@ -220,6 +220,13 @@ func generateDefaultActions(cr *svcapitypes.Listener) []*svcsdk.Action { //nolin
 func preCreate(_ context.Context, cr *svcapitypes.Listener, obs *svcsdk.CreateListenerInput) error {
 	obs.DefaultActions = generateDefaultActions(cr)
 	obs.LoadBalancerArn = cr.Spec.ForProvider.LoadBalancerARN
+	if cr.Spec.ForProvider.CertificateARN != nil {
+		obs.Certificates = []*svcsdk.Certificate{
+			{
+				CertificateArn: cr.Spec.ForProvider.CertificateARN,
+			},
+		}
+	}
 	return nil
 }