From 2b7262e60e2c4b2cc3138ca9eacd0397be9c7991 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Mill=C3=A1n?= Date: Mon, 4 Nov 2024 15:29:57 +0100 Subject: [PATCH 1/4] feat(cloudfront): Add OriginalAccessControl controller MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jorge Millán This adds the missing CloudFront:OriginAccessControl type, most of the changes are autogenerated except the `originaccesscontrol/setup.go` file in the CloudFront controller. It validates additionally the specific enums for the `OriginType`, `SigningBehavior` and `SigningProtocol` as well as the length of the name of the AWS resource --- apis/cloudfront/generator-config.yaml | 1 - apis/cloudfront/v1alpha1/custom_types.go | 3 + .../v1alpha1/zz_generated.deepcopy.go | 221 +++++++++- .../v1alpha1/zz_generated.managed.go | 60 +++ .../v1alpha1/zz_generated.managedlist.go | 9 + .../v1alpha1/zz_origin_access_control.go | 96 +++++ apis/cloudfront/v1alpha1/zz_types.go | 28 +- ...ws.crossplane.io_originaccesscontrols.yaml | 332 +++++++++++++++ .../cloudfront/originaccesscontrol/setup.go | 161 ++++++++ .../originaccesscontrol/setup_test.go | 379 ++++++++++++++++++ .../originaccesscontrol/zz_controller.go | 264 ++++++++++++ .../originaccesscontrol/zz_conversions.go | 145 +++++++ pkg/controller/cloudfront/setup.go | 2 + 13 files changed, 1686 insertions(+), 15 deletions(-) create mode 100644 apis/cloudfront/v1alpha1/zz_origin_access_control.go create mode 100644 package/crds/cloudfront.aws.crossplane.io_originaccesscontrols.yaml create mode 100644 pkg/controller/cloudfront/originaccesscontrol/setup.go create mode 100644 pkg/controller/cloudfront/originaccesscontrol/setup_test.go create mode 100644 pkg/controller/cloudfront/originaccesscontrol/zz_controller.go create mode 100644 pkg/controller/cloudfront/originaccesscontrol/zz_conversions.go diff --git a/apis/cloudfront/generator-config.yaml b/apis/cloudfront/generator-config.yaml index 027d24d415..4fdd6ef2fe 100644 --- a/apis/cloudfront/generator-config.yaml +++ b/apis/cloudfront/generator-config.yaml @@ -11,7 +11,6 @@ ignore: - FieldLevelEncryptionConfig - Function - ContinuousDeploymentPolicy - - OriginAccessControl field_paths: - Origins.Quantity - Aliases.Quantity diff --git a/apis/cloudfront/v1alpha1/custom_types.go b/apis/cloudfront/v1alpha1/custom_types.go index a3339a858d..37dcaec71e 100644 --- a/apis/cloudfront/v1alpha1/custom_types.go +++ b/apis/cloudfront/v1alpha1/custom_types.go @@ -22,6 +22,9 @@ type CustomDistributionParameters struct{} // CustomCachePolicyParameters includes the custom fields of CachePolicy. type CustomCachePolicyParameters struct{} +// CustomOriginAccessControlParameters includes the custom fields of OriginAccessControl. +type CustomOriginAccessControlParameters struct{} + // CustomCloudFrontOriginAccessIdentityParameters includes the custom fields of CloudFrontOriginAccessIdentityParameters. type CustomCloudFrontOriginAccessIdentityParameters struct{} diff --git a/apis/cloudfront/v1alpha1/zz_generated.deepcopy.go b/apis/cloudfront/v1alpha1/zz_generated.deepcopy.go index cc95fce9ef..89bbc911fe 100644 --- a/apis/cloudfront/v1alpha1/zz_generated.deepcopy.go +++ b/apis/cloudfront/v1alpha1/zz_generated.deepcopy.go @@ -1255,6 +1255,21 @@ func (in *CustomHeaders) DeepCopy() *CustomHeaders { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomOriginAccessControlParameters) DeepCopyInto(out *CustomOriginAccessControlParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomOriginAccessControlParameters. +func (in *CustomOriginAccessControlParameters) DeepCopy() *CustomOriginAccessControlParameters { + if in == nil { + return nil + } + out := new(CustomOriginAccessControlParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomOriginConfig) DeepCopyInto(out *CustomOriginConfig) { *out = *in @@ -2969,11 +2984,10 @@ func (in *Origin) DeepCopy() *Origin { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OriginAccessControl) DeepCopyInto(out *OriginAccessControl) { *out = *in - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControl. @@ -2986,6 +3000,14 @@ func (in *OriginAccessControl) DeepCopy() *OriginAccessControl { return out } +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OriginAccessControl) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OriginAccessControlConfig) DeepCopyInto(out *OriginAccessControlConfig) { *out = *in @@ -2999,6 +3021,21 @@ func (in *OriginAccessControlConfig) DeepCopyInto(out *OriginAccessControlConfig *out = new(string) **out = **in } + if in.OriginAccessControlOriginType != nil { + in, out := &in.OriginAccessControlOriginType, &out.OriginAccessControlOriginType + *out = new(string) + **out = **in + } + if in.SigningBehavior != nil { + in, out := &in.SigningBehavior, &out.SigningBehavior + *out = new(string) + **out = **in + } + if in.SigningProtocol != nil { + in, out := &in.SigningProtocol, &out.SigningProtocol + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControlConfig. @@ -3013,12 +3050,55 @@ func (in *OriginAccessControlConfig) DeepCopy() *OriginAccessControlConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OriginAccessControlList) DeepCopyInto(out *OriginAccessControlList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OriginAccessControl, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControlList. +func (in *OriginAccessControlList) DeepCopy() *OriginAccessControlList { + if in == nil { + return nil + } + out := new(OriginAccessControlList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OriginAccessControlList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OriginAccessControlList_SDK) DeepCopyInto(out *OriginAccessControlList_SDK) { *out = *in if in.IsTruncated != nil { in, out := &in.IsTruncated, &out.IsTruncated *out = new(bool) **out = **in } + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]*OriginAccessControlSummary, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(OriginAccessControlSummary) + (*in).DeepCopyInto(*out) + } + } + } if in.Marker != nil { in, out := &in.Marker, &out.Marker *out = new(string) @@ -3041,12 +3121,97 @@ func (in *OriginAccessControlList) DeepCopyInto(out *OriginAccessControlList) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControlList. -func (in *OriginAccessControlList) DeepCopy() *OriginAccessControlList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControlList_SDK. +func (in *OriginAccessControlList_SDK) DeepCopy() *OriginAccessControlList_SDK { if in == nil { return nil } - out := new(OriginAccessControlList) + out := new(OriginAccessControlList_SDK) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OriginAccessControlObservation) DeepCopyInto(out *OriginAccessControlObservation) { + *out = *in + if in.ETag != nil { + in, out := &in.ETag, &out.ETag + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.OriginAccessControl != nil { + in, out := &in.OriginAccessControl, &out.OriginAccessControl + *out = new(OriginAccessControl_SDK) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControlObservation. +func (in *OriginAccessControlObservation) DeepCopy() *OriginAccessControlObservation { + if in == nil { + return nil + } + out := new(OriginAccessControlObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OriginAccessControlParameters) DeepCopyInto(out *OriginAccessControlParameters) { + *out = *in + if in.OriginAccessControlConfig != nil { + in, out := &in.OriginAccessControlConfig, &out.OriginAccessControlConfig + *out = new(OriginAccessControlConfig) + (*in).DeepCopyInto(*out) + } + out.CustomOriginAccessControlParameters = in.CustomOriginAccessControlParameters +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControlParameters. +func (in *OriginAccessControlParameters) DeepCopy() *OriginAccessControlParameters { + if in == nil { + return nil + } + out := new(OriginAccessControlParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OriginAccessControlSpec) DeepCopyInto(out *OriginAccessControlSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControlSpec. +func (in *OriginAccessControlSpec) DeepCopy() *OriginAccessControlSpec { + if in == nil { + return nil + } + out := new(OriginAccessControlSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OriginAccessControlStatus) DeepCopyInto(out *OriginAccessControlStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControlStatus. +func (in *OriginAccessControlStatus) DeepCopy() *OriginAccessControlStatus { + if in == nil { + return nil + } + out := new(OriginAccessControlStatus) in.DeepCopyInto(out) return out } @@ -3069,6 +3234,21 @@ func (in *OriginAccessControlSummary) DeepCopyInto(out *OriginAccessControlSumma *out = new(string) **out = **in } + if in.OriginAccessControlOriginType != nil { + in, out := &in.OriginAccessControlOriginType, &out.OriginAccessControlOriginType + *out = new(string) + **out = **in + } + if in.SigningBehavior != nil { + in, out := &in.SigningBehavior, &out.SigningBehavior + *out = new(string) + **out = **in + } + if in.SigningProtocol != nil { + in, out := &in.SigningProtocol, &out.SigningProtocol + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControlSummary. @@ -3081,6 +3261,31 @@ func (in *OriginAccessControlSummary) DeepCopy() *OriginAccessControlSummary { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OriginAccessControl_SDK) DeepCopyInto(out *OriginAccessControl_SDK) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.OriginAccessControlConfig != nil { + in, out := &in.OriginAccessControlConfig, &out.OriginAccessControlConfig + *out = new(OriginAccessControlConfig) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAccessControl_SDK. +func (in *OriginAccessControl_SDK) DeepCopy() *OriginAccessControl_SDK { + if in == nil { + return nil + } + out := new(OriginAccessControl_SDK) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OriginAccessIdentity) DeepCopyInto(out *OriginAccessIdentity) { *out = *in diff --git a/apis/cloudfront/v1alpha1/zz_generated.managed.go b/apis/cloudfront/v1alpha1/zz_generated.managed.go index 7b5b73845c..2c3cea6137 100644 --- a/apis/cloudfront/v1alpha1/zz_generated.managed.go +++ b/apis/cloudfront/v1alpha1/zz_generated.managed.go @@ -200,6 +200,66 @@ func (mg *Distribution) SetWriteConnectionSecretToReference(r *xpv1.SecretRefere mg.Spec.WriteConnectionSecretToReference = r } +// GetCondition of this OriginAccessControl. +func (mg *OriginAccessControl) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this OriginAccessControl. +func (mg *OriginAccessControl) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this OriginAccessControl. +func (mg *OriginAccessControl) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this OriginAccessControl. +func (mg *OriginAccessControl) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this OriginAccessControl. +func (mg *OriginAccessControl) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this OriginAccessControl. +func (mg *OriginAccessControl) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this OriginAccessControl. +func (mg *OriginAccessControl) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this OriginAccessControl. +func (mg *OriginAccessControl) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this OriginAccessControl. +func (mg *OriginAccessControl) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this OriginAccessControl. +func (mg *OriginAccessControl) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this OriginAccessControl. +func (mg *OriginAccessControl) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this OriginAccessControl. +func (mg *OriginAccessControl) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this ResponseHeadersPolicy. func (mg *ResponseHeadersPolicy) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/cloudfront/v1alpha1/zz_generated.managedlist.go b/apis/cloudfront/v1alpha1/zz_generated.managedlist.go index 24305d8263..9220c06c36 100644 --- a/apis/cloudfront/v1alpha1/zz_generated.managedlist.go +++ b/apis/cloudfront/v1alpha1/zz_generated.managedlist.go @@ -47,6 +47,15 @@ func (l *DistributionList) GetItems() []resource.Managed { return items } +// GetItems of this OriginAccessControlList. +func (l *OriginAccessControlList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this ResponseHeadersPolicyList. func (l *ResponseHeadersPolicyList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) diff --git a/apis/cloudfront/v1alpha1/zz_origin_access_control.go b/apis/cloudfront/v1alpha1/zz_origin_access_control.go new file mode 100644 index 0000000000..97267a3329 --- /dev/null +++ b/apis/cloudfront/v1alpha1/zz_origin_access_control.go @@ -0,0 +1,96 @@ +/* +Copyright 2021 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by ack-generate. DO NOT EDIT. + +package v1alpha1 + +import ( + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// OriginAccessControlParameters defines the desired state of OriginAccessControl +type OriginAccessControlParameters struct { + // Region is which region the OriginAccessControl will be created. + // +kubebuilder:validation:Required + Region string `json:"region"` + // Contains the origin access control. + // +kubebuilder:validation:Required + OriginAccessControlConfig *OriginAccessControlConfig `json:"originAccessControlConfig"` + CustomOriginAccessControlParameters `json:",inline"` +} + +// OriginAccessControlSpec defines the desired state of OriginAccessControl +type OriginAccessControlSpec struct { + xpv1.ResourceSpec `json:",inline"` + ForProvider OriginAccessControlParameters `json:"forProvider"` +} + +// OriginAccessControlObservation defines the observed state of OriginAccessControl +type OriginAccessControlObservation struct { + // The version identifier for the current version of the origin access control. + ETag *string `json:"eTag,omitempty"` + // The URL of the origin access control. + Location *string `json:"location,omitempty"` + // Contains an origin access control. + OriginAccessControl *OriginAccessControl_SDK `json:"originAccessControl,omitempty"` +} + +// OriginAccessControlStatus defines the observed state of OriginAccessControl. +type OriginAccessControlStatus struct { + xpv1.ResourceStatus `json:",inline"` + AtProvider OriginAccessControlObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// OriginAccessControl is the Schema for the OriginAccessControls API +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:storageversion +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type OriginAccessControl struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec OriginAccessControlSpec `json:"spec"` + Status OriginAccessControlStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// OriginAccessControlList contains a list of OriginAccessControls +type OriginAccessControlList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []OriginAccessControl `json:"items"` +} + +// Repository type metadata. +var ( + OriginAccessControlKind = "OriginAccessControl" + OriginAccessControlGroupKind = schema.GroupKind{Group: CRDGroup, Kind: OriginAccessControlKind}.String() + OriginAccessControlKindAPIVersion = OriginAccessControlKind + "." + GroupVersion.String() + OriginAccessControlGroupVersionKind = GroupVersion.WithKind(OriginAccessControlKind) +) + +func init() { + SchemeBuilder.Register(&OriginAccessControl{}, &OriginAccessControlList{}) +} diff --git a/apis/cloudfront/v1alpha1/zz_types.go b/apis/cloudfront/v1alpha1/zz_types.go index f66a0a5c41..2fb1e69a95 100644 --- a/apis/cloudfront/v1alpha1/zz_types.go +++ b/apis/cloudfront/v1alpha1/zz_types.go @@ -1032,22 +1032,25 @@ type Origin struct { S3OriginConfig *S3OriginConfig `json:"s3OriginConfig,omitempty"` } -// +kubebuilder:skipversion -type OriginAccessControl struct { - ID *string `json:"id,omitempty"` -} - // +kubebuilder:skipversion type OriginAccessControlConfig struct { Description *string `json:"description,omitempty"` Name *string `json:"name,omitempty"` + + OriginAccessControlOriginType *string `json:"originAccessControlOriginType,omitempty"` + + SigningBehavior *string `json:"signingBehavior,omitempty"` + + SigningProtocol *string `json:"signingProtocol,omitempty"` } // +kubebuilder:skipversion -type OriginAccessControlList struct { +type OriginAccessControlList_SDK struct { IsTruncated *bool `json:"isTruncated,omitempty"` + Items []*OriginAccessControlSummary `json:"items,omitempty"` + Marker *string `json:"marker,omitempty"` MaxItems *int64 `json:"maxItems,omitempty"` @@ -1064,6 +1067,19 @@ type OriginAccessControlSummary struct { ID *string `json:"id,omitempty"` Name *string `json:"name,omitempty"` + + OriginAccessControlOriginType *string `json:"originAccessControlOriginType,omitempty"` + + SigningBehavior *string `json:"signingBehavior,omitempty"` + + SigningProtocol *string `json:"signingProtocol,omitempty"` +} + +// +kubebuilder:skipversion +type OriginAccessControl_SDK struct { + ID *string `json:"id,omitempty"` + // A CloudFront origin access control configuration. + OriginAccessControlConfig *OriginAccessControlConfig `json:"originAccessControlConfig,omitempty"` } // +kubebuilder:skipversion diff --git a/package/crds/cloudfront.aws.crossplane.io_originaccesscontrols.yaml b/package/crds/cloudfront.aws.crossplane.io_originaccesscontrols.yaml new file mode 100644 index 0000000000..a7c5f5fc59 --- /dev/null +++ b/package/crds/cloudfront.aws.crossplane.io_originaccesscontrols.yaml @@ -0,0 +1,332 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: originaccesscontrols.cloudfront.aws.crossplane.io +spec: + group: cloudfront.aws.crossplane.io + names: + categories: + - crossplane + - managed + - aws + kind: OriginAccessControl + listKind: OriginAccessControlList + plural: originaccesscontrols + singular: originaccesscontrol + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: OriginAccessControl is the Schema for the OriginAccessControls + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OriginAccessControlSpec defines the desired state of OriginAccessControl + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + description: OriginAccessControlParameters defines the desired state + of OriginAccessControl + properties: + originAccessControlConfig: + description: Contains the origin access control. + properties: + description: + type: string + name: + type: string + originAccessControlOriginType: + type: string + signingBehavior: + type: string + signingProtocol: + type: string + type: object + region: + description: Region is which region the OriginAccessControl will + be created. + type: string + required: + - originAccessControlConfig + - region + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: OriginAccessControlStatus defines the observed state of OriginAccessControl. + properties: + atProvider: + description: OriginAccessControlObservation defines the observed state + of OriginAccessControl + properties: + eTag: + description: The version identifier for the current version of + the origin access control. + type: string + location: + description: The URL of the origin access control. + type: string + originAccessControl: + description: Contains an origin access control. + properties: + id: + type: string + originAccessControlConfig: + description: A CloudFront origin access control configuration. + properties: + description: + type: string + name: + type: string + originAccessControlOriginType: + type: string + signingBehavior: + type: string + signingProtocol: + type: string + type: object + type: object + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/controller/cloudfront/originaccesscontrol/setup.go b/pkg/controller/cloudfront/originaccesscontrol/setup.go new file mode 100644 index 0000000000..2060aa1454 --- /dev/null +++ b/pkg/controller/cloudfront/originaccesscontrol/setup.go @@ -0,0 +1,161 @@ +package originaccesscontrol + +import ( + "context" + "slices" + + svcapitypes "github.com/crossplane-contrib/provider-aws/apis/cloudfront/v1alpha1" + "github.com/crossplane-contrib/provider-aws/apis/v1alpha1" + cloudfront "github.com/crossplane-contrib/provider-aws/pkg/controller/cloudfront/utils" + "github.com/crossplane-contrib/provider-aws/pkg/features" + "github.com/crossplane-contrib/provider-aws/pkg/utils/pointer" + custommanaged "github.com/crossplane-contrib/provider-aws/pkg/utils/reconciler/managed" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/errors" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/meta" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + "github.com/crossplane/crossplane-runtime/pkg/resource" + + svcsdk "github.com/aws/aws-sdk-go/service/cloudfront" + ctrl "sigs.k8s.io/controller-runtime" +) + +var ( + OriginAccessControlOriginTypes = []string{"s3", "mediastore", "lambda", "mediapackagev2"} + OriginAccessControlSigningBehavior = []string{"never", "no-override", "always"} + OriginAccessControlSigningProtocol = []string{"sigv4"} +) + +func SetupOriginAccessControl(mgr ctrl.Manager, o controller.Options) error { + _ = custommanaged.NewRetryingCriticalAnnotationUpdater + name := managed.ControllerName(svcapitypes.OriginAccessControlKind) + + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.Features.Enabled(features.EnableAlphaExternalSecretStores) { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), v1alpha1.StoreConfigGroupVersionKind)) + } + + reconcilerOpts := []managed.ReconcilerOption{ + managed.WithCriticalAnnotationUpdater(custommanaged.NewRetryingCriticalAnnotationUpdater(mgr.GetClient())), + managed.WithExternalConnecter(&connector{ + kube: mgr.GetClient(), + opts: []option{ + func(e *external) { + e.preCreate = preCreate + e.postCreate = postCreate + e.preObserve = preObserve + e.postObserve = postObserve + e.isUpToDate = isUpToDate + e.preUpdate = preUpdate + e.lateInitialize = lateInitialize + e.postUpdate = postUpdate + e.preDelete = preDelete + }, + }, + }), + managed.WithPollInterval(o.PollInterval), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithConnectionPublishers(cps...), + } + + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + reconcilerOpts = append(reconcilerOpts, managed.WithManagementPolicies()) + } + + r := managed.NewReconciler(mgr, + resource.ManagedKind(svcapitypes.OriginAccessControlGroupVersionKind), + reconcilerOpts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(resource.DesiredStateChanged()). + For(&svcapitypes.OriginAccessControl{}). + Complete(r) +} + +func validateOriginAccessControl(cr *svcapitypes.OriginAccessControl) error { + if !slices.Contains(OriginAccessControlOriginTypes, pointer.StringValue(cr.Spec.ForProvider.OriginAccessControlConfig.OriginAccessControlOriginType)) { + return errors.New("originAccessControlOriginType invalid") + } + + if !slices.Contains(OriginAccessControlSigningBehavior, pointer.StringValue(cr.Spec.ForProvider.OriginAccessControlConfig.SigningBehavior)) { + return errors.New("signingBehavior invalid") + } + + if !slices.Contains(OriginAccessControlSigningProtocol, pointer.StringValue(cr.Spec.ForProvider.OriginAccessControlConfig.SigningProtocol)) { + return errors.New("signingProtocol invalid") + } + + if len(pointer.StringValue(cr.Spec.ForProvider.OriginAccessControlConfig.Name)) > 64 { + return errors.New("name is more than 64 characters") + } + + return nil +} + +func preCreate(_ context.Context, cr *svcapitypes.OriginAccessControl, coaci *svcsdk.CreateOriginAccessControlInput) error { + return validateOriginAccessControl(cr) +} + +func postCreate(_ context.Context, cr *svcapitypes.OriginAccessControl, coaco *svcsdk.CreateOriginAccessControlOutput, ec managed.ExternalCreation, err error) (managed.ExternalCreation, error) { + if err != nil { + return managed.ExternalCreation{}, err + } + + meta.SetExternalName(cr, pointer.StringValue(coaco.OriginAccessControl.Id)) + return ec, nil +} + +func preObserve(_ context.Context, cr *svcapitypes.OriginAccessControl, goaci *svcsdk.GetOriginAccessControlInput) error { + goaci.Id = pointer.ToOrNilIfZeroValue(meta.GetExternalName(cr)) + return nil +} + +func postObserve(_ context.Context, cr *svcapitypes.OriginAccessControl, goaco *svcsdk.GetOriginAccessControlOutput, eo managed.ExternalObservation, err error) (managed.ExternalObservation, error) { + if err != nil { + return managed.ExternalObservation{}, err + } + + cr.SetConditions(xpv1.Unavailable()) + if pointer.StringValue(goaco.OriginAccessControl.Id) != "" { + cr.SetConditions(xpv1.Available()) + } + return eo, nil +} + +func isUpToDate(_ context.Context, cr *svcapitypes.OriginAccessControl, goaco *svcsdk.GetOriginAccessControlOutput) (bool, string, error) { + return cloudfront.IsUpToDate(goaco.OriginAccessControl.OriginAccessControlConfig, cr.Spec.ForProvider.OriginAccessControlConfig) +} + +func preUpdate(_ context.Context, cr *svcapitypes.OriginAccessControl, uoaci *svcsdk.UpdateOriginAccessControlInput) error { + uoaci.Id = pointer.ToOrNilIfZeroValue(meta.GetExternalName(cr)) + uoaci.SetIfMatch(pointer.StringValue(cr.Status.AtProvider.ETag)) + return validateOriginAccessControl(cr) +} + +func postUpdate(_ context.Context, cr *svcapitypes.OriginAccessControl, goaco *svcsdk.UpdateOriginAccessControlOutput, upd managed.ExternalUpdate, err error) (managed.ExternalUpdate, error) { + if err != nil { + return managed.ExternalUpdate{}, err + } + // We need etag of update operation for the next operations. + cr.Status.AtProvider.ETag = goaco.ETag + return upd, nil +} + +func lateInitialize(in *svcapitypes.OriginAccessControlParameters, goaco *svcsdk.GetOriginAccessControlOutput) error { + _, err := cloudfront.LateInitializeFromResponse("", + in.OriginAccessControlConfig, goaco.OriginAccessControl.OriginAccessControlConfig) + return err +} + +func preDelete(_ context.Context, cp *svcapitypes.OriginAccessControl, doaci *svcsdk.DeleteOriginAccessControlInput) (bool, error) { + doaci.Id = pointer.ToOrNilIfZeroValue(meta.GetExternalName(cp)) + doaci.SetIfMatch(pointer.StringValue(cp.Status.AtProvider.ETag)) + return false, nil +} diff --git a/pkg/controller/cloudfront/originaccesscontrol/setup_test.go b/pkg/controller/cloudfront/originaccesscontrol/setup_test.go new file mode 100644 index 0000000000..54924707fe --- /dev/null +++ b/pkg/controller/cloudfront/originaccesscontrol/setup_test.go @@ -0,0 +1,379 @@ +/* +Copyright 2024 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package originaccesscontrol + +import ( + "context" + "testing" + + svcapitypes "github.com/crossplane-contrib/provider-aws/apis/cloudfront/v1alpha1" + + "github.com/crossplane/crossplane-runtime/pkg/errors" + "github.com/crossplane/crossplane-runtime/pkg/meta" + "github.com/crossplane/crossplane-runtime/pkg/test" + + svcsdk "github.com/aws/aws-sdk-go/service/cloudfront" + "github.com/google/go-cmp/cmp" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type upToDateArgs struct { + originAccessControl *svcapitypes.OriginAccessControl + getOACOutput *svcsdk.GetOriginAccessControlOutput +} + +type preCreateArgs struct { + originAccessControl *svcapitypes.OriginAccessControl + createOACInput *svcsdk.CreateOriginAccessControlInput +} + +func TestIsUpToDate(t *testing.T) { + region := "eu-central-2" + + resourceName := "oac-test" + externalResource := "E0AA0AA0AA00AA" + id := "EIDA0AA0AA00AA" + + claimName := "oac-claim-name" + + description := "Origin Access Control" + newDescription := "New Description" + + originType := "s3" + signingBehavior := "always" + signingProtocol := "sigv4" + + type want struct { + result bool + err error + } + cases := map[string]struct { + upToDateArgs + want + }{ + "NothingChanged": { + upToDateArgs: upToDateArgs{ + originAccessControl: &svcapitypes.OriginAccessControl{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Annotations: map[string]string{ + meta.AnnotationKeyExternalName: externalResource, + }, + }, + Spec: svcapitypes.OriginAccessControlSpec{ + ForProvider: svcapitypes.OriginAccessControlParameters{ + Region: region, + OriginAccessControlConfig: &svcapitypes.OriginAccessControlConfig{ + Description: &description, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + }, + getOACOutput: &svcsdk.GetOriginAccessControlOutput{ + OriginAccessControl: &svcsdk.OriginAccessControl{ + Id: &id, + OriginAccessControlConfig: &svcsdk.OriginAccessControlConfig{ + Description: &newDescription, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + }, + want: want{ + result: false, + err: nil, + }, + }, + "SomethingChanged": { + upToDateArgs: upToDateArgs{ + originAccessControl: &svcapitypes.OriginAccessControl{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Annotations: map[string]string{ + meta.AnnotationKeyExternalName: externalResource, + }, + }, + Spec: svcapitypes.OriginAccessControlSpec{ + ForProvider: svcapitypes.OriginAccessControlParameters{ + Region: region, + OriginAccessControlConfig: &svcapitypes.OriginAccessControlConfig{ + Description: &description, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + }, + getOACOutput: &svcsdk.GetOriginAccessControlOutput{ + OriginAccessControl: &svcsdk.OriginAccessControl{ + Id: &id, + OriginAccessControlConfig: &svcsdk.OriginAccessControlConfig{ + Description: &description, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + }, + want: want{ + result: true, + err: nil, + }, + }, + } + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + result, _, _ := isUpToDate(context.TODO(), tc.upToDateArgs.originAccessControl, tc.upToDateArgs.getOACOutput) + if diff := cmp.Diff(tc.want.result, result); diff != "" { + t.Errorf("r: -want, +got:\n%s", diff) + } + }) + } +} + +func TestPreCreate(t *testing.T) { + region := "eu-central-2" + + resourceName := "oac-test" + externalResource := "E0AA0AA0AA00AA" + + claimName := "oac-claim-name" + longerClaimName := "originaccesscontrol-claim-name-which-exceeds-the-64-char-number-by-some-number" + + description := "Origin Access Control" + + originType := "s3" + wrongOriginType := "wrong-type" + signingBehavior := "always" + wrongSigningBehaviour := "wrong-param" + signingProtocol := "sigv4" + wrongSigningProtocol := "wrong-protocol" + + type want struct { + result bool + err error + } + cases := map[string]struct { + preCreateArgs + want + }{ + "GoodParams": { + preCreateArgs: preCreateArgs{ + originAccessControl: &svcapitypes.OriginAccessControl{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Annotations: map[string]string{ + meta.AnnotationKeyExternalName: externalResource, + }, + }, + Spec: svcapitypes.OriginAccessControlSpec{ + ForProvider: svcapitypes.OriginAccessControlParameters{ + Region: region, + OriginAccessControlConfig: &svcapitypes.OriginAccessControlConfig{ + Description: &description, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + }, + createOACInput: &svcsdk.CreateOriginAccessControlInput{ + OriginAccessControlConfig: &svcsdk.OriginAccessControlConfig{ + Description: &description, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + want: want{ + result: false, + err: nil, + }, + }, + "WrongOriginType": { + preCreateArgs: preCreateArgs{ + originAccessControl: &svcapitypes.OriginAccessControl{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Annotations: map[string]string{ + meta.AnnotationKeyExternalName: externalResource, + }, + }, + Spec: svcapitypes.OriginAccessControlSpec{ + ForProvider: svcapitypes.OriginAccessControlParameters{ + Region: region, + OriginAccessControlConfig: &svcapitypes.OriginAccessControlConfig{ + Description: &claimName, + Name: &claimName, + OriginAccessControlOriginType: &wrongOriginType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + }, + createOACInput: &svcsdk.CreateOriginAccessControlInput{ + OriginAccessControlConfig: &svcsdk.OriginAccessControlConfig{ + Description: &description, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + want: want{ + result: false, + err: errors.New("originAccessControlOriginType invalid"), + }, + }, + "LongerName": { + preCreateArgs: preCreateArgs{ + originAccessControl: &svcapitypes.OriginAccessControl{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Annotations: map[string]string{ + meta.AnnotationKeyExternalName: externalResource, + }, + }, + Spec: svcapitypes.OriginAccessControlSpec{ + ForProvider: svcapitypes.OriginAccessControlParameters{ + Region: region, + OriginAccessControlConfig: &svcapitypes.OriginAccessControlConfig{ + Description: &description, + Name: &longerClaimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + }, + createOACInput: &svcsdk.CreateOriginAccessControlInput{ + OriginAccessControlConfig: &svcsdk.OriginAccessControlConfig{ + Description: &description, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + want: want{ + result: false, + err: errors.New("name is more than 64 characters"), + }, + }, + "WrongSigningBehaviour": { + preCreateArgs: preCreateArgs{ + originAccessControl: &svcapitypes.OriginAccessControl{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Annotations: map[string]string{ + meta.AnnotationKeyExternalName: externalResource, + }, + }, + Spec: svcapitypes.OriginAccessControlSpec{ + ForProvider: svcapitypes.OriginAccessControlParameters{ + Region: region, + OriginAccessControlConfig: &svcapitypes.OriginAccessControlConfig{ + Description: &claimName, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &wrongSigningBehaviour, + SigningProtocol: &signingProtocol, + }, + }, + }, + }, + createOACInput: &svcsdk.CreateOriginAccessControlInput{ + OriginAccessControlConfig: &svcsdk.OriginAccessControlConfig{ + Description: &description, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + want: want{ + result: false, + err: errors.New("signingBehavior invalid"), + }, + }, + "WrongSigningProtocol": { + preCreateArgs: preCreateArgs{ + originAccessControl: &svcapitypes.OriginAccessControl{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Annotations: map[string]string{ + meta.AnnotationKeyExternalName: externalResource, + }, + }, + Spec: svcapitypes.OriginAccessControlSpec{ + ForProvider: svcapitypes.OriginAccessControlParameters{ + Region: region, + OriginAccessControlConfig: &svcapitypes.OriginAccessControlConfig{ + Description: &claimName, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &wrongSigningProtocol, + }, + }, + }, + }, + createOACInput: &svcsdk.CreateOriginAccessControlInput{ + OriginAccessControlConfig: &svcsdk.OriginAccessControlConfig{ + Description: &description, + Name: &claimName, + OriginAccessControlOriginType: &originType, + SigningBehavior: &signingBehavior, + SigningProtocol: &signingProtocol, + }, + }, + }, + want: want{ + result: false, + err: errors.New("signingProtocol invalid"), + }, + }, + } + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + err := preCreate(context.TODO(), tc.preCreateArgs.originAccessControl, tc.preCreateArgs.createOACInput) + if diff := cmp.Diff(tc.want.err, err, test.EquateErrors()); diff != "" { + t.Errorf("r: -want, +got:\n%s", diff) + } + }) + } +} diff --git a/pkg/controller/cloudfront/originaccesscontrol/zz_controller.go b/pkg/controller/cloudfront/originaccesscontrol/zz_controller.go new file mode 100644 index 0000000000..9c601a868f --- /dev/null +++ b/pkg/controller/cloudfront/originaccesscontrol/zz_controller.go @@ -0,0 +1,264 @@ +/* +Copyright 2021 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by ack-generate. DO NOT EDIT. + +package originaccesscontrol + +import ( + "context" + + svcapi "github.com/aws/aws-sdk-go/service/cloudfront" + svcsdk "github.com/aws/aws-sdk-go/service/cloudfront" + svcsdkapi "github.com/aws/aws-sdk-go/service/cloudfront/cloudfrontiface" + "github.com/google/go-cmp/cmp" + "github.com/pkg/errors" + "sigs.k8s.io/controller-runtime/pkg/client" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/meta" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + cpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + + svcapitypes "github.com/crossplane-contrib/provider-aws/apis/cloudfront/v1alpha1" + connectaws "github.com/crossplane-contrib/provider-aws/pkg/utils/connect/aws" + errorutils "github.com/crossplane-contrib/provider-aws/pkg/utils/errors" +) + +const ( + errUnexpectedObject = "managed resource is not an OriginAccessControl resource" + + errCreateSession = "cannot create a new session" + errCreate = "cannot create OriginAccessControl in AWS" + errUpdate = "cannot update OriginAccessControl in AWS" + errDescribe = "failed to describe OriginAccessControl" + errDelete = "failed to delete OriginAccessControl" +) + +type connector struct { + kube client.Client + opts []option +} + +func (c *connector) Connect(ctx context.Context, mg cpresource.Managed) (managed.ExternalClient, error) { + cr, ok := mg.(*svcapitypes.OriginAccessControl) + if !ok { + return nil, errors.New(errUnexpectedObject) + } + sess, err := connectaws.GetConfigV1(ctx, c.kube, mg, cr.Spec.ForProvider.Region) + if err != nil { + return nil, errors.Wrap(err, errCreateSession) + } + return newExternal(c.kube, svcapi.New(sess), c.opts), nil +} + +func (e *external) Observe(ctx context.Context, mg cpresource.Managed) (managed.ExternalObservation, error) { + cr, ok := mg.(*svcapitypes.OriginAccessControl) + if !ok { + return managed.ExternalObservation{}, errors.New(errUnexpectedObject) + } + if meta.GetExternalName(cr) == "" { + return managed.ExternalObservation{ + ResourceExists: false, + }, nil + } + input := GenerateGetOriginAccessControlInput(cr) + if err := e.preObserve(ctx, cr, input); err != nil { + return managed.ExternalObservation{}, errors.Wrap(err, "pre-observe failed") + } + resp, err := e.client.GetOriginAccessControlWithContext(ctx, input) + if err != nil { + return managed.ExternalObservation{ResourceExists: false}, errorutils.Wrap(cpresource.Ignore(IsNotFound, err), errDescribe) + } + currentSpec := cr.Spec.ForProvider.DeepCopy() + if err := e.lateInitialize(&cr.Spec.ForProvider, resp); err != nil { + return managed.ExternalObservation{}, errors.Wrap(err, "late-init failed") + } + GenerateOriginAccessControl(resp).Status.AtProvider.DeepCopyInto(&cr.Status.AtProvider) + upToDate := true + diff := "" + if !meta.WasDeleted(cr) { // There is no need to run isUpToDate if the resource is deleted + upToDate, diff, err = e.isUpToDate(ctx, cr, resp) + if err != nil { + return managed.ExternalObservation{}, errors.Wrap(err, "isUpToDate check failed") + } + } + return e.postObserve(ctx, cr, resp, managed.ExternalObservation{ + ResourceExists: true, + ResourceUpToDate: upToDate, + Diff: diff, + ResourceLateInitialized: !cmp.Equal(&cr.Spec.ForProvider, currentSpec), + }, nil) +} + +func (e *external) Create(ctx context.Context, mg cpresource.Managed) (managed.ExternalCreation, error) { + cr, ok := mg.(*svcapitypes.OriginAccessControl) + if !ok { + return managed.ExternalCreation{}, errors.New(errUnexpectedObject) + } + cr.Status.SetConditions(xpv1.Creating()) + input := GenerateCreateOriginAccessControlInput(cr) + if err := e.preCreate(ctx, cr, input); err != nil { + return managed.ExternalCreation{}, errors.Wrap(err, "pre-create failed") + } + resp, err := e.client.CreateOriginAccessControlWithContext(ctx, input) + if err != nil { + return managed.ExternalCreation{}, errorutils.Wrap(err, errCreate) + } + + if resp.ETag != nil { + cr.Status.AtProvider.ETag = resp.ETag + } else { + cr.Status.AtProvider.ETag = nil + } + if resp.Location != nil { + cr.Status.AtProvider.Location = resp.Location + } else { + cr.Status.AtProvider.Location = nil + } + if resp.OriginAccessControl != nil { + f2 := &svcapitypes.OriginAccessControl_SDK{} + if resp.OriginAccessControl.Id != nil { + f2.ID = resp.OriginAccessControl.Id + } + if resp.OriginAccessControl.OriginAccessControlConfig != nil { + f2f1 := &svcapitypes.OriginAccessControlConfig{} + if resp.OriginAccessControl.OriginAccessControlConfig.Description != nil { + f2f1.Description = resp.OriginAccessControl.OriginAccessControlConfig.Description + } + if resp.OriginAccessControl.OriginAccessControlConfig.Name != nil { + f2f1.Name = resp.OriginAccessControl.OriginAccessControlConfig.Name + } + if resp.OriginAccessControl.OriginAccessControlConfig.OriginAccessControlOriginType != nil { + f2f1.OriginAccessControlOriginType = resp.OriginAccessControl.OriginAccessControlConfig.OriginAccessControlOriginType + } + if resp.OriginAccessControl.OriginAccessControlConfig.SigningBehavior != nil { + f2f1.SigningBehavior = resp.OriginAccessControl.OriginAccessControlConfig.SigningBehavior + } + if resp.OriginAccessControl.OriginAccessControlConfig.SigningProtocol != nil { + f2f1.SigningProtocol = resp.OriginAccessControl.OriginAccessControlConfig.SigningProtocol + } + f2.OriginAccessControlConfig = f2f1 + } + cr.Status.AtProvider.OriginAccessControl = f2 + } else { + cr.Status.AtProvider.OriginAccessControl = nil + } + + return e.postCreate(ctx, cr, resp, managed.ExternalCreation{}, err) +} + +func (e *external) Update(ctx context.Context, mg cpresource.Managed) (managed.ExternalUpdate, error) { + cr, ok := mg.(*svcapitypes.OriginAccessControl) + if !ok { + return managed.ExternalUpdate{}, errors.New(errUnexpectedObject) + } + input := GenerateUpdateOriginAccessControlInput(cr) + if err := e.preUpdate(ctx, cr, input); err != nil { + return managed.ExternalUpdate{}, errors.Wrap(err, "pre-update failed") + } + resp, err := e.client.UpdateOriginAccessControlWithContext(ctx, input) + return e.postUpdate(ctx, cr, resp, managed.ExternalUpdate{}, errorutils.Wrap(err, errUpdate)) +} + +func (e *external) Delete(ctx context.Context, mg cpresource.Managed) error { + cr, ok := mg.(*svcapitypes.OriginAccessControl) + if !ok { + return errors.New(errUnexpectedObject) + } + cr.Status.SetConditions(xpv1.Deleting()) + input := GenerateDeleteOriginAccessControlInput(cr) + ignore, err := e.preDelete(ctx, cr, input) + if err != nil { + return errors.Wrap(err, "pre-delete failed") + } + if ignore { + return nil + } + resp, err := e.client.DeleteOriginAccessControlWithContext(ctx, input) + return e.postDelete(ctx, cr, resp, errorutils.Wrap(cpresource.Ignore(IsNotFound, err), errDelete)) +} + +type option func(*external) + +func newExternal(kube client.Client, client svcsdkapi.CloudFrontAPI, opts []option) *external { + e := &external{ + kube: kube, + client: client, + preObserve: nopPreObserve, + postObserve: nopPostObserve, + lateInitialize: nopLateInitialize, + isUpToDate: alwaysUpToDate, + preCreate: nopPreCreate, + postCreate: nopPostCreate, + preDelete: nopPreDelete, + postDelete: nopPostDelete, + preUpdate: nopPreUpdate, + postUpdate: nopPostUpdate, + } + for _, f := range opts { + f(e) + } + return e +} + +type external struct { + kube client.Client + client svcsdkapi.CloudFrontAPI + preObserve func(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.GetOriginAccessControlInput) error + postObserve func(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.GetOriginAccessControlOutput, managed.ExternalObservation, error) (managed.ExternalObservation, error) + lateInitialize func(*svcapitypes.OriginAccessControlParameters, *svcsdk.GetOriginAccessControlOutput) error + isUpToDate func(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.GetOriginAccessControlOutput) (bool, string, error) + preCreate func(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.CreateOriginAccessControlInput) error + postCreate func(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.CreateOriginAccessControlOutput, managed.ExternalCreation, error) (managed.ExternalCreation, error) + preDelete func(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.DeleteOriginAccessControlInput) (bool, error) + postDelete func(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.DeleteOriginAccessControlOutput, error) error + preUpdate func(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.UpdateOriginAccessControlInput) error + postUpdate func(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.UpdateOriginAccessControlOutput, managed.ExternalUpdate, error) (managed.ExternalUpdate, error) +} + +func nopPreObserve(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.GetOriginAccessControlInput) error { + return nil +} + +func nopPostObserve(_ context.Context, _ *svcapitypes.OriginAccessControl, _ *svcsdk.GetOriginAccessControlOutput, obs managed.ExternalObservation, err error) (managed.ExternalObservation, error) { + return obs, err +} +func nopLateInitialize(*svcapitypes.OriginAccessControlParameters, *svcsdk.GetOriginAccessControlOutput) error { + return nil +} +func alwaysUpToDate(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.GetOriginAccessControlOutput) (bool, string, error) { + return true, "", nil +} + +func nopPreCreate(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.CreateOriginAccessControlInput) error { + return nil +} +func nopPostCreate(_ context.Context, _ *svcapitypes.OriginAccessControl, _ *svcsdk.CreateOriginAccessControlOutput, cre managed.ExternalCreation, err error) (managed.ExternalCreation, error) { + return cre, err +} +func nopPreDelete(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.DeleteOriginAccessControlInput) (bool, error) { + return false, nil +} +func nopPostDelete(_ context.Context, _ *svcapitypes.OriginAccessControl, _ *svcsdk.DeleteOriginAccessControlOutput, err error) error { + return err +} +func nopPreUpdate(context.Context, *svcapitypes.OriginAccessControl, *svcsdk.UpdateOriginAccessControlInput) error { + return nil +} +func nopPostUpdate(_ context.Context, _ *svcapitypes.OriginAccessControl, _ *svcsdk.UpdateOriginAccessControlOutput, upd managed.ExternalUpdate, err error) (managed.ExternalUpdate, error) { + return upd, err +} diff --git a/pkg/controller/cloudfront/originaccesscontrol/zz_conversions.go b/pkg/controller/cloudfront/originaccesscontrol/zz_conversions.go new file mode 100644 index 0000000000..5ec13dafdf --- /dev/null +++ b/pkg/controller/cloudfront/originaccesscontrol/zz_conversions.go @@ -0,0 +1,145 @@ +/* +Copyright 2021 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by ack-generate. DO NOT EDIT. + +package originaccesscontrol + +import ( + "github.com/aws/aws-sdk-go/aws/awserr" + svcsdk "github.com/aws/aws-sdk-go/service/cloudfront" + + svcapitypes "github.com/crossplane-contrib/provider-aws/apis/cloudfront/v1alpha1" +) + +// NOTE(muvaf): We return pointers in case the function needs to start with an +// empty object, hence need to return a new pointer. + +// GenerateGetOriginAccessControlInput returns input for read +// operation. +func GenerateGetOriginAccessControlInput(cr *svcapitypes.OriginAccessControl) *svcsdk.GetOriginAccessControlInput { + res := &svcsdk.GetOriginAccessControlInput{} + + return res +} + +// GenerateOriginAccessControl returns the current state in the form of *svcapitypes.OriginAccessControl. +func GenerateOriginAccessControl(resp *svcsdk.GetOriginAccessControlOutput) *svcapitypes.OriginAccessControl { + cr := &svcapitypes.OriginAccessControl{} + + if resp.ETag != nil { + cr.Status.AtProvider.ETag = resp.ETag + } else { + cr.Status.AtProvider.ETag = nil + } + if resp.OriginAccessControl != nil { + f1 := &svcapitypes.OriginAccessControl_SDK{} + if resp.OriginAccessControl.Id != nil { + f1.ID = resp.OriginAccessControl.Id + } + if resp.OriginAccessControl.OriginAccessControlConfig != nil { + f1f1 := &svcapitypes.OriginAccessControlConfig{} + if resp.OriginAccessControl.OriginAccessControlConfig.Description != nil { + f1f1.Description = resp.OriginAccessControl.OriginAccessControlConfig.Description + } + if resp.OriginAccessControl.OriginAccessControlConfig.Name != nil { + f1f1.Name = resp.OriginAccessControl.OriginAccessControlConfig.Name + } + if resp.OriginAccessControl.OriginAccessControlConfig.OriginAccessControlOriginType != nil { + f1f1.OriginAccessControlOriginType = resp.OriginAccessControl.OriginAccessControlConfig.OriginAccessControlOriginType + } + if resp.OriginAccessControl.OriginAccessControlConfig.SigningBehavior != nil { + f1f1.SigningBehavior = resp.OriginAccessControl.OriginAccessControlConfig.SigningBehavior + } + if resp.OriginAccessControl.OriginAccessControlConfig.SigningProtocol != nil { + f1f1.SigningProtocol = resp.OriginAccessControl.OriginAccessControlConfig.SigningProtocol + } + f1.OriginAccessControlConfig = f1f1 + } + cr.Status.AtProvider.OriginAccessControl = f1 + } else { + cr.Status.AtProvider.OriginAccessControl = nil + } + + return cr +} + +// GenerateCreateOriginAccessControlInput returns a create input. +func GenerateCreateOriginAccessControlInput(cr *svcapitypes.OriginAccessControl) *svcsdk.CreateOriginAccessControlInput { + res := &svcsdk.CreateOriginAccessControlInput{} + + if cr.Spec.ForProvider.OriginAccessControlConfig != nil { + f0 := &svcsdk.OriginAccessControlConfig{} + if cr.Spec.ForProvider.OriginAccessControlConfig.Description != nil { + f0.SetDescription(*cr.Spec.ForProvider.OriginAccessControlConfig.Description) + } + if cr.Spec.ForProvider.OriginAccessControlConfig.Name != nil { + f0.SetName(*cr.Spec.ForProvider.OriginAccessControlConfig.Name) + } + if cr.Spec.ForProvider.OriginAccessControlConfig.OriginAccessControlOriginType != nil { + f0.SetOriginAccessControlOriginType(*cr.Spec.ForProvider.OriginAccessControlConfig.OriginAccessControlOriginType) + } + if cr.Spec.ForProvider.OriginAccessControlConfig.SigningBehavior != nil { + f0.SetSigningBehavior(*cr.Spec.ForProvider.OriginAccessControlConfig.SigningBehavior) + } + if cr.Spec.ForProvider.OriginAccessControlConfig.SigningProtocol != nil { + f0.SetSigningProtocol(*cr.Spec.ForProvider.OriginAccessControlConfig.SigningProtocol) + } + res.SetOriginAccessControlConfig(f0) + } + + return res +} + +// GenerateUpdateOriginAccessControlInput returns an update input. +func GenerateUpdateOriginAccessControlInput(cr *svcapitypes.OriginAccessControl) *svcsdk.UpdateOriginAccessControlInput { + res := &svcsdk.UpdateOriginAccessControlInput{} + + if cr.Spec.ForProvider.OriginAccessControlConfig != nil { + f2 := &svcsdk.OriginAccessControlConfig{} + if cr.Spec.ForProvider.OriginAccessControlConfig.Description != nil { + f2.SetDescription(*cr.Spec.ForProvider.OriginAccessControlConfig.Description) + } + if cr.Spec.ForProvider.OriginAccessControlConfig.Name != nil { + f2.SetName(*cr.Spec.ForProvider.OriginAccessControlConfig.Name) + } + if cr.Spec.ForProvider.OriginAccessControlConfig.OriginAccessControlOriginType != nil { + f2.SetOriginAccessControlOriginType(*cr.Spec.ForProvider.OriginAccessControlConfig.OriginAccessControlOriginType) + } + if cr.Spec.ForProvider.OriginAccessControlConfig.SigningBehavior != nil { + f2.SetSigningBehavior(*cr.Spec.ForProvider.OriginAccessControlConfig.SigningBehavior) + } + if cr.Spec.ForProvider.OriginAccessControlConfig.SigningProtocol != nil { + f2.SetSigningProtocol(*cr.Spec.ForProvider.OriginAccessControlConfig.SigningProtocol) + } + res.SetOriginAccessControlConfig(f2) + } + + return res +} + +// GenerateDeleteOriginAccessControlInput returns a deletion input. +func GenerateDeleteOriginAccessControlInput(cr *svcapitypes.OriginAccessControl) *svcsdk.DeleteOriginAccessControlInput { + res := &svcsdk.DeleteOriginAccessControlInput{} + + return res +} + +// IsNotFound returns whether the given error is of type NotFound or not. +func IsNotFound(err error) bool { + awsErr, ok := err.(awserr.Error) + return ok && awsErr.Code() == "NoSuchOriginAccessControl" +} diff --git a/pkg/controller/cloudfront/setup.go b/pkg/controller/cloudfront/setup.go index 4de848010a..38fd8c8324 100644 --- a/pkg/controller/cloudfront/setup.go +++ b/pkg/controller/cloudfront/setup.go @@ -23,6 +23,7 @@ import ( "github.com/crossplane-contrib/provider-aws/pkg/controller/cloudfront/cachepolicy" "github.com/crossplane-contrib/provider-aws/pkg/controller/cloudfront/cloudfrontoriginaccessidentity" "github.com/crossplane-contrib/provider-aws/pkg/controller/cloudfront/distribution" + "github.com/crossplane-contrib/provider-aws/pkg/controller/cloudfront/originaccesscontrol" "github.com/crossplane-contrib/provider-aws/pkg/controller/cloudfront/responseheaderspolicy" "github.com/crossplane-contrib/provider-aws/pkg/utils/setup" ) @@ -35,5 +36,6 @@ func Setup(mgr ctrl.Manager, o controller.Options) error { cloudfrontoriginaccessidentity.SetupCloudFrontOriginAccessIdentity, distribution.SetupDistribution, responseheaderspolicy.SetupResponseHeadersPolicy, + originaccesscontrol.SetupOriginAccessControl, ) } From 589ad2c078066d2077805868230187cd300d055a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Mill=C3=A1n?= Date: Mon, 4 Nov 2024 15:49:57 +0100 Subject: [PATCH 2/4] Update generated code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jorge Millán --- ...ws.crossplane.io_originaccesscontrols.yaml | 188 ++++++++++-------- 1 file changed, 109 insertions(+), 79 deletions(-) diff --git a/package/crds/cloudfront.aws.crossplane.io_originaccesscontrols.yaml b/package/crds/cloudfront.aws.crossplane.io_originaccesscontrols.yaml index a7c5f5fc59..f582b87436 100644 --- a/package/crds/cloudfront.aws.crossplane.io_originaccesscontrols.yaml +++ b/package/crds/cloudfront.aws.crossplane.io_originaccesscontrols.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: originaccesscontrols.cloudfront.aws.crossplane.io spec: group: cloudfront.aws.crossplane.io @@ -38,14 +38,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -94,19 +100,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS A BETA FIELD. It is on by default but can be - opted out through a Crossplane feature flag. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -119,9 +127,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -131,21 +140,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -155,17 +164,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -175,21 +186,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -204,21 +215,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -229,14 +241,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -292,14 +305,23 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer reason: description: A Reason for this condition's last transition from one status to another. @@ -309,8 +331,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -322,6 +345,13 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer type: object required: - spec From a2f5f4c44a798fa2cf7d99784882db9901b1bf07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Mill=C3=A1n?= Date: Mon, 4 Nov 2024 16:28:48 +0100 Subject: [PATCH 3/4] Added Copyright header, nolint directive MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jorge Millán --- .../cloudfront/originaccesscontrol/setup.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pkg/controller/cloudfront/originaccesscontrol/setup.go b/pkg/controller/cloudfront/originaccesscontrol/setup.go index 2060aa1454..d2ba30fbed 100644 --- a/pkg/controller/cloudfront/originaccesscontrol/setup.go +++ b/pkg/controller/cloudfront/originaccesscontrol/setup.go @@ -1,3 +1,20 @@ +/* +Copyright 2021 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +//nolint:gocyclo,staticcheck,golint package originaccesscontrol import ( From b0e723b4203794bd7a61023467738ec6ccd54584 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Mill=C3=A1n?= Date: Mon, 4 Nov 2024 16:45:13 +0100 Subject: [PATCH 4/4] Fix lint issued (gci'd files) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jorge Millán --- .../cloudfront/originaccesscontrol/setup.go | 18 ++++++++---------- .../originaccesscontrol/setup_test.go | 7 +++---- 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/pkg/controller/cloudfront/originaccesscontrol/setup.go b/pkg/controller/cloudfront/originaccesscontrol/setup.go index d2ba30fbed..5e7a435e5e 100644 --- a/pkg/controller/cloudfront/originaccesscontrol/setup.go +++ b/pkg/controller/cloudfront/originaccesscontrol/setup.go @@ -14,20 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */ -//nolint:gocyclo,staticcheck,golint package originaccesscontrol import ( "context" "slices" - svcapitypes "github.com/crossplane-contrib/provider-aws/apis/cloudfront/v1alpha1" - "github.com/crossplane-contrib/provider-aws/apis/v1alpha1" - cloudfront "github.com/crossplane-contrib/provider-aws/pkg/controller/cloudfront/utils" - "github.com/crossplane-contrib/provider-aws/pkg/features" - "github.com/crossplane-contrib/provider-aws/pkg/utils/pointer" - custommanaged "github.com/crossplane-contrib/provider-aws/pkg/utils/reconciler/managed" - + svcsdk "github.com/aws/aws-sdk-go/service/cloudfront" xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" "github.com/crossplane/crossplane-runtime/pkg/connection" "github.com/crossplane/crossplane-runtime/pkg/controller" @@ -36,9 +29,14 @@ import ( "github.com/crossplane/crossplane-runtime/pkg/meta" "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" "github.com/crossplane/crossplane-runtime/pkg/resource" - - svcsdk "github.com/aws/aws-sdk-go/service/cloudfront" ctrl "sigs.k8s.io/controller-runtime" + + svcapitypes "github.com/crossplane-contrib/provider-aws/apis/cloudfront/v1alpha1" + "github.com/crossplane-contrib/provider-aws/apis/v1alpha1" + cloudfront "github.com/crossplane-contrib/provider-aws/pkg/controller/cloudfront/utils" + "github.com/crossplane-contrib/provider-aws/pkg/features" + "github.com/crossplane-contrib/provider-aws/pkg/utils/pointer" + custommanaged "github.com/crossplane-contrib/provider-aws/pkg/utils/reconciler/managed" ) var ( diff --git a/pkg/controller/cloudfront/originaccesscontrol/setup_test.go b/pkg/controller/cloudfront/originaccesscontrol/setup_test.go index 54924707fe..4391983bc2 100644 --- a/pkg/controller/cloudfront/originaccesscontrol/setup_test.go +++ b/pkg/controller/cloudfront/originaccesscontrol/setup_test.go @@ -20,15 +20,14 @@ import ( "context" "testing" - svcapitypes "github.com/crossplane-contrib/provider-aws/apis/cloudfront/v1alpha1" - + svcsdk "github.com/aws/aws-sdk-go/service/cloudfront" "github.com/crossplane/crossplane-runtime/pkg/errors" "github.com/crossplane/crossplane-runtime/pkg/meta" "github.com/crossplane/crossplane-runtime/pkg/test" - - svcsdk "github.com/aws/aws-sdk-go/service/cloudfront" "github.com/google/go-cmp/cmp" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + svcapitypes "github.com/crossplane-contrib/provider-aws/apis/cloudfront/v1alpha1" ) type upToDateArgs struct {