Add Certificate refs for https listeners (crossplane-contrib#1211)

* Add Certificate refs for https listeners Signed-off-by: EdgeJ <[email protected]> Signed-off-by: Felipe Barbosa <[email protected]>
febarbosa182 · May 23, 2022 · 5a37fcb · 5a37fcb
1 parent d16cc78
commit 5a37fcb
Show file tree

Hide file tree

Showing 9 changed files with 151 additions and 68 deletions.
diff --git a/apis/elbv2/generator-config.yaml b/apis/elbv2/generator-config.yaml
@@ -3,6 +3,7 @@ ignore:
   field_paths:
     - CreateListenerInput.LoadBalancerArn
     - CreateListenerInput.DefaultActions
+    - CreateListenerInput.Certificates
     # Type has a json key of type_, so it's reimplemented with loadBalancerType
     - CreateLoadBalancerInput.Type
   resource_names:

diff --git a/apis/elbv2/v1alpha1/custom_types.go b/apis/elbv2/v1alpha1/custom_types.go
@@ -2,6 +2,24 @@ package v1alpha1
 
 import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 
+// CustomCertificate includes custom fields about certificates.
+type CustomCertificate struct {
+	// [HTTPS and TLS listeners] The default certificate for the listener.
+	// +optional
+	CertificateARN *string `json:"certificateARN,omitempty"`
+
+	// Reference to Certificates for Certificate ARN
+	// +optional
+	CertificateARNRef *xpv1.Reference `json:"certificateARNRef,omitempty"`
+
+	// Selector for references to Certificate for CertificateArn
+	// +optional
+	CertificateARNSelector *xpv1.Selector `json:"certificateARNSelector,omitempty"`
+
+	// +optional
+	IsDefault bool `json:"isDefault,omitempty"`
+}
+
 // CustomTargetGroupTuple includes custom fields about target groups.
 // Only used with ForwardActionConfig to route to multiple target groups.
 type CustomTargetGroupTuple struct { // inject refs and selectors into TargetGroupTuple
@@ -91,6 +109,12 @@ type CustomAction struct {
 
 // CustomListenerParameters includes the custom fields of Listener.
 type CustomListenerParameters struct {
+	// [HTTPS and TLS listeners] The default certificate
+	// for the listener. You must provide exactly one certificate.
+	// Set CertificateArn to the certificate ARN but do not set IsDefault.
+	// +optional
+	Certificates []*CustomCertificate `json:"certificates,omitempty"`
+
 	// The actions for the default rule.
 	// +kubebuilder:validation:Required
 	DefaultActions []*CustomAction `json:"defaultActions"`

diff --git a/apis/elbv2/v1alpha1/referencers.go b/apis/elbv2/v1alpha1/referencers.go
@@ -21,13 +21,30 @@ import (
 	"github.com/pkg/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	acm "github.com/crossplane/provider-aws/apis/acm/v1beta1"
 	ec2 "github.com/crossplane/provider-aws/apis/ec2/v1beta1"
 )
 
 // ResolveReferences resolves references for Listeners
 func (mg *Listener) ResolveReferences(ctx context.Context, c client.Reader) error {
 	r := reference.NewAPIResolver(c, mg)
 
+	// resolve certificate ARN reference
+	for i := range mg.Spec.ForProvider.Certificates {
+		rsp, err := r.Resolve(ctx, reference.ResolutionRequest{
+			CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Certificates[i].CertificateARN),
+			Reference:    mg.Spec.ForProvider.Certificates[i].CertificateARNRef,
+			Selector:     mg.Spec.ForProvider.Certificates[i].CertificateARNSelector,
+			To:           reference.To{Managed: &acm.Certificate{}, List: &acm.CertificateList{}},
+			Extract:      reference.ExternalName(),
+		})
+		if err != nil {
+			return errors.Wrap(err, "spec.forProvider.certificateArn")
+		}
+		mg.Spec.ForProvider.Certificates[i].CertificateARN = reference.ToPtrValue(rsp.ResolvedValue)
+		mg.Spec.ForProvider.Certificates[i].CertificateARNRef = rsp.ResolvedReference
+	}
+
 	// resolve loadbalancer ARN reference
 	rsp, err := r.Resolve(ctx, reference.ResolutionRequest{
 		CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.LoadBalancerARN),

diff --git a/apis/elbv2/v1alpha1/zz_generated.deepcopy.go b/apis/elbv2/v1alpha1/zz_generated.deepcopy.go
diff --git a/apis/elbv2/v1alpha1/zz_listener.go b/apis/elbv2/v1alpha1/zz_listener.go
diff --git a/examples/elbv2/listener.yaml b/examples/elbv2/listener.yaml
@@ -37,3 +37,26 @@ spec:
     protocol: HTTP
   providerConfigRef:
     name: example
+---
+apiVersion: elbv2.aws.crossplane.io/v1alpha1
+kind: Listener
+metadata:
+  name: test-listener-https
+spec:
+  forProvider:
+    region: us-east-1
+    certificates:
+      - certificateARNRef:
+          name: dev.crossplane.io
+    defaultActions:
+      - actionType: forward
+        forwardConfig:
+          targetGroups:
+            - targetGroupArnRef:
+                name: test-targetgroup
+    loadBalancerArnRef:
+      name: test-loadbalancer
+    port: 443
+    protocol: HTTPS
+  providerConfigRef:
+    name: example
diff --git a/package/crds/elbv2.aws.crossplane.io_listeners.yaml b/package/crds/elbv2.aws.crossplane.io_listeners.yaml
@@ -76,9 +76,38 @@ spec:
                       for the listener. You must provide exactly one certificate.
                       Set CertificateArn to the certificate ARN but do not set IsDefault.'
                     items:
+                      description: CustomCertificate includes custom fields about
+                        certificates.
                       properties:
                         certificateARN:
+                          description: '[HTTPS and TLS listeners] The default certificate
+                            for the listener.'
                           type: string
+                        certificateARNRef:
+                          description: Reference to Certificates for Certificate ARN
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        certificateARNSelector:
+                          description: Selector for references to Certificate for
+                            CertificateArn
+                          properties:
+                            matchControllerRef:
+                              description: MatchControllerRef ensures an object with
+                                the same controller reference as the selecting object
+                                is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                          type: object
                         isDefault:
                           type: boolean
                       type: object

diff --git a/pkg/controller/elbv2/listener/setup.go b/pkg/controller/elbv2/listener/setup.go
@@ -231,6 +231,13 @@ func generateDefaultActions(cr *svcapitypes.Listener) []*svcsdk.Action { //nolin
 func preCreate(_ context.Context, cr *svcapitypes.Listener, obs *svcsdk.CreateListenerInput) error {
 	obs.DefaultActions = generateDefaultActions(cr)
 	obs.LoadBalancerArn = cr.Spec.ForProvider.LoadBalancerARN
+	for i := range cr.Spec.ForProvider.Certificates {
+		if cr.Spec.ForProvider.Certificates[i].CertificateARN != nil {
+			obs.Certificates = append(obs.Certificates, &svcsdk.Certificate{
+				CertificateArn: cr.Spec.ForProvider.Certificates[i].CertificateARN,
+			})
+		}
+	}
 	return nil
 }
 

diff --git a/pkg/controller/elbv2/listener/zz_conversions.go b/pkg/controller/elbv2/listener/zz_conversions.go