diff --git a/apis/kms/v1alpha1/custom_types.go b/apis/kms/v1alpha1/custom_types.go index 3fcf5b6141..06ac457f2d 100644 --- a/apis/kms/v1alpha1/custom_types.go +++ b/apis/kms/v1alpha1/custom_types.go @@ -1,5 +1,7 @@ package v1alpha1 +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + // CustomKeyParameters are custom parameters for Key. type CustomKeyParameters struct { // Specifies whether the CMK is enabled. @@ -8,3 +10,18 @@ type CustomKeyParameters struct { // Specifies how many days the Key is retained when scheduled for deletion. Defaults to 30 days. PendingWindowInDays *int64 `json:"pendingWindowInDays,omitempty"` } + +// CustomAliasParameters are custom parameters for Alias. +type CustomAliasParameters struct { + // Associates the alias with the specified customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The CMK must be in the same AWS Region. \n A valid CMK ID is required. If you supply a null or empty string value, this operation returns an error. \n For help finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the AWS Key Management Service Developer Guide. \n Specify the key ID or the Amazon Resource Name (ARN) of the CMK. \n For example: \n * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab \n * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab \n To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // +optional + TargetKeyID *string `json:"targetKeyID,omitempty"` + + // TargetKeyIDRef is a reference to a KMS Key used to set TargetKeyID. + // +optional + TargetKeyIDRef *xpv1.Reference `json:"targetKeyIDRef,omitempty"` + + // TargetKeyIDSelector selects a reference to a KMS Key used to set TargetKeyID. + // +optional + TargetKeyIDSelector *xpv1.Selector `json:"targetKeyIDSelector,omitempty"` +} diff --git a/apis/kms/v1alpha1/generator-config.yaml b/apis/kms/v1alpha1/generator-config.yaml index 3833d5f522..e9a1deea29 100644 --- a/apis/kms/v1alpha1/generator-config.yaml +++ b/apis/kms/v1alpha1/generator-config.yaml @@ -1,8 +1,9 @@ ignore: resource_names: - - CustomKeyStore - - Grant - - Alias + - CustomKeyStore + - Grant + field_paths: + - CreateAliasInput.TargetKeyId resources: Key: exceptions: @@ -11,3 +12,8 @@ resources: # so the IsNotFound() function is generated correctly 404: code: NotFoundException + Alias: + exceptions: + errors: + 404: + code: NotFoundException diff --git a/apis/kms/v1alpha1/referencers.go b/apis/kms/v1alpha1/referencers.go new file mode 100644 index 0000000000..ba319a957b --- /dev/null +++ b/apis/kms/v1alpha1/referencers.go @@ -0,0 +1,43 @@ +/* +Copyright 2021 The Crossplane Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "context" + + "github.com/crossplane/crossplane-runtime/pkg/reference" + "github.com/pkg/errors" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// ResolveReferences of this Alias +func (mg *Alias) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + // Resolve spec.forProvider.targetKeyID + rsp, err := r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.TargetKeyID), + Reference: mg.Spec.ForProvider.TargetKeyIDRef, + Selector: mg.Spec.ForProvider.TargetKeyIDSelector, + To: reference.To{Managed: &Key{}, List: &KeyList{}}, + Extract: reference.ExternalName(), + }) + if err != nil { + return errors.Wrap(err, "spec.forProvider.targetKeyID") + } + mg.Spec.ForProvider.TargetKeyID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.TargetKeyIDRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/kms/v1alpha1/zz_alias.go b/apis/kms/v1alpha1/zz_alias.go new file mode 100644 index 0000000000..4465ddfe1d --- /dev/null +++ b/apis/kms/v1alpha1/zz_alias.go @@ -0,0 +1,94 @@ +/* +Copyright 2021 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by ack-generate. DO NOT EDIT. + +package v1alpha1 + +import ( + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// AliasParameters defines the desired state of Alias +type AliasParameters struct { + // Region is which region the Alias will be created. + // +kubebuilder:validation:Required + Region string `json:"region"` + // Specifies the alias name. This value must begin with alias/ followed by a + // name, such as alias/ExampleAlias. + // + // The AliasName value must be string of 1-256 characters. It can contain only + // alphanumeric characters, forward slashes (/), underscores (_), and dashes + // (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is + // reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). + // +kubebuilder:validation:Required + AliasName *string `json:"aliasName"` + CustomAliasParameters `json:",inline"` +} + +// AliasSpec defines the desired state of Alias +type AliasSpec struct { + xpv1.ResourceSpec `json:",inline"` + ForProvider AliasParameters `json:"forProvider"` +} + +// AliasObservation defines the observed state of Alias +type AliasObservation struct { +} + +// AliasStatus defines the observed state of Alias. +type AliasStatus struct { + xpv1.ResourceStatus `json:",inline"` + AtProvider AliasObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// Alias is the Schema for the Aliases API +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type Alias struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec AliasSpec `json:"spec"` + Status AliasStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// AliasList contains a list of Aliases +type AliasList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Alias `json:"items"` +} + +// Repository type metadata. +var ( + AliasKind = "Alias" + AliasGroupKind = schema.GroupKind{Group: Group, Kind: AliasKind}.String() + AliasKindAPIVersion = AliasKind + "." + GroupVersion.String() + AliasGroupVersionKind = GroupVersion.WithKind(AliasKind) +) + +func init() { + SchemeBuilder.Register(&Alias{}, &AliasList{}) +} diff --git a/apis/kms/v1alpha1/zz_generated.deepcopy.go b/apis/kms/v1alpha1/zz_generated.deepcopy.go index 6c235638a0..4316fb7eda 100644 --- a/apis/kms/v1alpha1/zz_generated.deepcopy.go +++ b/apis/kms/v1alpha1/zz_generated.deepcopy.go @@ -21,9 +21,69 @@ limitations under the License. package v1alpha1 import ( + "github.com/crossplane/crossplane-runtime/apis/common/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Alias) DeepCopyInto(out *Alias) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Alias. +func (in *Alias) DeepCopy() *Alias { + if in == nil { + return nil + } + out := new(Alias) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Alias) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AliasList) DeepCopyInto(out *AliasList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Alias, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasList. +func (in *AliasList) DeepCopy() *AliasList { + if in == nil { + return nil + } + out := new(AliasList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AliasList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AliasListEntry) DeepCopyInto(out *AliasListEntry) { *out = *in @@ -32,6 +92,11 @@ func (in *AliasListEntry) DeepCopyInto(out *AliasListEntry) { *out = new(string) **out = **in } + if in.AliasName != nil { + in, out := &in.AliasName, &out.AliasName + *out = new(string) + **out = **in + } if in.CreationDate != nil { in, out := &in.CreationDate, &out.CreationDate *out = (*in).DeepCopy() @@ -57,6 +122,106 @@ func (in *AliasListEntry) DeepCopy() *AliasListEntry { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AliasObservation) DeepCopyInto(out *AliasObservation) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasObservation. +func (in *AliasObservation) DeepCopy() *AliasObservation { + if in == nil { + return nil + } + out := new(AliasObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AliasParameters) DeepCopyInto(out *AliasParameters) { + *out = *in + if in.AliasName != nil { + in, out := &in.AliasName, &out.AliasName + *out = new(string) + **out = **in + } + in.CustomAliasParameters.DeepCopyInto(&out.CustomAliasParameters) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasParameters. +func (in *AliasParameters) DeepCopy() *AliasParameters { + if in == nil { + return nil + } + out := new(AliasParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AliasSpec) DeepCopyInto(out *AliasSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasSpec. +func (in *AliasSpec) DeepCopy() *AliasSpec { + if in == nil { + return nil + } + out := new(AliasSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AliasStatus) DeepCopyInto(out *AliasStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + out.AtProvider = in.AtProvider +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasStatus. +func (in *AliasStatus) DeepCopy() *AliasStatus { + if in == nil { + return nil + } + out := new(AliasStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomAliasParameters) DeepCopyInto(out *CustomAliasParameters) { + *out = *in + if in.TargetKeyID != nil { + in, out := &in.TargetKeyID, &out.TargetKeyID + *out = new(string) + **out = **in + } + if in.TargetKeyIDRef != nil { + in, out := &in.TargetKeyIDRef, &out.TargetKeyIDRef + *out = new(v1.Reference) + **out = **in + } + if in.TargetKeyIDSelector != nil { + in, out := &in.TargetKeyIDSelector, &out.TargetKeyIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomAliasParameters. +func (in *CustomAliasParameters) DeepCopy() *CustomAliasParameters { + if in == nil { + return nil + } + out := new(CustomAliasParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomKeyParameters) DeepCopyInto(out *CustomKeyParameters) { *out = *in diff --git a/apis/kms/v1alpha1/zz_generated.managed.go b/apis/kms/v1alpha1/zz_generated.managed.go index 6cca76238b..fb41351191 100644 --- a/apis/kms/v1alpha1/zz_generated.managed.go +++ b/apis/kms/v1alpha1/zz_generated.managed.go @@ -20,6 +20,62 @@ package v1alpha1 import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +// GetCondition of this Alias. +func (mg *Alias) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Alias. +func (mg *Alias) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetProviderConfigReference of this Alias. +func (mg *Alias) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +/* +GetProviderReference of this Alias. +Deprecated: Use GetProviderConfigReference. +*/ +func (mg *Alias) GetProviderReference() *xpv1.Reference { + return mg.Spec.ProviderReference +} + +// GetWriteConnectionSecretToReference of this Alias. +func (mg *Alias) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Alias. +func (mg *Alias) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Alias. +func (mg *Alias) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetProviderConfigReference of this Alias. +func (mg *Alias) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +/* +SetProviderReference of this Alias. +Deprecated: Use SetProviderConfigReference. +*/ +func (mg *Alias) SetProviderReference(r *xpv1.Reference) { + mg.Spec.ProviderReference = r +} + +// SetWriteConnectionSecretToReference of this Alias. +func (mg *Alias) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this Key. func (mg *Key) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/kms/v1alpha1/zz_generated.managedlist.go b/apis/kms/v1alpha1/zz_generated.managedlist.go index a1624ff7f7..d5ef7814ea 100644 --- a/apis/kms/v1alpha1/zz_generated.managedlist.go +++ b/apis/kms/v1alpha1/zz_generated.managedlist.go @@ -20,6 +20,15 @@ package v1alpha1 import resource "github.com/crossplane/crossplane-runtime/pkg/resource" +// GetItems of this AliasList. +func (l *AliasList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this KeyList. func (l *KeyList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) diff --git a/apis/kms/v1alpha1/zz_types.go b/apis/kms/v1alpha1/zz_types.go index 153ea22ea3..a43f25b449 100644 --- a/apis/kms/v1alpha1/zz_types.go +++ b/apis/kms/v1alpha1/zz_types.go @@ -30,6 +30,8 @@ var ( type AliasListEntry struct { AliasARN *string `json:"aliasARN,omitempty"` + AliasName *string `json:"aliasName,omitempty"` + CreationDate *metav1.Time `json:"creationDate,omitempty"` LastUpdatedDate *metav1.Time `json:"lastUpdatedDate,omitempty"` diff --git a/examples/kms/alias.yaml b/examples/kms/alias.yaml new file mode 100644 index 0000000000..e296eea338 --- /dev/null +++ b/examples/kms/alias.yaml @@ -0,0 +1,12 @@ +apiVersion: kms.aws.crossplane.io/v1alpha1 +kind: Alias +metadata: + name: dev-key +spec: + forProvider: + region: us-east-1 + aliasName: alias/dev-key + targetKeyIDRef: + name: dev-key + providerConfigRef: + name: example diff --git a/package/crds/kms.aws.crossplane.io_aliases.yaml b/package/crds/kms.aws.crossplane.io_aliases.yaml new file mode 100644 index 0000000000..050932e6f2 --- /dev/null +++ b/package/crds/kms.aws.crossplane.io_aliases.yaml @@ -0,0 +1,214 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: aliases.kms.aws.crossplane.io +spec: + group: kms.aws.crossplane.io + names: + categories: + - crossplane + - managed + - aws + kind: Alias + listKind: AliasList + plural: aliases + singular: alias + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Alias is the Schema for the Aliases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AliasSpec defines the desired state of Alias + properties: + deletionPolicy: + default: Delete + description: DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. + enum: + - Orphan + - Delete + type: string + forProvider: + description: AliasParameters defines the desired state of Alias + properties: + aliasName: + description: "Specifies the alias name. This value must begin + with alias/ followed by a name, such as alias/ExampleAlias. + \n The AliasName value must be string of 1-256 characters. It + can contain only alphanumeric characters, forward slashes (/), + underscores (_), and dashes (-). The alias name cannot begin + with alias/aws/. The alias/aws/ prefix is reserved for AWS managed + CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk)." + type: string + region: + description: Region is which region the Alias will be created. + type: string + targetKeyID: + description: 'Associates the alias with the specified customer + managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). + The CMK must be in the same AWS Region. \n A valid CMK ID is + required. If you supply a null or empty string value, this operation + returns an error. \n For help finding the key ID and ARN, see + Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) + in the AWS Key Management Service Developer Guide. \n Specify + the key ID or the Amazon Resource Name (ARN) of the CMK. \n + For example: \n * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + \n * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + \n To get the key ID and key ARN for a CMK, use ListKeys or + DescribeKey.' + type: string + targetKeyIDRef: + description: TargetKeyIDRef is a reference to a KMS Key used to + set TargetKeyID. + properties: + name: + description: Name of the referenced object. + type: string + required: + - name + type: object + targetKeyIDSelector: + description: TargetKeyIDSelector selects a reference to a KMS + Key used to set TargetKeyID. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + type: object + required: + - aliasName + - region + type: object + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + required: + - name + type: object + providerRef: + description: 'ProviderReference specifies the provider that will be + used to create, observe, update, and delete this managed resource. + Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + properties: + name: + description: Name of the referenced object. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: AliasStatus defines the observed state of Alias. + properties: + atProvider: + description: AliasObservation defines the observed state of Alias + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/pkg/controller/aws.go b/pkg/controller/aws.go index 05fc548c48..ef8dcd239c 100644 --- a/pkg/controller/aws.go +++ b/pkg/controller/aws.go @@ -82,6 +82,7 @@ import ( "github.com/crossplane/provider-aws/pkg/controller/identity/iamuserpolicyattachment" "github.com/crossplane/provider-aws/pkg/controller/identity/openidconnectprovider" kafkacluster "github.com/crossplane/provider-aws/pkg/controller/kafka/cluster" + "github.com/crossplane/provider-aws/pkg/controller/kms/alias" "github.com/crossplane/provider-aws/pkg/controller/kms/key" "github.com/crossplane/provider-aws/pkg/controller/lambda/function" "github.com/crossplane/provider-aws/pkg/controller/notification/snssubscription" @@ -175,6 +176,7 @@ func Setup(mgr ctrl.Manager, l logging.Logger, rl workqueue.RateLimiter, poll ti backup.SetupBackup, globaltable.SetupGlobalTable, key.SetupKey, + alias.SetupAlias, filesystem.SetupFileSystem, dbcluster.SetupDBCluster, dbclusterparametergroup.SetupDBClusterParameterGroup, diff --git a/pkg/controller/kms/alias/setup.go b/pkg/controller/kms/alias/setup.go new file mode 100644 index 0000000000..d8971e5f78 --- /dev/null +++ b/pkg/controller/kms/alias/setup.go @@ -0,0 +1,96 @@ +/* +Copyright 2021 The Crossplane Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package alias + +import ( + "context" + "strings" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "k8s.io/client-go/util/workqueue" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/controller" + + svcsdk "github.com/aws/aws-sdk-go/service/kms" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/meta" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + "github.com/crossplane/crossplane-runtime/pkg/resource" + + svcapitypes "github.com/crossplane/provider-aws/apis/kms/v1alpha1" + awsclients "github.com/crossplane/provider-aws/pkg/clients" +) + +// SetupAlias adds a controller that reconciles Alias. +func SetupAlias(mgr ctrl.Manager, l logging.Logger, limiter workqueue.RateLimiter, poll time.Duration) error { + name := managed.ControllerName(svcapitypes.AliasGroupKind) + opts := []option{ + func(e *external) { + e.postCreate = postCreate + e.postObserve = postObserve + e.preCreate = preCreate + }, + } + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(controller.Options{ + RateLimiter: ratelimiter.NewDefaultManagedRateLimiter(limiter), + }). + For(&svcapitypes.Alias{}). + Complete(managed.NewReconciler(mgr, + resource.ManagedKind(svcapitypes.AliasGroupVersionKind), + managed.WithInitializers(managed.NewDefaultProviderConfig(mgr.GetClient())), + managed.WithExternalConnecter(&connector{kube: mgr.GetClient(), opts: opts}), + managed.WithPollInterval(poll), + managed.WithLogger(l.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))))) +} + +func preCreate(_ context.Context, cr *svcapitypes.Alias, obj *svcsdk.CreateAliasInput) error { + obj.TargetKeyId = cr.Spec.ForProvider.TargetKeyID + return nil +} + +func postCreate(_ context.Context, cr *svcapitypes.Alias, obj *svcsdk.CreateAliasOutput, cre managed.ExternalCreation, err error) (managed.ExternalCreation, error) { + if err != nil { + return managed.ExternalCreation{}, err + } + // CreateAliasOutput is empty + meta.SetExternalName(cr, *cr.Spec.ForProvider.AliasName) + return managed.ExternalCreation{ExternalNameAssigned: true}, nil +} + +func postObserve(_ context.Context, cr *svcapitypes.Alias, obj *svcsdk.ListAliasesOutput, obs managed.ExternalObservation, err error) (managed.ExternalObservation, error) { + if err != nil { + return managed.ExternalObservation{}, err + } + + // get all alias + for i := range obj.Aliases { + if awsclients.StringValue(obj.Aliases[i].AliasName) == awsclients.StringValue(cr.Spec.ForProvider.AliasName) { + // obj.Aliases[i].TargetKeyId is in ListAliasesOutput the KMSKey.ARN + if strings.Contains(awsclients.StringValue(cr.Spec.ForProvider.TargetKeyID), awsclients.StringValue(obj.Aliases[i].TargetKeyId)) { + // alias found and TargetKeyId included + cr.SetConditions(xpv1.Available()) + return obs, nil + } + } + } + + cr.SetConditions(xpv1.Unavailable()) + return managed.ExternalObservation{}, err +} diff --git a/pkg/controller/kms/alias/zz_controller.go b/pkg/controller/kms/alias/zz_controller.go new file mode 100644 index 0000000000..d426981b80 --- /dev/null +++ b/pkg/controller/kms/alias/zz_controller.go @@ -0,0 +1,229 @@ +/* +Copyright 2021 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by ack-generate. DO NOT EDIT. + +package alias + +import ( + "context" + + svcapi "github.com/aws/aws-sdk-go/service/kms" + svcsdk "github.com/aws/aws-sdk-go/service/kms" + svcsdkapi "github.com/aws/aws-sdk-go/service/kms/kmsiface" + "github.com/google/go-cmp/cmp" + "github.com/pkg/errors" + "sigs.k8s.io/controller-runtime/pkg/client" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/meta" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + cpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + + svcapitypes "github.com/crossplane/provider-aws/apis/kms/v1alpha1" + awsclient "github.com/crossplane/provider-aws/pkg/clients" +) + +const ( + errUnexpectedObject = "managed resource is not an Alias resource" + + errCreateSession = "cannot create a new session" + errCreate = "cannot create Alias in AWS" + errUpdate = "cannot update Alias in AWS" + errDescribe = "failed to describe Alias" + errDelete = "failed to delete Alias" +) + +type connector struct { + kube client.Client + opts []option +} + +func (c *connector) Connect(ctx context.Context, mg cpresource.Managed) (managed.ExternalClient, error) { + cr, ok := mg.(*svcapitypes.Alias) + if !ok { + return nil, errors.New(errUnexpectedObject) + } + sess, err := awsclient.GetConfigV1(ctx, c.kube, mg, cr.Spec.ForProvider.Region) + if err != nil { + return nil, errors.Wrap(err, errCreateSession) + } + return newExternal(c.kube, svcapi.New(sess), c.opts), nil +} + +func (e *external) Observe(ctx context.Context, mg cpresource.Managed) (managed.ExternalObservation, error) { + cr, ok := mg.(*svcapitypes.Alias) + if !ok { + return managed.ExternalObservation{}, errors.New(errUnexpectedObject) + } + if meta.GetExternalName(cr) == "" { + return managed.ExternalObservation{ + ResourceExists: false, + }, nil + } + input := GenerateListAliasesInput(cr) + if err := e.preObserve(ctx, cr, input); err != nil { + return managed.ExternalObservation{}, errors.Wrap(err, "pre-observe failed") + } + resp, err := e.client.ListAliasesWithContext(ctx, input) + if err != nil { + return managed.ExternalObservation{ResourceExists: false}, awsclient.Wrap(cpresource.Ignore(IsNotFound, err), errDescribe) + } + resp = e.filterList(cr, resp) + if len(resp.Aliases) == 0 { + return managed.ExternalObservation{ResourceExists: false}, nil + } + currentSpec := cr.Spec.ForProvider.DeepCopy() + if err := e.lateInitialize(&cr.Spec.ForProvider, resp); err != nil { + return managed.ExternalObservation{}, errors.Wrap(err, "late-init failed") + } + GenerateAlias(resp).Status.AtProvider.DeepCopyInto(&cr.Status.AtProvider) + + upToDate, err := e.isUpToDate(cr, resp) + if err != nil { + return managed.ExternalObservation{}, errors.Wrap(err, "isUpToDate check failed") + } + return e.postObserve(ctx, cr, resp, managed.ExternalObservation{ + ResourceExists: true, + ResourceUpToDate: upToDate, + ResourceLateInitialized: !cmp.Equal(&cr.Spec.ForProvider, currentSpec), + }, nil) +} + +func (e *external) Create(ctx context.Context, mg cpresource.Managed) (managed.ExternalCreation, error) { + cr, ok := mg.(*svcapitypes.Alias) + if !ok { + return managed.ExternalCreation{}, errors.New(errUnexpectedObject) + } + cr.Status.SetConditions(xpv1.Creating()) + input := GenerateCreateAliasInput(cr) + if err := e.preCreate(ctx, cr, input); err != nil { + return managed.ExternalCreation{}, errors.Wrap(err, "pre-create failed") + } + resp, err := e.client.CreateAliasWithContext(ctx, input) + if err != nil { + return managed.ExternalCreation{}, awsclient.Wrap(err, errCreate) + } + + return e.postCreate(ctx, cr, resp, managed.ExternalCreation{}, err) +} + +func (e *external) Update(ctx context.Context, mg cpresource.Managed) (managed.ExternalUpdate, error) { + cr, ok := mg.(*svcapitypes.Alias) + if !ok { + return managed.ExternalUpdate{}, errors.New(errUnexpectedObject) + } + input := GenerateUpdateAliasInput(cr) + if err := e.preUpdate(ctx, cr, input); err != nil { + return managed.ExternalUpdate{}, errors.Wrap(err, "pre-update failed") + } + resp, err := e.client.UpdateAliasWithContext(ctx, input) + return e.postUpdate(ctx, cr, resp, managed.ExternalUpdate{}, awsclient.Wrap(err, errUpdate)) +} + +func (e *external) Delete(ctx context.Context, mg cpresource.Managed) error { + cr, ok := mg.(*svcapitypes.Alias) + if !ok { + return errors.New(errUnexpectedObject) + } + cr.Status.SetConditions(xpv1.Deleting()) + input := GenerateDeleteAliasInput(cr) + ignore, err := e.preDelete(ctx, cr, input) + if err != nil { + return errors.Wrap(err, "pre-delete failed") + } + if ignore { + return nil + } + resp, err := e.client.DeleteAliasWithContext(ctx, input) + return e.postDelete(ctx, cr, resp, awsclient.Wrap(cpresource.Ignore(IsNotFound, err), errDelete)) +} + +type option func(*external) + +func newExternal(kube client.Client, client svcsdkapi.KMSAPI, opts []option) *external { + e := &external{ + kube: kube, + client: client, + preObserve: nopPreObserve, + postObserve: nopPostObserve, + lateInitialize: nopLateInitialize, + isUpToDate: alwaysUpToDate, + filterList: nopFilterList, + preCreate: nopPreCreate, + postCreate: nopPostCreate, + preDelete: nopPreDelete, + postDelete: nopPostDelete, + preUpdate: nopPreUpdate, + postUpdate: nopPostUpdate, + } + for _, f := range opts { + f(e) + } + return e +} + +type external struct { + kube client.Client + client svcsdkapi.KMSAPI + preObserve func(context.Context, *svcapitypes.Alias, *svcsdk.ListAliasesInput) error + postObserve func(context.Context, *svcapitypes.Alias, *svcsdk.ListAliasesOutput, managed.ExternalObservation, error) (managed.ExternalObservation, error) + filterList func(*svcapitypes.Alias, *svcsdk.ListAliasesOutput) *svcsdk.ListAliasesOutput + lateInitialize func(*svcapitypes.AliasParameters, *svcsdk.ListAliasesOutput) error + isUpToDate func(*svcapitypes.Alias, *svcsdk.ListAliasesOutput) (bool, error) + preCreate func(context.Context, *svcapitypes.Alias, *svcsdk.CreateAliasInput) error + postCreate func(context.Context, *svcapitypes.Alias, *svcsdk.CreateAliasOutput, managed.ExternalCreation, error) (managed.ExternalCreation, error) + preDelete func(context.Context, *svcapitypes.Alias, *svcsdk.DeleteAliasInput) (bool, error) + postDelete func(context.Context, *svcapitypes.Alias, *svcsdk.DeleteAliasOutput, error) error + preUpdate func(context.Context, *svcapitypes.Alias, *svcsdk.UpdateAliasInput) error + postUpdate func(context.Context, *svcapitypes.Alias, *svcsdk.UpdateAliasOutput, managed.ExternalUpdate, error) (managed.ExternalUpdate, error) +} + +func nopPreObserve(context.Context, *svcapitypes.Alias, *svcsdk.ListAliasesInput) error { + return nil +} +func nopPostObserve(_ context.Context, _ *svcapitypes.Alias, _ *svcsdk.ListAliasesOutput, obs managed.ExternalObservation, err error) (managed.ExternalObservation, error) { + return obs, err +} +func nopFilterList(_ *svcapitypes.Alias, list *svcsdk.ListAliasesOutput) *svcsdk.ListAliasesOutput { + return list +} + +func nopLateInitialize(*svcapitypes.AliasParameters, *svcsdk.ListAliasesOutput) error { + return nil +} +func alwaysUpToDate(*svcapitypes.Alias, *svcsdk.ListAliasesOutput) (bool, error) { + return true, nil +} + +func nopPreCreate(context.Context, *svcapitypes.Alias, *svcsdk.CreateAliasInput) error { + return nil +} +func nopPostCreate(_ context.Context, _ *svcapitypes.Alias, _ *svcsdk.CreateAliasOutput, cre managed.ExternalCreation, err error) (managed.ExternalCreation, error) { + return cre, err +} +func nopPreDelete(context.Context, *svcapitypes.Alias, *svcsdk.DeleteAliasInput) (bool, error) { + return false, nil +} +func nopPostDelete(_ context.Context, _ *svcapitypes.Alias, _ *svcsdk.DeleteAliasOutput, err error) error { + return err +} +func nopPreUpdate(context.Context, *svcapitypes.Alias, *svcsdk.UpdateAliasInput) error { + return nil +} +func nopPostUpdate(_ context.Context, _ *svcapitypes.Alias, _ *svcsdk.UpdateAliasOutput, upd managed.ExternalUpdate, err error) (managed.ExternalUpdate, error) { + return upd, err +} diff --git a/pkg/controller/kms/alias/zz_conversions.go b/pkg/controller/kms/alias/zz_conversions.go new file mode 100644 index 0000000000..a32b96c39a --- /dev/null +++ b/pkg/controller/kms/alias/zz_conversions.go @@ -0,0 +1,97 @@ +/* +Copyright 2021 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by ack-generate. DO NOT EDIT. + +package alias + +import ( + "github.com/aws/aws-sdk-go/aws/awserr" + svcsdk "github.com/aws/aws-sdk-go/service/kms" + + svcapitypes "github.com/crossplane/provider-aws/apis/kms/v1alpha1" +) + +// NOTE(muvaf): We return pointers in case the function needs to start with an +// empty object, hence need to return a new pointer. + +// GenerateListAliasesInput returns input for read +// operation. +func GenerateListAliasesInput(cr *svcapitypes.Alias) *svcsdk.ListAliasesInput { + res := &svcsdk.ListAliasesInput{} + + return res +} + +// GenerateAlias returns the current state in the form of *svcapitypes.Alias. +func GenerateAlias(resp *svcsdk.ListAliasesOutput) *svcapitypes.Alias { + cr := &svcapitypes.Alias{} + + found := false + for _, elem := range resp.Aliases { + if elem.AliasName != nil { + cr.Spec.ForProvider.AliasName = elem.AliasName + } else { + cr.Spec.ForProvider.AliasName = nil + } + found = true + break + } + if !found { + return cr + } + + return cr +} + +// GenerateCreateAliasInput returns a create input. +func GenerateCreateAliasInput(cr *svcapitypes.Alias) *svcsdk.CreateAliasInput { + res := &svcsdk.CreateAliasInput{} + + if cr.Spec.ForProvider.AliasName != nil { + res.SetAliasName(*cr.Spec.ForProvider.AliasName) + } + + return res +} + +// GenerateUpdateAliasInput returns an update input. +func GenerateUpdateAliasInput(cr *svcapitypes.Alias) *svcsdk.UpdateAliasInput { + res := &svcsdk.UpdateAliasInput{} + + if cr.Spec.ForProvider.AliasName != nil { + res.SetAliasName(*cr.Spec.ForProvider.AliasName) + } + + return res +} + +// GenerateDeleteAliasInput returns a deletion input. +func GenerateDeleteAliasInput(cr *svcapitypes.Alias) *svcsdk.DeleteAliasInput { + res := &svcsdk.DeleteAliasInput{} + + if cr.Spec.ForProvider.AliasName != nil { + res.SetAliasName(*cr.Spec.ForProvider.AliasName) + } + + return res +} + +// IsNotFound returns whether the given error is of type NotFound or not. +func IsNotFound(err error) bool { + awsErr, ok := err.(awserr.Error) + return ok && awsErr.Code() == "NotFoundException" +}