diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..b8613886 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +[*] +charset = utf-8 +insert_final_newline = true +end_of_line = lf +indent_style = space +indent_size = 2 +max_line_length = 80 diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 2f87a905..8268b4fd 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,7 +1,7 @@ --- name: Bug Report about: Help us diagnose and fix bugs in Upjet -labels: bug,needs:triage +labels: bug --- - ### How can we reproduce it? +--> \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report.md.license b/.github/ISSUE_TEMPLATE/bug_report.md.license new file mode 100644 index 00000000..21ad42e1 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC0-1.0 diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index b83b710a..a041d487 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,7 +1,7 @@ --- name: Feature Request about: Help us make Upjet more useful -labels: enhancement,needs:triage +labels: enhancement --- +--> \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/feature_request.md.license b/.github/ISSUE_TEMPLATE/feature_request.md.license new file mode 100644 index 00000000..21ad42e1 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC0-1.0 diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 09513126..3ac09ef9 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,27 +1,28 @@ ### Description of your changes + Fixes # I have: -- [ ] Read and followed Crossplane's [contribution process]. +- [ ] Read and followed Upjet's [contribution process]. - [ ] Run `make reviewable` to ensure this PR is ready for review. - [ ] Added `backport release-x.y` labels to auto-backport this PR if necessary. @@ -33,4 +34,4 @@ needs to tested and shown to be correct. Briefly describe the testing that has already been done or which is planned for this change. --> -[contribution process]: https://git.io/fj2m9 +[contribution process]: https://github.com/crossplane/upjet/blob/master/CONTRIBUTING.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md.license b/.github/PULL_REQUEST_TEMPLATE.md.license new file mode 100644 index 00000000..21ad42e1 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC0-1.0 diff --git a/.github/stale.yml b/.github/stale.yml index f6c6e0ac..00406161 100644 --- a/.github/stale.yml +++ b/.github/stale.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + # Configuration for probot-stale - https://github.com/probot/stale # Number of days of inactivity before an Issue or Pull Request becomes stale diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index d40af507..da228728 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + name: Backport on: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 89cf872e..dac05e1f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + name: CI on: @@ -10,9 +14,9 @@ on: env: # Common versions - GO_VERSION: '1.20' - GOLANGCI_VERSION: 'v1.53.3' - DOCKER_BUILDX_VERSION: 'v0.8.2' + GO_VERSION: "1.20" + GOLANGCI_VERSION: "v1.53.3" + DOCKER_BUILDX_VERSION: "v0.8.2" # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether @@ -35,7 +39,6 @@ jobs: do_not_skip: '["workflow_dispatch", "schedule", "push"]' concurrent_skipping: false - lint: runs-on: ubuntu-20.04 needs: detect-noop diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c78c6240..488020f7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + name: CodeQL on: diff --git a/.github/workflows/commands.yml b/.github/workflows/commands.yml index 9a2c0de6..7d2ffdff 100644 --- a/.github/workflows/commands.yml +++ b/.github/workflows/commands.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + name: Comment Commands on: issue_comment @@ -8,59 +12,59 @@ jobs: if: startsWith(github.event.comment.body, '/points') steps: - - name: Extract Command - id: command - uses: xt0rted/slash-command-action@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - command: points - reaction: "true" - reaction-type: "eyes" - allow-edits: "false" - permission-level: write - - name: Handle Command - uses: actions/github-script@v4 - env: - POINTS: ${{ steps.command.outputs.command-arguments }} - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const points = process.env.POINTS + - name: Extract Command + id: command + uses: xt0rted/slash-command-action@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + command: points + reaction: "true" + reaction-type: "eyes" + allow-edits: "false" + permission-level: write + - name: Handle Command + uses: actions/github-script@v4 + env: + POINTS: ${{ steps.command.outputs.command-arguments }} + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const points = process.env.POINTS - if (isNaN(parseInt(points))) { - console.log("Malformed command - expected '/points '") - github.reactions.createForIssueComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: context.payload.comment.id, - content: "confused" - }) - return - } - const label = "points/" + points + if (isNaN(parseInt(points))) { + console.log("Malformed command - expected '/points '") + github.reactions.createForIssueComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: context.payload.comment.id, + content: "confused" + }) + return + } + const label = "points/" + points + + // Delete our needs-points-label label. + try { + await github.issues.deleteLabel({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + name: ['needs-points-label'] + }) + console.log("Deleted 'needs-points-label' label.") + } + catch(e) { + console.log("Label 'needs-points-label' probably didn't exist.") + } - // Delete our needs-points-label label. - try { - await github.issues.deleteLabel({ + // Add our points label. + github.issues.addLabels({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - name: ['needs-points-label'] + labels: [label] }) - console.log("Deleted 'needs-points-label' label.") - } - catch(e) { - console.log("Label 'needs-points-label' probably didn't exist.") - } - - // Add our points label. - github.issues.addLabels({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - labels: [label] - }) - console.log("Added '" + label + "' label.") + console.log("Added '" + label + "' label.") # NOTE(negz): See also backport.yml, which is the variant that triggers on PR # merge rather than on comment. @@ -68,25 +72,25 @@ jobs: runs-on: ubuntu-20.04 if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/backport') steps: - - name: Extract Command - id: command - uses: xt0rted/slash-command-action@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - command: backport - reaction: "true" - reaction-type: "eyes" - allow-edits: "false" - permission-level: write + - name: Extract Command + id: command + uses: xt0rted/slash-command-action@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + command: backport + reaction: "true" + reaction-type: "eyes" + allow-edits: "false" + permission-level: write - - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 #v3 - with: - fetch-depth: 0 + - name: Checkout + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 #v3 + with: + fetch-depth: 0 - - name: Open Backport PR - uses: zeebe-io/backport-action@v0.0.4 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - github_workspace: ${{ github.workspace }} - version: v0.0.4 + - name: Open Backport PR + uses: zeebe-io/backport-action@v0.0.4 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + github_workspace: ${{ github.workspace }} + version: v0.0.4 diff --git a/.github/workflows/reuse-license-linter.yml b/.github/workflows/reuse-license-linter.yml new file mode 100644 index 00000000..b34fd684 --- /dev/null +++ b/.github/workflows/reuse-license-linter.yml @@ -0,0 +1,19 @@ +# SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. +# +# SPDX-License-Identifier: CC0-1.0 + +name: REUSE Compliance Check + +on: [push, pull_request] + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: REUSE Compliance Check + uses: fsfe/reuse-action@v2 + - name: REUSE SPDX SBOM + uses: fsfe/reuse-action@v2 + with: + args: spdx diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index c87a43f3..e520dc4c 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -1,13 +1,17 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + name: Tag on: workflow_dispatch: inputs: version: - description: 'Release version (e.g. v0.1.0)' + description: "Release version (e.g. v0.1.0)" required: true message: - description: 'Tag message' + description: "Tag message" required: true jobs: diff --git a/.gitignore b/.gitignore index b28f57cf..c5c010b8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + /.cache /.work /_output @@ -10,4 +14,4 @@ cover.out # ignore IDE folders .vscode/ -.idea/ \ No newline at end of file +.idea/ diff --git a/.gitmodules b/.gitmodules index c2fad470..bbd089e3 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + [submodule "build"] - path = build - url = https://github.com/upbound/build +path = build +url = https://github.com/upbound/build diff --git a/.golangci.yml b/.golangci.yml index ae6e3c53..a6cc3f56 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,8 +1,12 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + run: timeout: 10m skip-files: - - "zz_generated\\..+\\.go$" + - "zz_generated\\..+\\.go$" output: # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number" @@ -35,10 +39,15 @@ linters-settings: # simplify code: gofmt with `-s` option, true by default simplify: true - goimports: - # put imports beginning with prefix after 3rd-party packages; - # it's a comma-separated list of prefixes - local-prefixes: github.com/upbound/upjet + gci: + custom-order: true + sections: + - standard + - default + - prefix(github.com/crossplane/crossplane-runtime) + - prefix(github.com/crossplane/crossplane) + - blank + - dot gocyclo: # minimal code complexity to report, 30 by default (but we recommend 10-20) @@ -102,28 +111,40 @@ linters-settings: rangeValCopy: sizeThreshold: 32 + nolintlint: + require-explanation: false + require-specific: true + linters: enable: - megacheck - govet - gocyclo - gocritic - - interfacer - goconst - - goimports - - gofmt # We enable this as well as goimports for its simplify mode. + - gci + - gofmt # We enable this as well as goimports for its simplify mode. - prealloc - revive - unconvert - misspell - nakedret + - nolintlint + + disable: + # These linters are all deprecated as of golangci-lint v1.49.0. We disable + # them explicitly to avoid the linter logging deprecation warnings. + - deadcode + - varcheck + - scopelint + - structcheck + - interfacer presets: - bugs - unused fast: false - issues: # Excluding configuration per-path and per-linter exclude-rules: @@ -148,38 +169,36 @@ issues: # rather than using a pointer. - text: "(hugeParam|rangeValCopy):" linters: - - gocritic + - gocritic # This "TestMain should call os.Exit to set exit code" warning is not clever # enough to notice that we call a helper method that calls os.Exit. - text: "SA3000:" linters: - - staticcheck + - staticcheck - text: "k8s.io/api/core/v1" linters: - - goimports + - goimports # This is a "potential hardcoded credentials" warning. It's triggered by # any variable with 'secret' in the same, and thus hits a lot of false # positives in Kubernetes land where a Secret is an object type. - text: "G101:" linters: - - gosec - - gas + - gosec + - gas # This is an 'errors unhandled' warning that duplicates errcheck. - text: "G104:" linters: - - gosec - - gas + - gosec + - gas - # The Azure AddToUserAgent method appends to the existing user agent string. - # It returns an error if you pass it an empty string lettinga you know the - # user agent did not change, making it more of a warning. - - text: \.AddToUserAgent + # Some k8s dependencies do not have JSON tags on all fields in structs. + - path: k8s.io/ linters: - - errcheck + - musttag # Independently from option `exclude` we use default exclude patterns, # it can be disabled by this option. To list all diff --git a/CODEOWNERS b/CODEOWNERS index 2645cd0d..258549de 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,3 +1,8 @@ + +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + # This file controls automatic PR reviewer assignment. See the following docs: # # * https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners @@ -8,10 +13,13 @@ # and merge PRs. All PRs must be approved by at least one maintainer before being merged. # # Where possible, prefer explicitly specifying a maintainer who is a subject -# matter expert for a particular part of the codebase rather than using the -# @upbound/team-extensions group. +# matter expert for a particular part of the codebase rather than using fallback +# owners. Fallback owners are listed at the bottom of this file. # # See also OWNERS.md for governance details +# Subject matter experts +pkg/migrations/* @sergenyalcin + # Fallback owners -* @ulucinar @sergenyalcin +* @ulucinar @sergenyalcin \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 18edcaab..26df864f 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,3 +1,9 @@ -## Code of Conduct + + +# Community Code of Conduct + +This project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e08aac5f..c35a03a2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,9 @@ + + # Contributing to Upjet Welcome, and thank you for considering contributing to Upjet. We encourage @@ -85,7 +91,7 @@ change in Upjet, the best way to test it is to use a `replace` statement in the `go.mod` file of the provider to use your local version as shown below. ``` -replace github.com/upbound/upjet => ../upjet +replace github.com/crossplane/upjet => ../upjet ``` Once you complete your change, make sure to run `make reviewable` before opening @@ -98,7 +104,7 @@ in your provider to point to a certain commit in your branch of the provider tha you opened a PR for. ``` -replace github.com/upbound/upjet => github.com//upjet +replace github.com/crossplane/upjet => github.com//upjet ``` [Slack]: https://crossplane.slack.com/archives/C01TRKD4623 diff --git a/LICENSE b/LICENSE index 5695f4d9..ca635233 100644 --- a/LICENSE +++ b/LICENSE @@ -1,201 +1,73 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [YEAR] Upbound Inc. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. +Apache License +Version 2.0, January 2004 + + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + +"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. + +"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. + +"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. + +"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. + +"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. + +"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). + +"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. + +"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: + + (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. + + You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + +To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/LICENSES/Apache-2.0.txt b/LICENSES/Apache-2.0.txt new file mode 100644 index 00000000..137069b8 --- /dev/null +++ b/LICENSES/Apache-2.0.txt @@ -0,0 +1,73 @@ +Apache License +Version 2.0, January 2004 +http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + +"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. + +"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. + +"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. + +"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. + +"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. + +"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). + +"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. + +"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: + + (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. + + You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + +To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/LICENSES/CC-BY-4.0.txt b/LICENSES/CC-BY-4.0.txt new file mode 100644 index 00000000..c0041c89 --- /dev/null +++ b/LICENSES/CC-BY-4.0.txt @@ -0,0 +1,156 @@ +Creative Commons Attribution 4.0 International + +Creative Commons Corporation (“Creative Commons”) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an “as-is” basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and conditions that creators and other rights holders may use to share original works of authorship and other material subject to copyright and certain other rights specified in the public license below. The following considerations are for informational purposes only, are not exhaustive, and do not form part of our licenses. + +Considerations for licensors: Our public licenses are intended for use by those authorized to give the public permission to use material in ways otherwise restricted by copyright and certain other rights. Our licenses are irrevocable. Licensors should read and understand the terms and conditions of the license they choose before applying it. Licensors should also secure all rights necessary before applying our licenses so that the public can reuse the material as expected. Licensors should clearly mark any material not subject to the license. This includes other CC-licensed material, or material used under an exception or limitation to copyright. More considerations for licensors. + +Considerations for the public: By using one of our public licenses, a licensor grants the public permission to use the licensed material under specified terms and conditions. If the licensor’s permission is not necessary for any reason–for example, because of any applicable exception or limitation to copyright–then that use is not regulated by the license. Our licenses grant only permissions under copyright and certain other rights that a licensor has authority to grant. Use of the licensed material may still be restricted for other reasons, including because others have copyright or other rights in the material. A licensor may make special requests, such as asking that all changes be marked or described. Although not required by our licenses, you are encouraged to respect those requests where reasonable. More considerations for the public. + +Creative Commons Attribution 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions. + +Section 1 – Definitions. + + a. Adapted Material means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License. + + c. Copyright and Similar Rights means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights. + + d. Effective Technological Measures means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements. + + e. Exceptions and Limitations means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material. + + f. Licensed Material means the artistic or literary work, database, or other material to which the Licensor applied this Public License. + + g. Licensed Rights means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license. + + h. Licensor means the individual(s) or entity(ies) granting rights under this Public License. + + i. Share means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them. + + j. Sui Generis Database Rights means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world. + + k. You means the individual or entity exercising the Licensed Rights under this Public License. Your has a corresponding meaning. + +Section 2 – Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to: + + A. reproduce and Share the Licensed Material, in whole or in part; and + + B. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions. + + 3. Term. The term of this Public License is specified in Section 6(a). + + 4. Media and formats; technical modifications allowed. The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a)(4) never produces Adapted Material. + + 5. Downstream recipients. + + A. Offer from the Licensor – Licensed Material. Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License. + + B. No downstream restrictions. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material. + + 6. No endorsement. Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i). + +b. Other rights. + + 1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this Public License. + + 3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties. + +Section 3 – License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified form), You must: + + A. retain the following if it is supplied by the Licensor with the Licensed Material: + + i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of warranties; + + v. a URI or hyperlink to the Licensed Material to the extent reasonably practicable; + + B. indicate if You modified the Licensed Material and retain an indication of any previous modifications; and + + C. indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information. + + 3. If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable. + + 4. If You Share Adapted Material You produce, the Adapter's License You apply must not prevent recipients of the Adapted Material from complying with this Public License. + +Section 4 – Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database; + + b. if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material; and + + c. You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database. +For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights. + +Section 5 – Disclaimer of Warranties and Limitation of Liability. + + a. Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You. + + b. To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where a limitation of liability is not allowed in full or in part, this limitation may not apply to You. + + c. The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability. + +Section 6 – Term and Termination. + + a. This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or + + 2. upon express reinstatement by the Licensor. + + c. For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License. + + d. For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License. + + e. Sections 1, 5, 6, 7, and 8 survive termination of this Public License. + +Section 7 – Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License. + +Section 8 – Interpretation. + + a. For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions. + + c. No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor. + + d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority. + +Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the “Licensor.” Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at creativecommons.org/policies, Creative Commons does not authorize the use of the trademark “Creative Commons” or any other trademark or logo of Creative Commons without its prior written consent including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses. + +Creative Commons may be contacted at creativecommons.org. diff --git a/LICENSES/CC0-1.0.txt b/LICENSES/CC0-1.0.txt new file mode 100644 index 00000000..0e259d42 --- /dev/null +++ b/LICENSES/CC0-1.0.txt @@ -0,0 +1,121 @@ +Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. diff --git a/Makefile b/Makefile index 66d4d5ad..940c7a81 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,13 @@ + +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + # ==================================================================================== # Setup Project PROJECT_NAME := upjet -PROJECT_REPO := github.com/upbound/$(PROJECT_NAME) +PROJECT_REPO := github.com/crossplane/$(PROJECT_NAME) # GOLANGCILINT_VERSION is inherited from build submodule by default. # Uncomment below if you need to override the version. @@ -55,12 +60,6 @@ fallthrough: submodules @echo Initial setup complete. Running make again . . . @make -# Generate a coverage report for cobertura applying exclusions on -# - generated file -cobertura: - @cat $(GO_TEST_OUTPUT)/coverage.txt | \ - $(GOCOVER_COBERTURA) > $(GO_TEST_OUTPUT)/cobertura-coverage.xml - # Update the submodules, such as the common build scripts. submodules: @git submodule sync @@ -78,4 +77,4 @@ go.cachedir: go.mod.cachedir: @go env GOMODCACHE -.PHONY: cobertura reviewable submodules fallthrough go.mod.cachedir go.cachedir +.PHONY: reviewable submodules fallthrough go.mod.cachedir go.cachedir diff --git a/NOTICE b/NOTICE index 14d5a307..d8ce029d 100644 --- a/NOTICE +++ b/NOTICE @@ -1,3 +1,9 @@ + + This project is a larger work that combines with software written by third parties, licensed under their own terms. diff --git a/OWNERS.md b/OWNERS.md index 599b40e4..f8b61b10 100644 --- a/OWNERS.md +++ b/OWNERS.md @@ -1,13 +1,19 @@ -# OWNERS + -This page lists all maintainers for **this** repository. Each repository in the [Upbound -organization](https://github.com/upbound/) will list their repository maintainers in their own -`OWNERS.md` file. +# OWNERS +This page lists all maintainers for **this** repository. Each repository in the +[Crossplane organization](https://github.com/crossplane/) will list their +repository maintainers in their own `OWNERS.md` file. ## Maintainers * Alper Ulucinar ([ulucinar](https://github.com/ulucinar)) * Sergen Yalcin ([sergenyalcin](https://github.com/sergenyalcin)) +* Jean du Plessis ([jeanduplessis](https://github.com/jeanduplessis)) See [CODEOWNERS](./CODEOWNERS) for automatic PR assignment. diff --git a/README.md b/README.md index 2ce0acec..0ee78d07 100644 --- a/README.md +++ b/README.md @@ -1,42 +1,53 @@ + + # Upjet - Generate Crossplane Providers from any Terraform Provider +
-![CI](https://github.com/upbound/upjet/workflows/CI/badge.svg) [![GitHub release](https://img.shields.io/github/release/upbound/upjet/all.svg?style=flat-square)](https://github.com/upbound/upjet/releases) [![Go Report Card](https://goreportcard.com/badge/github.com/upbound/upjet)](https://goreportcard.com/report/github.com/upbound/upjet) [![Slack](https://slack.crossplane.io/badge.svg)](https://crossplane.slack.com/archives/C01TRKD4623) [![Twitter Follow](https://img.shields.io/twitter/follow/upbound_io.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=upbound_io&user_id=788180534543339520) +![CI](https://github.com/crossplane/upjet/workflows/CI/badge.svg) +[![GitHub release](https://img.shields.io/github/release/crossplane/upjet/all.svg)](https://github.com/crossplane/upjet/releases) +[![Go Report Card](https://goreportcard.com/badge/github.com/crossplane/upjet)](https://goreportcard.com/report/github.com/crossplane/upjet) +[![Contributors](https://img.shields.io/github/contributors/crossplane/upjet)](https://github.com/crossplane/upjet/graphs/contributors) +[![Slack](https://img.shields.io/badge/Slack-4A154B?logo=slack)](https://crossplane.slack.com/archives/C05T19TB729) +[![X (formerly Twitter) Follow](https://img.shields.io/twitter/follow/crossplane_io)](https://twitter.com/crossplane_io)
Upjet is a code generator framework that allows developers to build code generation pipelines that can generate Crossplane controllers. Developers can -start building their code generation pipeline targeting specific Terraform Providers -by importing Upjet and wiring all generators together, customizing the whole -pipeline in the process. +start building their code generation pipeline targeting specific Terraform +Providers by importing Upjet and wiring all generators together, customizing the +whole pipeline in the process. -Here is some Crossplane providers built using Upjet: +Here are some Crossplane providers built using Upjet: -* [Provider AWS](https://github.com/upbound/provider-aws) -* [Provider Azure](https://github.com/upbound/provider-azure) -* [Provider GCP](https://github.com/upbound/provider-gcp) +- [upbound/provider-aws](https://github.com/upbound/provider-aws) +- [upbound/provider-azure](https://github.com/upbound/provider-azure) +- [upbound/provider-gcp](https://github.com/upbound/provider-gcp) +- [aviatrix/crossplane-provider-aviatrix](https://github.com/Aviatrix/crossplane-provider-aviatrix) ## Getting Started -You can get started by following the guides in [docs](docs/README.md) directory! +You can get started by following the guides in the [docs](docs/README.md) +directory. ## Report a Bug For filing bugs, suggesting improvements, or requesting new features, please -open an [issue](https://github.com/upbound/upjet/issues). +open an [issue](https://github.com/crossplane/upjet/issues). ## Contact -Please open a Github issue for all requests. If you need to reach out to Upbound, -you can do so via the following channels: -* Slack: [#upbound](https://crossplane.slack.com/archives/C01TRKD4623) channel in [Crossplane Slack](https://slack.crossplane.io) -* Twitter: [@upbound_io](https://twitter.com/upbound_io) -* Email: [support@upbound.io](mailto:support@upbound.io) +[#upjet](https://crossplane.slack.com/archives/C05T19TB729) channel in +[Crossplane Slack](https://slack.crossplane.io) ## Prior Art -Upjet originates from the [Terrajet][terrajet] project. See the original +Upjet originates from the [Terrajet][terrajet] project. See the original [design document][terrajet-design-doc]. ## Licensing @@ -44,4 +55,4 @@ Upjet originates from the [Terrajet][terrajet] project. See the original Upjet is under [the Apache 2.0 license](LICENSE) with [notice](NOTICE). [terrajet-design-doc]: https://github.com/crossplane/crossplane/blob/master/design/design-doc-terrajet.md -[terrajet]: https://github.com/crossplane/terrajet \ No newline at end of file +[terrajet]: https://github.com/crossplane/terrajet diff --git a/catalog-info.yaml b/catalog-info.yaml deleted file mode 100644 index 309500fe..00000000 --- a/catalog-info.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: backstage.io/v1alpha1 -kind: Component -metadata: - name: upjet - description: "A code generation framework and runtime for Crossplane providers" - links: - - url: https://github.com/upbound/upjet/blob/main/docs/README.md - title: Upjet Readme - annotations: - github.com/project-slug: upbound/upjet -spec: - type: service - lifecycle: production - owner: team-extensions diff --git a/cmd/scraper/main.go b/cmd/scraper/main.go index 0ec2af2b..077c3170 100644 --- a/cmd/scraper/main.go +++ b/cmd/scraper/main.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package main @@ -8,9 +8,8 @@ import ( "os" "path/filepath" + "github.com/crossplane/upjet/pkg/registry" "gopkg.in/alecthomas/kingpin.v2" - - "github.com/upbound/upjet/pkg/registry" ) func main() { diff --git a/docs/README.md b/docs/README.md index d0c40c36..a5a10073 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,35 +1,43 @@ -# Using Upjet - -Upjet consists of three main pieces: -* Framework to build a code generator pipeline. -* Generic reconciler implementation used by all generated `CustomResourceDefinition`s. -* A scraper to extract documentation for all generated `CustomResourceDefinition`s. - -The usual flow of development of a new provider is as following: -1. Create a provider by following the guide [here][generate-a-provider]. -2. Follow the guide [here][new-v1beta1] to add a `CustomResourceDefinition` for - every resource in the given Terraform provider. - -In most cases, the two guides above would be enough for you to get up and running -with a provider. - -The guides below are longer forms for when you get stuck and want a deeper -understanding: -* Description of all configuration knobs can be found [here][full-guide]. -* Detailed explanation of how to use Uptest to test your resources can be found - [here][uptest-guide]. - * You can find a troubleshooting guide [here][testing-instructions] that can - be useful to debug a failed test. -* References are inferred from the generated examples with a best effort manner. - Details about the process can be found [here][reference-generation]. - -Feel free to ask your questions by opening an issue, starting a discussion or -shooting a message on [Slack]! - -[generate-a-provider]: generating-a-provider.md -[new-v1beta1]: add-new-resource-short.md -[full-guide]: add-new-resource-long.md -[uptest-guide]: testing-resources-by-using-uptest.md -[testing-instructions]: testing-instructions.md -[reference-generation]: reference-generation.md -[Slack]: https://crossplane.slack.com/archives/C01TRKD4623 \ No newline at end of file + + +# What is Upjet? + +Upjet consists of four main components: + +![Upjet components](images/upjet-components.png) + +1. Framework to build a code generator pipeline for Crossplane providers. +1. Generic reconciler implementation (also known as the Upjet runtime) used by + all generated `CustomResourceDefinitions`. +1. A scraper to extract documentation for all generated + `CustomResourceDefinitions`. +1. Migration framework to support migrating from community providers to Official + Providers. + +## Generating a Crossplane provider using Upjet + +Follow the guide to start [generating a Crossplane +provider](generating-a-provider.md). + +Further information on developing a provider: + +- Guide for how to [configure a resource](configuring-a-resource.md) in your +provider. +- Guide on how to use Uptest to [test your resources](testing-with-uptest.md) +end to end. +- Guide on how to add support for +[management policies](adding-support-for-management-policies.md) to an existing +provider. + +## Additional documentation + +- [Provider identity based authentication](design-doc-provider-identity-based-auth.md) +- [Monitoring](monitoring.md) the Upjet runtime using Prometheus. + +Feel free to ask your questions by opening an issue or starting a discussion in +the [#upjet](https://crossplane.slack.com/archives/C05T19TB729) channel in +[Crossplane Slack](https://slack.crossplane.io). diff --git a/docs/add-new-resource-short.md b/docs/add-new-resource-short.md deleted file mode 100644 index 9d5807e7..00000000 --- a/docs/add-new-resource-short.md +++ /dev/null @@ -1,411 +0,0 @@ -## Adding a New Resource - -There are a long and detailed guides showing [how to bootstrap a -provider][provider-guide] and [how to configure resources][config-guide]. Here -we will go over the steps that will take us to `v1beta1` quality without going -into much detail so that it can be followed repeatedly quickly. - -The steps are generally identical, so we'll just take a resource issue from AWS -[#90][issue-90] and you can generalize steps pretty much to all other -resources in all official providers. It has several resources from different API -groups, such as `glue`, `grafana`, `guardduty` and `iam`. - -1. Assign issue to yourself. -1. Start from the top and click the link for the first resource, - [`aws_glue_workflow`] in this case. -1. Here we'll look for clues about how the Terraform ID is shaped so that we can - infer the external name configuration. In this case, there is a `name` - argument seen under `Argument Reference` section and when we look at `Import` - section, we see that this is what's used to import, i.e. Terraform ID is same - as `name` argument. This means that we can use `config.NameAsIdentifier` - configuration from Upjet as our external name config. See section [External - Name Cases](#external-name-cases) to see how you can infer in many different - cases of Terraform ID. -1. First of all, please see the [Moving Untested Resources to v1beta1] - documentation. - - Go to `config/externalname.go` and add the following line to - `ExternalNameConfigs` table: - ```golang - // glue - // - // Imported using "name". - "aws_glue_workflow": config.NameAsIdentifier, - ``` -1. Run `make reviewable`. -1. Go through the "Warning" boxes (if any) in the Terraform Registry page to see - whether any of the fields are represented as separate resources as well. It - usually goes like - ``` - Routes can be defined either directly on the azurerm_iothub - resource, or using the azurerm_iothub_route resource - but the two cannot be - used together. - ``` - In such cases, the field should be moved to status since we prefer to - represent it only as a separate CRD. Go ahead and add a configuration block - for that resource similar to the following: - ```golang - p.AddResourceConfigurator("azurerm_iothub", func(r *config.Resource) { - // Mutually exclusive with azurerm_iothub_route - config.MoveToStatus(r.TerraformResource, "route") - }) - ``` -1. Go to the end of the TF registry page to see the timeouts. If they are longer - than 10 minutes, then we need to set the `UseAsync` property of the resource - to `true`. Go ahead and add a configuration block for that resource similar to - the following if it doesn't exist already: - ```golang - p.AddResourceConfigurator("azurerm_iothub", func(r *config.Resource) { - r.UseAsync = true - }) - ``` - Note that some providers have certain defaults, like Azure has this on by - default, in such cases you need to set this parameter to `false` if the - timeouts are less than 10 minutes. -1. Resource configuration is largely done, so we need to prepare the example - YAML for testing. Copy `examples-generated/glue/workflow.yaml` into - `examples/glue/workflow.yaml` and then remove `spec.forProvider.name` field. - If there is nothing left under `spec.forProvider`, then give it empty struct, - e.g. `forProvider: {}` -1. Repeat the same process for other resources under `glue`. -1. Once `glue` is completed, the following would be the additions we made to the - external name table and we'd have new examples under `examples/glue` folder. - ```golang - // glue - // - // Imported using "name". - "aws_glue_workflow": config.NameAsIdentifier, - // Imported using arn: arn:aws:glue:us-west-2:123456789012:schema/example/example - "aws_glue_schema": config.IdentifierFromProvider, - // Imported using "name". - "aws_glue_trigger": config.NameAsIdentifier, - // Imported using the catalog_id:database_name:function_name - // 123456789012:my_database:my_func - "aws_glue_user_defined_function": config.TemplatedStringAsIdentifier("name", "{{ .parameters.catalog_id }}:{{ .parameters.database_name }}:{{ .externalName }}"), - "aws_glue_security_configuration": config.NameAsIdentifier, - // Imported using the account ID: 12356789012 - "aws_glue_resource_policy": config.IdentifierFromProvider, - ``` -1. Create a commit to cover all manual changes so that it's easier for reviewer - with a message like the following `aws: add glue group`. -1. Run `make reviewable` so that new resources are generated. -1. Create another commit with a message like `aws: regenerate for glue group`. - -That's pretty much all we need to do in the codebase. With these two commits, we -can open a new PR. - -## Testing - -Our first option is to run it by the automated testing tool we have. In order to -trigger it, you can drop a comment on the PR containing the following: - -```console -# Wildcards like provider-aws/examples/glue/*.yaml also work. -/test-examples="provider-aws/examples/glue/catalogdatabase.yaml,provider-aws/examples/glue/catalogtable.yaml" -``` - -Once the automated tests pass, we're good to go. However, in some cases there is -a bug you can fix right away and in others resource is just not suitable for -automated testing, such as the ones that require you to take a special action -that a Crossplane provider cannot, such as uploading a file. - - -Our goal is to make it work with automated testing as much as possible. So, the -next step is to test the resources manually in your local and try to spot the -problems that prevent it from working with the automated testing. The steps for -manual testing are roughly like the following (no Crossplane is needed): -* `kubectl apply -f package/crds` to install all CRDs into cluster. -* `make run` to start the controllers. -* You need to create a `ProviderConfig` named as `default` with correct - credentials. -* Now, you can create the examples you've got generated and check events/logs to - spot problems and fix them. - -There are cases where the resource requires user to take an action that is not -possible with a Crossplane provider or automated testing tool. In such cases, we -should leave the actions to be taken as annotation on the resource like the -following: - -```yaml -apiVersion: apigatewayv2.aws.upbound.io/v1beta1 -kind: VPCLink -metadata: - name: example - annotations: - upjet.upbound.io/manual-intervention: "User needs to upload a authorization script and give its path in spec.forProvider.filePath" -``` - -If, for some reason, we cannot successfully test a managed resource even manually, -then we do not ship it with the `v1beta1` version and thus the external-name -configuration should be commented out with an appropriate code comment -explaining the situation. - -An issue in the official-providers repo explaining the situation -[should be opened](https://github.com/upbound/official-providers/issues/new/choose) -preferably with the example manifests (and any resource configuration) already tried. - -As explained above, if the resource can successfully be manually tested but -not as part of the automated tests, the example manifest successfully validated -should still be included under the examples directory but with the proper -`upjet.upbound.io/manual-intervention` annotation. -And successful manual testing still meets the `v1beta1` criteria. - -## External Name Cases - -### Case 1: `name` As Identifier - -There is a `name` argument under `Argument Reference` section and `Import` -section suggests to use `name` to import the resource. - -Use `config.NameAsIdentifier`. - -An example would be -[`aws_eks_cluster`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) -and -[here](https://github.com/upbound/provider-aws/blob/8b3887c91c4b44dc14e1123b3a5ae1a70e0e45ed/config/externalname.go#L284) -is its configuration. - -### Case 2: Parameter As Identifier - -There is an argument under `Argument Reference` section that is used like name, -i.e. `cluster_name` or `group_name`, and `Import` section suggests to use the -value of that argument to import the resource. - -Use `config.ParameterAsIdentifier()`. - -An example would be -[`aws_elasticache_cluster`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster) -and -[here](https://github.com/upbound/provider-aws/blob/8b3887c91c4b44dc14e1123b3a5ae1a70e0e45ed/config/externalname.go#L299) -is its configuration. - -### Case 3: Random Identifier From Provider - -The ID used in `Import` section is completely random and assigned by provider, -like a UUID, where you don't have any means of impact on it. - -Use `config.IdentifierFromProvider`. - -An example would be -[`aws_vpc`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) -and -[here](https://github.com/upbound/provider-aws/blob/8b3887c91c4b44dc14e1123b3a5ae1a70e0e45ed/config/externalname.go#L155) -is its configuration. - -### Case 4: Random Identifier Substring From Provider - -The ID used in `Import` section is partially random and assigned by provider. -For example, a node in a cluster could have a random ID like `13213` but the -Terraform Identifier could include the name of the cluster that's represented as -an argument field under `Argument Reference`, i.e. `cluster-name:23123`. In that -case, we'll use only the randomly assigned part as external name and we need to -tell Upjet how to construct the full ID back and forth. - -```golang -func resourceName() config.ExternalName{ - e := config.IdentifierFromProvider - e.GetIDFn = func(_ context.Context, externalName string, parameters map[string]interface{}, _ map[string]interface{}) (string, error) { - cl, ok := parameters["cluster_name"] - if !ok { - return "", errors.New("cluster_name cannot be empty") - } - return fmt.Sprintf("%s:%s", cl.(string), externalName), nil - } - e.GetExternalNameFn = func(tfstate map[string]interface{}) (string, error) { - id, ok := tfstate["id"] - if !ok { - return "", errors.New("id in tfstate cannot be empty") - } - w := strings.Split(s.(string), ":") - return w[len(w)-1], nil - } -} -``` - -### Case 5: Non-random Substrings as Identifier - -There are more than a single argument under `Argument Reference` that are -concatenated to make up the whole identifier, e.g. `//`. We will need to tell Upjet to use `` as external -name and take the rest from parameters. - -Use `config.TemplatedStringAsIdentifier("", "")` in -such cases. The following is the list of available parameters for you to use in -your go template: -``` -parameters: A tree of parameters that you'd normally see in a Terraform HCL - file. You can use TF registry documentation of given resource to - see what's available. - -terraformProviderConfig: The Terraform configuration object of the provider. You can - take a look at the TF registry provider configuration object - to see what's available. Not to be confused with ProviderConfig - custom resource of the Crossplane provider. - -externalName: The value of external name annotation of the custom resource. - It is required to use this as part of the template. -``` - -You can see example usages in the big three providers below. - -#### AWS - -For `aws_glue_user_defined_function`, we see that `name` argument is used to -name the resource and the import instructions read as following: -``` -Glue User Defined Functions can be imported using the -`catalog_id:database_name:function_name`. If you have not set a Catalog ID -specify the AWS Account ID that the database is in, e.g., - -$ terraform import aws_glue_user_defined_function.func 123456789012:my_database:my_func -``` - -Our configuration would look like the following: -```golang -"aws_glue_user_defined_function": config.TemplatedStringAsIdentifier("name", "{{ .parameters.catalog_id }}:{{ .parameters.database_name }}:{{ .externalName }}") -``` - -Another prevalent case in AWS is the usage of Amazon Resource Name (ARN) to -identify a resource. We can use `config.TemplatedStringAsIdentifier` in many of -those cases like the following: - -``` -"aws_glue_registry": config.TemplatedStringAsIdentifier("registry_name", "arn:aws:glue:{{ .parameters.region }}:{{ .setup.client_metadata.account_id }}:registry/{{ .external_name }}"), -``` - -However, there are cases where the ARN includes random substring and that would -fall under Case 4. The following is such an example: -``` -// arn:aws:acm-pca:eu-central-1:609897127049:certificate-authority/ba0c7989-9641-4f36-a033-dee60121d595 - "aws_acmpca_certificate_authority_certificate": config.IdentifierFromProvider, -``` - -#### Azure - -Most Azure resources fall under this case since they use fully qualified -identifier as Terraform ID. - -For `azurerm_mariadb_firewall_rule`, we see that `name` argument is used to name -the resource and the import instructions read as following: -``` -MariaDB Firewall rules can be imported using the resource id, e.g. - -terraform import azurerm_mariadb_firewall_rule.rule1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.DBforMariaDB/servers/server1/firewallRules/rule1 -``` - -Our configuration would look like the following: -```golang -"azurerm_mariadb_firewall_rule": config.TemplatedStringAsIdentifier("name", "/subscriptions/{{ .terraformProviderConfig.subscription_id }}/resourceGroups/{{ .parameters.resource_group_name }}/providers/Microsoft.DBforMariaDB/servers/{{ .parameters.server_name }}/firewallRules/{{ .externalName }}") -``` - -In some resources, an argument requires ID, like `azurerm_cosmosdb_sql_function` -where it has `container_id` and `name` but no separate `resource_group_name` -which would be required to build the full ID. Our configuration would look like -the following in this case: -```golang -config.TemplatedStringAsIdentifier("name", "{{ .parameters.container_id }}/userDefinedFunctions/{{ .externalName }}") -``` - -#### GCP - -Most GCP resources fall under this case since they use fully qualified -identifier as Terraform ID. - -For `google_container_cluster`, we see that `name` argument is used to name the -resource and the import instructions read as following: -```console -GKE clusters can be imported using the project , location, and name. -If the project is omitted, the default provider value will be used. -Examples: - -$ terraform import google_container_cluster.mycluster projects/my-gcp-project/locations/us-east1-a/clusters/my-cluster -$ terraform import google_container_cluster.mycluster my-gcp-project/us-east1-a/my-cluster -$ terraform import google_container_cluster.mycluster us-east1-a/my-cluster -``` - -In cases where there are multiple ways to construct the ID, we should take the -one with the least parameters so that we rely only on required fields because -optional fields may have some defaults that are assigned after the creation -which may make it tricky to work with. In this case, the following would be our -configuration: -```golang -"google_compute_instance": config.TemplatedStringAsIdentifier("name", "{{ .parameters.location }}/{{ .externalName }}") -``` - -There are cases where one of the example import commands uses just `name`, like -`google_compute_instance`: -```console -terraform import google_compute_instance.default {{name}} -``` -In such cases, we should use `config.NameAsIdentifier` since we'd like to have -the least complexity in our configuration as possible. - -### Case 6: No Import Statement - -There is no instructions under `Import` section of the resource page in -Terraform Registry, like `aws_acm_certificate_validation` from AWS. - -Use the following in such cases with comment indicating the case: -```golang -// No import documented. -"aws_acm_certificate_validation": config.IdentifierFromProvider, -``` - -### Case 7: Using Identifier of Another Resource - -There are auxiliary resources that don't have an ID and since they map -one-to-one to another resource, they just opt to use the identifier of that -other resource. In many cases, the identifier is also a valid argument, maybe -even the only argument, to configure this resource. - -An example would be -[`aws_ecrpublic_repository_policy`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecrpublic_repository_policy) -from AWS where the identifier is `repository_name`. - -Use `config.IdentifierFromProvider` because in these cases `repository_name` is -more meaningful as an argument rather than the name of the policy for users, -hence we assume the ID is coming from provider. - -### Case 8: Using Identifiers of Other Resources - -There are resources that mostly represent a relation between two resources -without any particular name that identifies the relation. An example would be -[`azurerm_subnet_nat_gateway_association`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) -where the ID is made up of two arguments `nat_gateway_id` and `subnet_id` -without any particular field used to give a name to the resource. - -Use `config.IdentifierFromProvider` because in these cases, there is no name -argument to be used as external name and both creation and import scenarios -would work the same way even if you configured the resources with conversion -functions between arguments and ID. - -## No Matching Case - -If it doesn't match any of the cases above, then we'll need to implement the -external name configuration from the ground up. Though in most cases, it's just -a little bit different that we only need to override a few things on top of -common functions. - -One example is [`aws_route`] resource where the ID could use a different -argument depending on which one is given. You can take a look at the -implementation [here][route-impl]. [This section][external-name-in-guide] in the -detailed guide could also help you. - - -[provider-guide]: - https://github.com/upbound/upjet/blob/main/docs/generating-a-provider.md -[config-guide]: - https://github.com/upbound/upjet/blob/main/docs/add-new-resource-long.md -[issue-90]: - https://github.com/upbound/provider-aws/issues/90 -[`aws_glue_workflow`]: - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_workflow -[`aws_ecrpublic_repository_policy`]: - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecrpublic_repository_policy#import -[`aws_route`]: - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route -[route-impl]: - https://github.com/upbound/provider-aws/blob/8b3887c91c4b44dc14e1123b3a5ae1a70e0e45ed/config/externalname.go#L172 -[external-name-in-guide]: - https://github.com/upbound/upjet/blob/main/docs/add-new-resource-long.md#external-name -[Moving Untested Resources to v1beta1]: https://github.com/upbound/upjet/blob/main/docs/moving-resources-to-v1beta1.md \ No newline at end of file diff --git a/docs/adding-support-for-management-policies.md b/docs/adding-support-for-management-policies.md index d54301f9..94299c9b 100644 --- a/docs/adding-support-for-management-policies.md +++ b/docs/adding-support-for-management-policies.md @@ -1,6 +1,12 @@ -# Adding Support for Management Policies and initProvider in an Upjet Based Provider + + +# Adding Support for Management Policies and initProvider + +## Regenerating a provider with Management Policies Check out the provider repo, e.g., upbound/provider-aws, and go to the project directory on your local machine. @@ -19,9 +25,10 @@ directory on your local machine. go mod tidy ``` -2. Introduce a feature flag for `Management Policies`. +1. Introduce a feature flag for `Management Policies`. - Add the feature flag definition into the `internal/features/features.go` file. + Add the feature flag definition into the `internal/features/features.go` + file. ```diff diff --git a/internal/features/features.go b/internal/features/features.go @@ -40,7 +47,7 @@ directory on your local machine. ) ``` - Add the actual flag in `cmd/provider/main.go` file and pass the flag to the + Add the actual flag in `cmd/provider/main.go` file and pass the flag to the workspace store: ```diff @@ -89,18 +96,21 @@ directory on your local machine. kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } ``` - -> Note: If the provider was already updated to support observe-only resources, just add the feature flag to the workspaceStore. -3. Generate with the latest upjet and management policies: +> [!NOTE] +> If the provider was already updated to support observe-only resources, just + add the feature flag to the `workspaceStore`. + +1. Generate with the latest upjet and management policies: ```bash # Bump to the latest upjet - go get github.com/upbound/upjet@main + go get github.com/crossplane/upjet@main go mod tidy ``` - Enable management policies in the generator by adding `config.WithFeaturesPackage` option: + Enable management policies in the generator by adding + `config.WithFeaturesPackage` option: ```diff diff --git a/config/provider.go b/config/provider.go @@ -126,8 +136,8 @@ directory on your local machine. ## Testing: Locally Running the Provider with Management Policies Enabled 1. Create a fresh Kubernetes cluster. -2. Apply all of the provider's CRDs with `kubectl apply -f package/crds`. -3. Run the provider with `--enable-management-policies`. +1. Apply all of the provider's CRDs with `kubectl apply -f package/crds`. +1. Run the provider with `--enable-management-policies`. You can update the `run` target in the Makefile as below @@ -142,18 +152,15 @@ directory on your local machine. @# To see other arguments that can be provided, run the command with --help instead - UPBOUND_CONTEXT="local" $(GO_OUT_DIR)/provider --debug + UPBOUND_CONTEXT="local" $(GO_OUT_DIR)/provider --debug --enable-management-policies - - # NOTE(hasheddan): we ensure up is installed prior to running platform-specific - # build steps in parallel to avoid encountering an installation race condition. ``` - - and run with: + + and run with: ```shell make run ``` -4. Create some resources in the provider's management console and try observing +1. Create some resources in the provider's management console and try observing them by creating a managed resource with `managementPolicies: ["Observe"]`. For example: @@ -168,7 +175,7 @@ them by creating a managed resource with `managementPolicies: ["Observe"]`. forProvider: region: us-west-1 ``` - + You should see the managed resource is ready & synced: ```bash @@ -182,14 +189,16 @@ them by creating a managed resource with `managementPolicies: ["Observe"]`. kubectl get instance.rds.aws.upbound.io an-existing-dbinstance -o yaml ``` -> Please note: You would need the `terraform` executable installed on your local machine. +> [!NOTE] +> You need the `terraform` executable installed on your local machine. -5. Create a managed resource without `LateInitialize` like -`managementPolicies: ["Observe", "Create", "Update", "Delete"]` with +1. Create a managed resource without `LateInitialize` like +`managementPolicies: ["Observe", "Create", "Update", "Delete"]` with `spec.initProvider` fields to see the provider create the resource with combining `spec.initProvider` and `spec.forProvider` fields: For example: + ```yaml apiVersion: dynamodb.aws.upbound.io/v1beta1 kind: Table @@ -238,9 +247,9 @@ combining `spec.initProvider` and `spec.forProvider` fields: ```bash kubectl get tables.dynamodb.aws.upbound.io example -o yaml ``` - + As the late initialization is skipped, the `spec.forProvider` should be the same when we created the resource. - + In the provider console, you should see that the resource was created with - the values in the `initProvider` field. \ No newline at end of file + the values in the `initProvider` field. diff --git a/docs/add-new-resource-long.md b/docs/configuring-a-resource.md similarity index 60% rename from docs/add-new-resource-long.md rename to docs/configuring-a-resource.md index 6a8e1c04..26c88ad0 100644 --- a/docs/add-new-resource-long.md +++ b/docs/configuring-a-resource.md @@ -1,11 +1,15 @@ -## Configuring a Resource + +# Configuring a resource [Upjet] generates as much as it could using the available information in the Terraform resource schema. This includes an XRM-conformant schema of the -resource, controller logic, late initialization, sensitive data handling etc. -However, there are still couple of information that requires some input -configuration which could easily be provided by checking the Terraform -documentation of the resource: +resource, controller logic, late initialization, sensitive data handling, etc. +However, there are still information that requires some input configuration +which can be found by checking the Terraform documentation of the resource: - [External name] - [Cross Resource Referencing] @@ -14,22 +18,22 @@ documentation of the resource: - [Overriding Terraform Resource Schema] - [Initializers] -### External Name +## External Name Crossplane uses an annotation in managed resource CR to identify the external resource which is managed by Crossplane. See [the external name documentation] for more details. The format and source of the external name depends on the -cloud provider; sometimes it could simply be the name of resource -(e.g. S3 Bucket), and sometimes it is an auto-generated id by cloud API -(e.g. VPC id ). This is something specific to resource, and we need some input -configuration for upjet to appropriately generate a resource. +cloud provider; sometimes it could simply be the name of resource (e.g. S3 +Bucket), and sometimes it is an auto-generated id by cloud API (e.g. VPC id ). +This is something specific to resource, and we need some input configuration for +upjet to appropriately generate a resource. Since Terraform already needs [a similar identifier] to import a resource, most helpful part of resource documentation is the [import section]. -Upjet performs some back and forth conversions between Crossplane resource -model and Terraform configuration. We need a custom, per resource configuration -to adapt Crossplane `external name` from Terraform `id`. +Upjet performs some back and forth conversions between Crossplane resource model +and Terraform configuration. We need a custom, per resource configuration to +adapt Crossplane `external name` from Terraform `id`. Here are [the types for the External Name configuration]: @@ -93,7 +97,7 @@ type ExternalName struct { Comments explain the purpose of each field but let's clarify further with some example cases. -#### Case 1: Name as External Name and Terraform ID +### Case 1: Name as External Name and Terraform ID This is the simplest and most straightforward case with the following conditions: @@ -106,14 +110,14 @@ conditions: ```go import ( - "github.com/upbound/upjet/pkg/config" - ... + "github.com/crossplane/upjet/pkg/config" + ... ) ... p.AddResourceConfigurator("aws_iam_user", func(r *config.Resource) { r.ExternalName = config.NameAsIdentifier - ... + ... } ``` @@ -133,8 +137,8 @@ also omit `bucket` and `bucket_prefix` arguments from the spec with ```go import ( - "github.com/upbound/upjet/pkg/config" - ... + "github.com/crossplane/upjet/pkg/config" + ... ) ... @@ -147,46 +151,46 @@ import ( "bucket", "bucket_prefix", } - ... + ... } ``` -#### Case 2: Identifier from Provider +### Case 2: Identifier from Provider In this case, the (cloud) provider generates an identifier for the resource independent of what we provided as arguments. Checking the [import section of aws_vpc], we see that this resource is being -imported with `vpc id`. When we check the [arguments list] and provided -[example usages], it is clear that this **id** is **not** something that user -provides, rather generated by AWS API. +imported with `vpc id`. When we check the [arguments list] and provided [example +usages], it is clear that this **id** is **not** something that user provides, +rather generated by AWS API. Here, we can just use [IdentifierFromProvider] configuration: ```go import ( - "github.com/upbound/upjet/pkg/config" - ... + "github.com/crossplane/upjet/pkg/config" + ... ) ... p.AddResourceConfigurator("aws_vpc", func(r *config.Resource) { r.ExternalName = config.IdentifierFromProvider - ... + ... } ``` -#### Case 3: Terraform ID as a Formatted String +### Case 3: Terraform ID as a Formatted String For some resources, Terraform uses a formatted string as `id` which include resource identifier that Crossplane uses as external name but may also contain some other parameters. -Most `azurerm` resources fall into this category. Checking the -[import section of azurerm_sql_server], we see that can be imported with an `id` -in the following format: +Most `azurerm` resources fall into this category. Checking the [import section +of azurerm_sql_server], we see that can be imported with an `id` in the +following format: -``` +```text /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Sql/servers/myserver ``` @@ -196,25 +200,25 @@ this id back (`GetIDFn`). ```go import ( - "github.com/upbound/upjet/pkg/config" - ... + "github.com/crossplane/upjet/pkg/config" + ... ) func getNameFromFullyQualifiedID(tfstate map[string]any) (string, error) { - id, ok := tfstate["id"] - if !ok { - return "", errors.Errorf(ErrFmtNoAttribute, "id") - } - idStr, ok := id.(string) - if !ok { - return "", errors.Errorf(ErrFmtUnexpectedType, "id") - } - words := strings.Split(idStr, "/") - return words[len(words)-1], nil + id, ok := tfstate["id"] + if !ok { + return "", errors.Errorf(ErrFmtNoAttribute, "id") + } + idStr, ok := id.(string) + if !ok { + return "", errors.Errorf(ErrFmtUnexpectedType, "id") + } + words := strings.Split(idStr, "/") + return words[len(words)-1], nil } func getFullyQualifiedIDfunc(ctx context.Context, externalName string, parameters map[string]any, providerConfig map[string]any) (string, error) { - subID, ok := providerConfig["subscription_id"] + subID, ok := providerConfig["subscription_id"] if !ok { return "", errors.Errorf(ErrFmtNoAttribute, "subscription_id") } @@ -231,7 +235,7 @@ func getFullyQualifiedIDfunc(ctx context.Context, externalName string, parameter return "", errors.Errorf(ErrFmtUnexpectedType, "resource_group_name") } - name, ok := parameters["name"] + name, ok := parameters["name"] if !ok { return "", errors.Errorf(ErrFmtNoAttribute, "name") } @@ -248,7 +252,7 @@ func getFullyQualifiedIDfunc(ctx context.Context, externalName string, parameter r.ExternalName = config.NameAsIdentifier r.ExternalName.GetExternalNameFn = getNameFromFullyQualifiedID r.ExternalName.GetIDFn = getFullyQualifiedIDfunc - ... + ... } ``` @@ -256,11 +260,13 @@ With this, we have covered most common scenarios for configuring external name. You can always check resource configurations of existing jet Providers as further examples under `config//config.go` in their repositories. -_Please see [this figure] to understand why we really need 3 different -functions to configure external names and, it visualizes which is used how:_ -![Alt text](./images/upjet-externalname.png) -_Note that, initially, GetIDFn will use the external-name annotation to set the terraform.tfstate id and, after that, it uses the terraform.tfstate id to update the external-name annotation. For cases where both values are different, both GetIDFn and GetExternalNameFn must be set in order to have the correct configuration._ - +_Please see [this figure] to understand why we really need 3 different functions +to configure external names and, it visualizes which is used how:_ +![Alt text](../images/upjet-externalname.png) _Note that, initially, GetIDFn +will use the external-name annotation to set the terraform.tfstate id and, after +that, it uses the terraform.tfstate id to update the external-name annotation. +For cases where both values are different, both GetIDFn and GetExternalNameFn +must be set in order to have the correct configuration._ ### Cross Resource Referencing @@ -270,8 +276,8 @@ managed resource, and you want to create an Access Key for that user, you would need to refer to the User CR from the Access Key resource. This is handled by cross resource referencing. -See how the [user] referenced at `forProvider.userRef.name` field of the -Access Key in the following example: +See how the [user] referenced at `forProvider.userRef.name` field of the Access +Key in the following example: ```yaml apiVersion: iam.aws.tf.crossplane.io/v1alpha1 @@ -352,26 +358,205 @@ case, we would need to provide the full path. Referencing to a [kms key] from ```go func Configure(p *config.Provider) { - p.AddResourceConfigurator("aws_ebs_volume", func(r *config.Resource) { - r.References["kms_key_id"] = config.Reference{ - Type: "github.com/crossplane-contrib/provider-tf-aws/apis/kms/v1alpha1.Key", - } - }) + p.AddResourceConfigurator("aws_ebs_volume", func(r *config.Resource) { + r.References["kms_key_id"] = config.Reference{ + Type: "github.com/crossplane-contrib/provider-tf-aws/apis/kms/v1alpha1.Key", + } + }) +} +``` + +### Auto Cross Resource Reference Generation + +Cross Resource Referencing is one of the key concepts of the resource +configuration. As a very common case, cloud services depend on other cloud +services. For example, AWS Subnet resource needs an AWS VPC for creation. So, +for creating a Subnet successfully, before you have to create a VPC resource. +Please see the [Dependencies] documentation for more details. And also, for +resource configuration-related parts of cross-resource referencing, please see +[this part] of [Configuring a Resource] documentation. + +These documentations focus on the general concepts and manual configurations +of Cross Resource References. However, the main topic of this documentation is +automatic example&reference generation. + +Upjet has a scraper tool for scraping provider metadata from the Terraform +Registry. The scraped metadata are: + +- Resource Descriptions +- Examples of Resources (in HCL format) +- Field Documentations +- Import Statements + +These are very critical information for our automation processes. We use this +scraped metadata in many contexts. For example, field documentation of +resources and descriptions are used as Golang comments for schema fields and +CRDs. + +Another important scraped information is examples of resources. As a part +of testing efforts, finding the correct combination of field values is not easy +for every scenario. So, having a working example (combination) is very important +for easy testing. + +At this point, this example that is in HCL format is converted to a Managed +Resource manifest, and we can use this manifest in our test efforts. + +This is an example from Terraform Registry AWS Ebs Volume resource: + +```go +resource "aws_ebs_volume" "example" { + availability_zone = "us-west-2a" + size = 40 + + tags = { + Name = "HelloWorld" + } +} + +resource "aws_ebs_snapshot" "example_snapshot" { + volume_id = aws_ebs_volume.example.id + + tags = { + Name = "HelloWorld_snap" + } +} +``` + +The generated example: + +```yaml +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: EBSSnapshot +metadata: + annotations: + meta.upbound.io/example-id: ec2/v1beta1/ebssnapshot + labels: + testing.upbound.io/example-name: example_snapshot + name: example-snapshot +spec: + forProvider: + region: us-west-1 + tags: + Name: HelloWorld_snap + volumeIdSelector: + matchLabels: + testing.upbound.io/example-name: example + +--- + +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: EBSVolume +metadata: + annotations: + meta.upbound.io/example-id: ec2/v1beta1/ebssnapshot + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + availabilityZone: us-west-2a + region: us-west-1 + size: 40 + tags: + Name: HelloWorld +``` + +Here, there are three very important points that scraper makes easy our life: + +- We do not have to find the correct value combinations for fields. So, we can + easily use the generated example manifest in our tests. +- The HCL example was scraped from registry documentation of the + `aws_ebs_snapshot` resource. In the example, you also see the `aws_ebs_volume` + resource manifest because, for the creation of an EBS Snapshot, you need an + EBS Volume resource. Thanks to the source Registry, (in many cases, there are + the dependent resources of target resources) we can also scrape the + dependencies of target resources. +- The last item is actually what is intended to be explained in this document. + For using the Cross Resource References, as I mentioned above, you need to add + some references to the resource configuration. But, in many cases, if in the + scraped example, the mentioned dependencies are already described you do not + have to write explicit references to resource configuration. The Cross + Resource Reference generator generates the mentioned references. + +### Validating the Cross Resource References + +As I mentioned, many references are generated from scraped metadata by an auto +reference generator. However, there are two cases where we miss generating the +references. + +The first one is related to some bugs or improvement points in the generator. +This means that the generator can handle many references in the scraped +examples and generate correctly them. But we cannot say that the ratio is %100. +For some cases, the generator cannot generate references although, they are in +the scraped example manifests. + +The second one is related to the scraped example itself. As I mentioned above, +the source of the generator is the scraped example manifest. So, it checks the +manifest and tries to generate the found cross-resource references. In some +cases, although there are other reference fields, these do not exist in the +example manifest. They can only be mentioned in schema/field documentation. + +For these types of situations, you must configure cross-resource references +explicitly. + +### Removing Auto-Generated Cross Resource References In Some Corner Cases + +In some cases, the generated references can narrow the reference pool covered by +the field. For example, X resource has an A field and Y and Z resources can be +referenced via this field. However, since the reference to Y is mentioned in the +example manifest, this reference field will only be defined over Y. In this +case, since the reference pool of the relevant field will be narrowed, it would +be more appropriate to delete this reference. For example, + +```go +resource "aws_route53_record" "www" { + zone_id = aws_route53_zone.primary.zone_id + name = "example.com" + type = "A" + + alias { + name = aws_elb.main.dns_name + zone_id = aws_elb.main.zone_id + evaluate_target_health = true + } } ``` -### Additional Sensitive Fields and Custom Connection Details +Route53 Record resource’s alias.name field has a reference. In the example, this +reference is shown by using the `aws_elb` resource. However, when we check the +field documentation, we see that this field can also be used for reference +for other resources: + +```text +Alias +Alias records support the following: + +name - (Required) DNS domain name for a CloudFront distribution, S3 bucket, ELB, +or another resource record set in this hosted zone. +``` + +### Conclusion + +As a result, mentioned scraper and example&reference generators are very useful +for making easy the test efforts. But using these functionalities, we must be +careful to avoid undesired states. + +[Dependencies]: https://crossplane.io/docs/v1.7/concepts/managed-resources.html#dependencies +[this part]: https://github.com/crossplane/upjet/blob/main/docs/configuring-a-resource.md#cross-resource-referencing +[Configuring a Resource]: https://github.com/crossplane/upjet/blob/main/docs/configuring-a-resource.md + +## Additional Sensitive Fields and Custom Connection Details Crossplane stores sensitive information of a managed resource in a Kubernetes secret, together with some additional fields that would help consumption of the resource, a.k.a. [connection details]. -In Upjet, we already handle sensitive fields that are marked as sensitive -in Terraform schema and no further action required for them. Upjet will -properly hide these fields from CRD spec and status by converting to a secret -reference or storing in connection details secret respectively. However, we -still have some custom configuration API that would allow including additional -fields into connection details secret no matter they are sensitive or not. +In Upjet, we already handle sensitive fields that are marked as sensitive in +Terraform schema and no further action required for them. Upjet will properly +hide these fields from CRD spec and status by converting to a secret reference +or storing in connection details secret respectively. However, we still have +some custom configuration API that would allow including additional fields into +connection details secret no matter they are sensitive or not. As an example, let's use `aws_iam_access_key`. Currently, Upjet stores all sensitive fields in Terraform schema as prefixed with `attribute.`, so without @@ -382,18 +567,18 @@ respectively. To see them with more common keys, i.e. `aws_access_key_id` and ```go func Configure(p *config.Provider) { - p.AddResourceConfigurator("aws_iam_access_key", func(r *config.Resource) { - r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) { - conn := map[string][]byte{} - if a, ok := attr["id"].(string); ok { - conn["aws_access_key_id"] = []byte(a) - } - if a, ok := attr["secret"].(string); ok { - conn["aws_secret_access_key"] = []byte(a) - } - return conn, nil - } - }) + p.AddResourceConfigurator("aws_iam_access_key", func(r *config.Resource) { + r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]any) (map[string][]byte, error) { + conn := map[string][]byte{} + if a, ok := attr["id"].(string); ok { + conn["aws_access_key_id"] = []byte(a) + } + if a, ok := attr["secret"].(string); ok { + conn["aws_secret_access_key"] = []byte(a) + } + return conn, nil + } + }) } ``` @@ -413,27 +598,27 @@ kind: Secret ### Late Initialization Configuration Late initialization configuration is only required if there are conflicting -arguments in terraform resource configuration. -Unfortunately, there is _no easy way_ to figure that out without testing the -resource, _so feel free to skip this configuration_ at the first place and -revisit _only if_ you have errors like below while testing the resource. +arguments in terraform resource configuration. Unfortunately, there is _no easy +way_ to figure that out without testing the resource, _so feel free to skip this +configuration_ at the first place and revisit _only if_ you have errors like +below while testing the resource. -``` +```text observe failed: cannot run refresh: refresh failed: Invalid combination of arguments: "address_prefix": only one of `address_prefix,address_prefixes` can be specified, but `address_prefix,address_prefixes` were specified.: File name: main.tf.json ``` -If you would like to have the late-initialization library *not* to process the +If you would like to have the late-initialization library _not_ to process the [`address_prefix`] parameter field, then the following configuration where we specify the parameter field path is sufficient: ```go func Configure(p *config.Provider) { - p.AddResourceConfigurator("azurerm_subnet", func(r *config.Resource) { - r.LateInitializer = config.LateInitializer{ - IgnoredFields: []string{"address_prefix"}, - } - }) + p.AddResourceConfigurator("azurerm_subnet", func(r *config.Resource) { + r.LateInitializer = config.LateInitializer{ + IgnoredFields: []string{"address_prefix"}, + } + }) } ``` @@ -442,19 +627,21 @@ so please consider configuring late initialization behaviour whenever you got some unexpected error starting with `observe failed:`, once you are sure that you provided all necessary parameters to your resource._ -#### Further details on Late Initialization +### Further details on Late Initialization -Upjet runtime automatically performs late-initialization during -an [`external.Observe`] call with means of runtime reflection. -State of the world observed by Terraform CLI is used to initialize -any `nil`-valued pointer parameters in the managed resource's `spec`. -In most of the cases no custom configuration should be necessary for -late-initialization to work. However, there are certain cases where -you will want/need to customize late-initialization behaviour. Thus, -Upjet provides an extensible [late-initialization customization API] -that controls late-initialization behaviour. +Upjet runtime automatically performs late-initialization during an +[`external.Observe`] call with means of runtime reflection. State of the world +observed by Terraform CLI is used to initialize any `nil`-valued pointer +parameters in the managed resource's `spec`. In most of the cases no custom +configuration should be necessary for late-initialization to work. However, +there are certain cases where you will want/need to customize +late-initialization behaviour. Thus, Upjet provides an extensible +[late-initialization customization API] that controls late-initialization +behaviour. -The associated resource struct is defined [here](https://github.com/upbound/upjet/blob/c9e21387298d8ed59fcd71c7f753ec401a3383a5/pkg/config/resource.go#L91) as follows: +The associated resource struct is defined +[here](https://github.com/crossplane/upjet/blob/c9e21387298d8ed59fcd71c7f753ec401a3383a5/pkg/config/resource.go#L91) +as follows: ```go // LateInitializer represents configurations that control @@ -466,11 +653,11 @@ type LateInitializer struct { } ``` -Currently, it only involves a configuration option to specify -certain `spec` parameters to be ignored during late-initialization. -Each element of the `LateInitializer.IgnoredFields` slice represents -the canonical path relative to the parameters struct for the managed resource's `Spec` -using `Go` type names as path elements. As an example, with the following type definitions: +Currently, it only involves a configuration option to specify certain `spec` +parameters to be ignored during late-initialization. Each element of the +`LateInitializer.IgnoredFields` slice represents the canonical path relative to +the parameters struct for the managed resource's `Spec` using `Go` type names as +path elements. As an example, with the following type definitions: ```go type Subnet struct { @@ -501,8 +688,8 @@ type SubnetParameters struct { ``` In most cases, custom late-initialization configuration will not be necessary. -However, after generating a new managed resource and observing its behaviour -(at runtime), it may turn out that late-initialization behaviour needs +However, after generating a new managed resource and observing its behaviour (at +runtime), it may turn out that late-initialization behaviour needs customization. For certain resources like the `provider-tf-azure`'s `PostgresqlServer` resource, we have observed that Terraform state contains values for mutually exclusive parameters, e.g., for `PostgresqlServer`, both @@ -516,17 +703,17 @@ message in its `status.conditions`, we do the `LateInitializer.IgnoreFields` custom configuration detailed above to skip one of the mutually exclusive fields during late-initialization. -### Overriding Terraform Resource Schema +## Overriding Terraform Resource Schema Upjet generates Crossplane resource schemas (CR spec/status) using the -[Terraform schema of the resource]. As of today, Upjet leverages the -following attributes in the schema: +[Terraform schema of the resource]. As of today, Upjet leverages the following +attributes in the schema: - [Type] and [Elem] to identify the type of the field. - [Sensitive] to see if we need to keep it in a Secret instead of CR. - [Description] to add as a description to the field in CRD. - [Optional] and [Computed] to identify whether the fields go under spec or -status: + status: - Not Optional & Not Computed => Spec (required) - Optional & Not Computed => Spec (optional) - Optional & Computed => Spec (optional, to be late-initialized) @@ -537,12 +724,12 @@ resource schema just works as is. However, there could be some rare edge cases like: - Field contains sensitive information but not marked as `Sensitive` or vice -versa. -- An attribute does not make sense to have in CRD schema, like -[tags_all for jet AWS resources]. -- Moving parameters from Terraform provider config to resources schema to -fit Crossplane model, e.g. [AWS region] parameter is part of provider config -in Terraform but Crossplane expects it in CR spec. + versa. +- An attribute does not make sense to have in CRD schema, like [tags_all for jet + AWS resources]. +- Moving parameters from Terraform provider config to resources schema to fit + Crossplane model, e.g. [AWS region] parameter is part of provider config in + Terraform but Crossplane expects it in CR spec. Schema of a resource could be overridden as follows: @@ -560,90 +747,98 @@ p.AddResourceConfigurator("aws_autoscaling_group", func(r *config.Resource) { }) ``` -### Initializers +## Initializers -Initializers involve the operations that run before beginning of reconciliation. This configuration option will -provide that setting initializers for per resource. +Initializers involve the operations that run before beginning of reconciliation. +This configuration option will provide that setting initializers for per +resource. -Many resources in aws have `tags` field in their schema. Also, in Crossplane there is a [tagging convention]. -To implement the tagging convention for jet-aws provider, this initializer configuration support was provided. +Many resources in aws have `tags` field in their schema. Also, in Crossplane +there is a [tagging convention]. To implement the tagging convention for jet-aws +provider, this initializer configuration support was provided. There is a common struct (`Tagger`) in upjet to use the tagging convention: ```go // Tagger implements the Initialize function to set external tags type Tagger struct { - kube client.Client - fieldName string + kube client.Client + fieldName string } // NewTagger returns a Tagger object. func NewTagger(kube client.Client, fieldName string) *Tagger { - return &Tagger{kube: kube, fieldName: fieldName} + return &Tagger{kube: kube, fieldName: fieldName} } // Initialize is a custom initializer for setting external tags func (t *Tagger) Initialize(ctx context.Context, mg xpresource.Managed) error { - paved, err := fieldpath.PaveObject(mg) - if err != nil { - return err - } - pavedByte, err := setExternalTagsWithPaved(xpresource.GetExternalTags(mg), paved, t.fieldName) - if err != nil { - return err - } - if err := json.Unmarshal(pavedByte, mg); err != nil { - return err - } - if err := t.kube.Update(ctx, mg); err != nil { - return err - } - return nil + paved, err := fieldpath.PaveObject(mg) + if err != nil { + return err + } + pavedByte, err := setExternalTagsWithPaved(xpresource.GetExternalTags(mg), paved, t.fieldName) + if err != nil { + return err + } + if err := json.Unmarshal(pavedByte, mg); err != nil { + return err + } + if err := t.kube.Update(ctx, mg); err != nil { + return err + } + return nil } ``` -As seen above, the `Tagger` struct accepts a `fieldName`. This `fieldName` specifies which value of field to set in the -resource's spec. You can use the common `Initializer` by specifying the field name that points to the external tags -in the configured resource. +As seen above, the `Tagger` struct accepts a `fieldName`. This `fieldName` +specifies which value of field to set in the resource's spec. You can use the +common `Initializer` by specifying the field name that points to the external +tags in the configured resource. -There is also a default initializer for tagging convention, `TagInitializer`. It sets the value of `fieldName` to `tags` -as default: +There is also a default initializer for tagging convention, `TagInitializer`. It +sets the value of `fieldName` to `tags` as default: ```go // TagInitializer returns a tagger to use default tag initializer. var TagInitializer NewInitializerFn = func(client client.Client) managed.Initializer { - return NewTagger(client, "tags") + return NewTagger(client, "tags") } ``` -In jet-aws provider, as a default process, if a resource has `tags` field in its schema, then the default initializer -(`TagInitializer`) is added to Initializer list of resource: +In jet-aws provider, as a default process, if a resource has `tags` field in its +schema, then the default initializer (`TagInitializer`) is added to Initializer +list of resource: ```go // AddExternalTagsField adds ExternalTagsFieldName configuration for resources that have tags field. func AddExternalTagsField() tjconfig.ResourceOption { - return func(r *tjconfig.Resource) { - if s, ok := r.TerraformResource.Schema["tags"]; ok && s.Type == schema.TypeMap { - r.InitializerFns = append(r.InitializerFns, tjconfig.TagInitializer) - } - } + return func(r *tjconfig.Resource) { + if s, ok := r.TerraformResource.Schema["tags"]; ok && s.Type == schema.TypeMap { + r.InitializerFns = append(r.InitializerFns, tjconfig.TagInitializer) + } + } } ``` -However, if the field name that used for the external label is different from the `tags`, the `NewTagger` function can be -called and the specific `fieldName` can be passed to this: +However, if the field name that used for the external label is different from +the `tags`, the `NewTagger` function can be called and the specific `fieldName` +can be passed to this: ```go r.InitializerFns = append(r.InitializerFns, func(client client.Client) managed.Initializer { - return tjconfig.NewTagger(client, "example_tags_name") + return tjconfig.NewTagger(client, "example_tags_name") }) ``` -If the above tagging convention logic does not work for you, and you want to use this configuration option for a reason -other than tagging convention (for another custom initializer operation), you need to write your own struct in provider -and have this struct implement the `Initializer` function with a custom logic. +If the above tagging convention logic does not work for you, and you want to use +this configuration option for a reason other than tagging convention (for +another custom initializer operation), you need to write your own struct in +provider and have this struct implement the `Initializer` function with a custom +logic. -This configuration option is set by using the [InitializerFns] field that is a list of [NewInitializerFn]: +This configuration option is set by using the [InitializerFns] field that is a +list of [NewInitializerFn]: ```go // NewInitializerFn returns the Initializer with a client. @@ -654,49 +849,46 @@ Initializer is an interface in [crossplane-runtime]: ```go type Initializer interface { - Initialize(ctx context.Context, mg resource.Managed) error + Initialize(ctx context.Context, mg resource.Managed) error } ``` -So, an interface must be passed to the related configuration field for adding initializers for a resource. - -[comment]: <> (References) +So, an interface must be passed to the related configuration field for adding +initializers for a resource. -[Upjet]: https://github.com/upbound/upjet +[Upjet]: https://github.com/crossplane/upjet [External name]: #external-name [Cross Resource Referencing]: #cross-resource-referencing [Additional Sensitive Fields and Custom Connection Details]: #additional-sensitive-fields-and-custom-connection-details [Late Initialization Behavior]: #late-initialization-configuration [Overriding Terraform Resource Schema]: #overriding-terraform-resource-schema -[the external name documentation]: https://crossplane.io/docs/v1.7/concepts/managed-resources.html#external-name -[concept to identify a resource]: https://www.terraform.io/docs/glossary#id +[the external name documentation]: https://docs.crossplane.io/master/concepts/managed-resources/#naming-external-resources [import section]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key#import -[the types for the External Name configuration]: https://github.com/upbound/upjet/blob/2299925ea2541e6a8088ede463cd865bd64eba32/pkg/config/resource.go#L67 +[the types for the External Name configuration]: https://github.com/crossplane/upjet/blob/main/pkg/config/resource.go#L68 [aws_iam_user]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user -[NameAsIdentifier]: https://github.com/upbound/upjet/blob/2299925ea2541e6a8088ede463cd865bd64eba32/pkg/config/defaults.go#L31 +[NameAsIdentifier]: https://github.com/crossplane/upjet/blob/main/pkg/config/externalname.go#L28 [aws_s3_bucket]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket [import section of s3 bucket]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#import [bucket]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#bucket [cluster_identifier]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#cluster_identifier [aws_rds_cluster]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster. -[aws_vpc]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc [import section of aws_vpc]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#import [arguments list]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#argument-reference [example usages]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc#example-usage -[IdentifierFromProvider]: https://github.com/upbound/upjet/blob/2299925ea2541e6a8088ede463cd865bd64eba32/pkg/config/defaults.go#L46 +[IdentifierFromProvider]: https://github.com/crossplane/upjet/blob/main/config/externalname.go#L42 [a similar identifier]: https://www.terraform.io/docs/glossary#id [import section of azurerm_sql_server]: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server#import -[handle dependencies]: https://crossplane.io/docs/v1.7/concepts/managed-resources.html#dependencies +[handle dependencies]: https://docs.crossplane.io/master/concepts/managed-resources/#referencing-other-resources [user]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key#user [generate reference resolution methods]: https://github.com/crossplane/crossplane-tools/pull/35 -[configuration]: https://github.com/upbound/upjet/blob/874bb6ad5cff9741241fb790a3a5d71166900860/pkg/config/resource.go#L77 +[configuration]: https://github.com/crossplane/upjet/blob/main/pkg/config/resource.go#L123 [iam_access_key]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key#argument-reference [kms key]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume#kms_key_id -[connection details]: https://crossplane.io/docs/v1.7/concepts/managed-resources.html#connection-details +[connection details]: https://docs.crossplane.io/master/concepts/managed-resources/#writeconnectionsecrettoref [id]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key#id [secret]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key#secret -[`external.Observe`]: https://github.com/upbound/upjet/blob/874bb6ad5cff9741241fb790a3a5d71166900860/pkg/controller/external.go#L149 -[late-initialization customization API]: https://github.com/upbound/upjet/blob/874bb6ad5cff9741241fb790a3a5d71166900860/pkg/resource/lateinit.go#L86 +[`external.Observe`]: https://github.com/crossplane/upjet/blob/main/pkg/controller/external.go#L175 +[late-initialization customization API]: https://github.com/crossplane/upjet/blob/main/pkg/resource/lateinit.go#L45 [`address_prefix`]: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet#address_prefix [Terraform schema of the resource]: https://github.com/hashicorp/terraform-plugin-sdk/blob/e3325b095ef501cf551f7935254ce942c44c1af0/helper/schema/schema.go#L34 [Type]: https://github.com/hashicorp/terraform-plugin-sdk/blob/e3325b095ef501cf551f7935254ce942c44c1af0/helper/schema/schema.go#L52 @@ -706,12 +898,10 @@ So, an interface must be passed to the related configuration field for adding in [Optional]: https://github.com/hashicorp/terraform-plugin-sdk/blob/e3325b095ef501cf551f7935254ce942c44c1af0/helper/schema/schema.go#L80 [Computed]: https://github.com/hashicorp/terraform-plugin-sdk/blob/e3325b095ef501cf551f7935254ce942c44c1af0/helper/schema/schema.go#L139 [tags_all for jet AWS resources]: https://github.com/upbound/provider-aws/blob/main/config/overrides.go#L62 -[boot_disk.initialize_params.labels]: https://github.com/upbound/provider-gcp/blob/main/config/compute/config.go#L121 [AWS region]: https://github.com/upbound/provider-aws/blob/main/config/overrides.go#L32 -[this figure]: images/upjet-externalname.png +[this figure]: ../images/upjet-externalname.png [Initializers]: #initializers -[InitializerFns]: https://github.com/upbound/upjet/blob/ae78a0a4c438f01717002e00fac761524aa6e951/pkg/config/resource.go#L289 -[NewInitializerFn]: https://github.com/upbound/upjet/blob/ae78a0a4c438f01717002e00fac761524aa6e951/pkg/config/resource.go#L207 +[InitializerFns]: https://github.com/crossplane/upjet/blob/main/pkg/config/resource.go#L297 +[NewInitializerFn]: https://github.com/crossplane/upjet/blob/main/pkg/config/resource.go#L210 [crossplane-runtime]: https://github.com/crossplane/crossplane-runtime/blob/428b7c3903756bb0dcf5330f40298e1fa0c34301/pkg/reconciler/managed/reconciler.go#L138 -[some external labels]: https://github.com/crossplane/crossplane-runtime/blob/428b7c3903756bb0dcf5330f40298e1fa0c34301/pkg/resource/resource.go#L397 [tagging convention]: https://github.com/crossplane/crossplane/blob/60c7df9/design/one-pager-managed-resource-api-design.md#external-resource-labeling diff --git a/docs/design-doc-provider-identity-based-auth.md b/docs/design-doc-provider-identity-based-auth.md index 80c98f0f..9c3080c7 100644 --- a/docs/design-doc-provider-identity-based-auth.md +++ b/docs/design-doc-provider-identity-based-auth.md @@ -1,10 +1,17 @@ + + # Identity Based Authentication for Crossplane Providers -* Owner: Alper Rifat Uluçınar (@ulucinar) -* Reviewers: Crossplane Maintainers -* Status: Draft +- Owner: Alper Rifat Uluçınar (@ulucinar) +- Reviewers: Crossplane Maintainers +- Status: Draft ## Background + Crossplane providers need to authenticate themselves to their respective Cloud providers. This establishes an identity for the Crossplane provider that's later used by the Cloud provider to authorize the requests made by the Crossplane @@ -13,94 +20,104 @@ Crossplane provider supports a subset of the underlying Cloud provider's authentication mechanisms and this subset is currently implemented in-tree, i.e., in the Crossplane provider's repo, there exists a CRD that's conventionally named as `ProviderConfig` and each managed resource of the -provider has a [v1.Reference](https://docs.crossplane.io/v1.12/concepts/managed-resources/#providerconfigref) to a `ProviderConfig` CR. This -`ProviderConfig` holds the authentication configuration (chosen authentication method, -any required credentials for that method, etc.) together with any other provider -specific configuration. Different authentication methods and/or different sets -of credentials can be configured using separate cluster-scoped `ProviderConfig` -CRs and by having different managed resources refer to these `ProviderConfig` -instances. +provider has a +[v1.Reference](https://docs.crossplane.io/v1.12/concepts/managed-resources/#providerconfigref) +to a `ProviderConfig` CR. This `ProviderConfig` holds the authentication +configuration (chosen authentication method, any required credentials for that +method, etc.) together with any other provider specific configuration. Different +authentication methods and/or different sets of credentials can be configured +using separate cluster-scoped `ProviderConfig` CRs and by having different +managed resources refer to these `ProviderConfig` instances. The Crossplane provider establishes an identity for the requests it will issue -to the Cloud provider in the [managed.ExternalConnecter](https://pkg.go.dev/github.com/crossplane/crossplane-runtime@v0.19.2/pkg/reconciler/managed#ExternalConnecter)'s `Connect` -implementation. This involves calling the associated authentication functions from -the Cloud SDK libraries (such as the [AWS SDK for Go][aws-sdk] or the [Azure -SDK for Go][azure-sdk]) with the supplied configuration and credentials from the -referenced `ProviderConfig` instance. - -Managed resources and `ProviderConfig`s are cluster-scoped, i.e., they do not exist within a -Kubernetes namespace but rather exist at the global (cluster) scope. This does -not fit well into a namespace-based multi-tenancy model, where each tenant is -confined to its own namespace. The cluster scope is shared between all -namespaces. In the namespace-based multi-tenancy model, the common approach is -to have Role-Based Access Control ([RBAC]) rules that disallow a tenant from -accessing API resources that do not reside in its namespace. Another dimension -to consider here is that all namespaced tenants are serviced by a shared -Crossplane provider deployment typically running in the `crossplane-system` -namespace. This shared provider instance (or more precisely, the [Kubernetes -ServiceAccount][k8s-sa] that the provider's pod uses) is allowed, via RBAC, to `get` the (cluster-scoped) -`ProviderConfig` resources. If tenant `subjects` (groups, users, -ServiceAccounts) are allowed to directly `create` managed resources, then we cannot -constrain them from referring to any `ProviderConfig` (thus to any Cloud -provider credential set) in the cluster solely using RBAC. This is because: +to the Cloud provider in the +[managed.ExternalConnecter](https://pkg.go.dev/github.com/crossplane/crossplane-runtime@v0.19.2/pkg/reconciler/managed#ExternalConnecter)'s +`Connect` implementation. This involves calling the associated authentication +functions from the Cloud SDK libraries (such as the [AWS SDK for Go][aws-sdk] or +the [Azure SDK for Go][azure-sdk]) with the supplied configuration and +credentials from the referenced `ProviderConfig` instance. + +Managed resources and `ProviderConfig`s are cluster-scoped, i.e., they do not +exist within a Kubernetes namespace but rather exist at the global (cluster) +scope. This does not fit well into a namespace-based multi-tenancy model, where +each tenant is confined to its own namespace. The cluster scope is shared +between all namespaces. In the namespace-based multi-tenancy model, the common +approach is to have Role-Based Access Control ([RBAC]) rules that disallow a +tenant from accessing API resources that do not reside in its namespace. Another +dimension to consider here is that all namespaced tenants are serviced by a +shared Crossplane provider deployment typically running in the +`crossplane-system` namespace. This shared provider instance (or more precisely, +the [Kubernetes ServiceAccount][k8s-sa] that the provider's pod uses) is +allowed, via RBAC, to `get` the (cluster-scoped) `ProviderConfig` resources. If +tenant `subjects` (groups, users, ServiceAccounts) are allowed to directly +`create` managed resources, then we cannot constrain them from referring to any +`ProviderConfig` (thus to any Cloud provider credential set) in the cluster +solely using RBAC. This is because: + 1. RBAC rules allow designated verbs (`get`, `list`, `create`, `update`, etc.) on the specified API resources for the specified subjects. If a subject, e.g., a `ServiceAccount`, is allowed to `create` a managed resource, RBAC alone cannot be used to constrain the set of `ProviderConfig`s that can be referenced by the `create`d managed resource. -1. The tenant subject itself does not directly access the `ProviderConfig` and in turn - the Cloud provider credential set referred by the `ProviderConfig`. It's the - Crossplane provider's `ServiceAccount` that accesses these resources, and as - mentioned above, this ServiceAccount currently serves all tenants. This - implies that we cannot isolate Cloud provider credentials among namespaced - tenants by only using RBAC rules if we allow tenant subjects to have `edit` - access (`create`, `update`, `patch`) to managed resources. Although it's - possible to prevent them from reading Cloud provider credentials of other - tenants in the cluster via RBAC rules, it's not possible to prevent them from - _using_ those credentials solely with RBAC. - -As discussed in detail in the [Crossplane Multi-tenancy Guide](https://docs.crossplane.io/knowledge-base/guides/multi-tenant/), -Crossplane is opinionated about the different personas in an organization adopting -Crossplane. We make a distinction between the _infrastructure operators_ (or -_platform builders_) who are expected to manage cluster-scoped resources (like -`ProviderConfig`s, XRDs and `Composition`s) and _application operators_, who are -expected to consume the infrastructure for their applications. And tenant -subjects are classified as _application operators_, i.e., it's the -infrastructure operator's responsibility to manage the infrastructure _across_ -the tenants via cluster-scoped Crossplane resources, and it's possible and -desirable from an isolation perspective to disallow application operators, who -are tenant subjects, to directly access these shared cluster-scoped resources. -This distinction is currently possible with Crossplane because: +1. The tenant subject itself does not directly access the `ProviderConfig` and + in turn the Cloud provider credential set referred by the `ProviderConfig`. + It's the Crossplane provider's `ServiceAccount` that accesses these + resources, and as mentioned above, this ServiceAccount currently serves all + tenants. This implies that we cannot isolate Cloud provider credentials among + namespaced tenants by only using RBAC rules if we allow tenant subjects to + have `edit` access (`create`, `update`, `patch`) to managed resources. + Although it's possible to prevent them from reading Cloud provider + credentials of other tenants in the cluster via RBAC rules, it's not possible + to prevent them from _using_ those credentials solely with RBAC. + +As discussed in detail in the +[Crossplane Multi-tenancy Guide](https://docs.crossplane.io/knowledge-base/guides/multi-tenant/), +Crossplane is opinionated about the different personas in an organization +adopting Crossplane. We make a distinction between the _infrastructure +operators_ (or _platform builders_) who are expected to manage cluster-scoped +resources (like `ProviderConfig`s, XRDs and `Composition`s) and _application +operators_, who are expected to consume the infrastructure for their +applications. And tenant subjects are classified as _application operators_, +i.e., it's the infrastructure operator's responsibility to manage the +infrastructure _across_ the tenants via cluster-scoped Crossplane resources, and +it's possible and desirable from an isolation perspective to disallow +application operators, who are tenant subjects, to directly access these shared +cluster-scoped resources. This distinction is currently possible with Crossplane +because: + 1. Crossplane `Claim` types are defined via cluster-scoped XRDs by infrastructure operators and _namespaced_ `Claim` instances are used by the tenant subjects. This allows infrastructure operators to define RBAC rules that allow tenant subjects to only access resources in their respective namespaces, e.g., `Claim`s. 1. However, [1] is not sufficient on itself, as the scheme is still prone to - privilege escalation attacks if the API exposed by the XR is not well designed. The - (shared) provider `ServiceAccount` has access to all Cloud provider - credentials in the cluster and if the exposed XR API allows a `Claim` to - reference cross-tenant `ProviderConfig`s, then a misbehaving tenant subject - can `create` a `Claim` which references some other tenant's credential set. - Thus in our multi-tenancy [guide](https://docs.crossplane.io/knowledge-base/guides/multi-tenant/), we propose a security scheme where: - 1. The infrastructure operator follows a specific naming convention for the - `ProviderConfig`s she provisions: The `ProviderConfig`s for different - tenants are named after those tenants' namespaces. - 2. The infrastructure operator carefully designs `Composition`s that patch - `spec.providerConfigRef` of composed resources using the `Claim`'s - namespace. - 3. Tenant subjects are **not** allowed to provision managed resources directly (and also - XRDs or `Composition`s) but only `Claim`s in their namespaces. And any - `Composition` they can select with their `Claim`s will compose resources - that refer to a `ProviderConfig` provisioned for their tenant (the - `ProviderConfig` with the same name as the tenant's namespace). - 4. We also suggest that the naming conventions imposed by this scheme on - `ProviderConfig`s can be relaxed to some degree by using `Composition`'s - [patching capabilities](https://docs.crossplane.io/v1.12/concepts/composition/#compositions). For instance, a string - [transform][patch-transform] of type `Format` can be used to combine the - `Claim`'s namespace with an XR field's value to allow multiple - `ProviderConfig`s per tenant and to allow selection of the - `ProviderConfig` with the `Claim`. + privilege escalation attacks if the API exposed by the XR is not well + designed. The (shared) provider `ServiceAccount` has access to all Cloud + provider credentials in the cluster and if the exposed XR API allows a + `Claim` to reference cross-tenant `ProviderConfig`s, then a misbehaving + tenant subject can `create` a `Claim` which references some other tenant's + credential set. Thus in our multi-tenancy + [guide](https://docs.crossplane.io/knowledge-base/guides/multi-tenant/), we + propose a security scheme where: + 1. The infrastructure operator follows a specific naming convention for the + `ProviderConfig`s she provisions: The `ProviderConfig`s for different + tenants are named after those tenants' namespaces. + 2. The infrastructure operator carefully designs `Composition`s that patch + `spec.providerConfigRef` of composed resources using the `Claim`'s + namespace. + 3. Tenant subjects are **not** allowed to provision managed resources + directly (and also XRDs or `Composition`s) but only `Claim`s in their + namespaces. And any `Composition` they can select with their `Claim`s will + compose resources that refer to a `ProviderConfig` provisioned for their + tenant (the `ProviderConfig` with the same name as the tenant's + namespace). + 4. We also suggest that the naming conventions imposed by this scheme on + `ProviderConfig`s can be relaxed to some degree by using `Composition`'s + [patching capabilities](https://docs.crossplane.io/v1.12/concepts/composition/#compositions). + For instance, a string [transform][patch-transform] of type `Format` can + be used to combine the `Claim`'s namespace with an XR field's value to + allow multiple `ProviderConfig`s per tenant and to allow selection of the + `ProviderConfig` with the `Claim`. As explained above, RBAC rules can only impose restrictions on the actions (`get`, `update`, etc.) performed on the API resource endpoints but they cannot @@ -128,25 +145,24 @@ spec: kind: ClaimResourceGroup plural: claimresourcegroups versions: - - name: v1alpha1 - served: true - referenceable: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - name: - type: string - providerConfigName: - type: string - required: - - name + - name: v1alpha1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + name: + type: string + providerConfigName: + type: string + required: + - name --- - # kyverno ClusterPolicy apiVersion: kyverno.io/v1 kind: ClusterPolicy @@ -156,34 +172,34 @@ spec: validationFailureAction: enforce background: false rules: - - name: check-for-providerconfig-ref - match: - any: - - resources: - kinds: - # G/V/K for the Claim type - - example.org/v1alpha1/ClaimResourceGroup - subjects: - - kind: User - name: tenant1/user1 - validate: - message: "Only ProviderConfig names that have the prefix tenant1 are allowed for users under tenant1" - pattern: - spec: - providerConfigName: tenant1* + - name: check-for-providerconfig-ref + match: + any: + - resources: + kinds: + # G/V/K for the Claim type + - example.org/v1alpha1/ClaimResourceGroup + subjects: + - kind: User + name: tenant1/user1 + validate: + message: + "Only ProviderConfig names that have the prefix tenant1 are allowed + for users under tenant1" + pattern: + spec: + providerConfigName: tenant1* --- - # related patch in a Composition -... - patches: - - fromFieldPath: spec.providerConfigName - toFieldPath: spec.providerConfigRef.name +--- +patches: + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name ``` - - ### Limitations of Naming Convention-based or Admission Controller-based Approaches + The naming convention-based or admission controller-based approaches described above are not straightforward to configure, especially if you also consider that in addition to the RBAC configurations needed to isolate the tenants @@ -191,14 +207,14 @@ in addition to the RBAC configurations needed to isolate the tenants policies are also needed to properly isolate and fairly distribute the worker node resources and the network resources, respectively. Also due to the associated complexity, it's easy to misconfigure the cluster and difficult to -verify a given security configuration guarantees proper isolation between -the tenants. +verify a given security configuration guarantees proper isolation between the +tenants. -As an example, consider the Kyverno `ClusterPolicy` given above: -While the intent is to restrict the users under `tenant1` to using only the +As an example, consider the Kyverno `ClusterPolicy` given above: While the +intent is to restrict the users under `tenant1` to using only the `ProviderConfig`s installed for them (e.g., those with names `tenant1*`), the scheme is broken if there exists a tenant in the system with `tenant1` as a -prefix to its name, such as `tenant10`. +prefix to its name, such as `tenant10`. Organizations, especially with hard multi-tenancy requirements (i.e., with tenants assumed to be untrustworthy or actively malicious), may not prefer or @@ -208,10 +224,11 @@ components) is a shared resource itself and it requires cross-tenant privileges such as accessing cluster-wide resources and accessing each tenant's namespaced resources (especially tenant Cloud credentials). This increases the attack surface in the dimensions of: + - Logical vulnerabilities (see the above example for a misconfiguration) - Isolation vulnerabilities: For instance, controller *workqueue*s become shared - resources between the tenants. How can we ensure, for instance, that the workqueue capacity - is fairly shared between the tenants? + resources between the tenants. How can we ensure, for instance, that the + workqueue capacity is fairly shared between the tenants? - Code vulnerabilities: As an example, consider a hypothetical Crossplane provider bug in which the provider fetches another `ProviderConfig` than the one declared in the managed resource, or other credentials than the ones @@ -221,7 +238,7 @@ surface in the dimensions of: barrier. In the current Crossplane provider deployment model, when a Crossplane provider -package is installed, there can be a single *active* `ProviderRevision` +package is installed, there can be a single _active_ `ProviderRevision` associated with it, which owns (via an owner reference) the Kubernetes deployment for running the provider. This single deployment, in turn, specifies a single Kubernetes service account under which the provider runs. @@ -229,18 +246,21 @@ a single Kubernetes service account under which the provider runs. Apart from a vulnerability perspective, there are also some other limitations to this architecture, which are related to identity-based authentication. -**Note**: The [multi-tenancy guide](https://docs.crossplane.io/knowledge-base/guides/multi-tenant/) also mentions multi-cluster -multi-tenancy, where tenants are run on their respective Kubernetes clusters. -This form of multi-tenancy is out of scope in this document. - +> [!NOTE] +> The [multi-tenancy guide](https://docs.crossplane.io/knowledge-base/guides/multi-tenant/) + also mentions multi-cluster multi-tenancy, where tenants are run on their + respective Kubernetes clusters. This form of multi-tenancy is out of scope in + this document. + ### Identity-based Authentication Schemes + Various Cloud providers, such as AWS, Azure and GCP, have some means of identity-based authentication. With identity-based authentication an entity, such as a Cloud service (a database server, a Kubernetes cluster, etc.) or a workload (an executable running in a VM, a pod running in a Kubernetes cluster) is assigned a Cloud identity and further authorization checks are performed against this identity. The advantage with identity-based authentication is that -no manually provisioned credentials are required. +no manually provisioned credentials are required. The traditional way for authenticating a Crossplane provider to the Cloud provider is to first provision a Cloud identity such as an AWS IAM user or a GCP @@ -249,15 +269,16 @@ associated with that identity (such as an AWS access key or a GCP service account key or Azure client ID & secret) and then to provision a Kubernetes secret containing these credentials. Then a `ProviderConfig` refers to this Kubernetes secret. There are some undesirable consequences of this flow: + - The associated Cloud credentials are generally long-term credentials and require manual rotation. - For fine-grained access control, you need multiple identities with such - credentials to be manually managed & rotated. + credentials to be manually managed & rotated. - These generally result in reusing such credentials, which in turn prevents - fine-grained access control and promotes aggregation of privileges. + fine-grained access control and promotes aggregation of privileges. Different Cloud providers have different identity-based authentication -implementations: +implementations: **AWS**: [EKS node IAM roles][aws-eks-node-iam], or IAM roles for service accounts ([IRSA]) both allow for identity-based authentication. IRSA has @@ -269,12 +290,12 @@ introduced with Kubernetes 1.12. When enabled, `kubelet` [projects][k8s-volume-projection] a signed OIDC JWT for a pod's service account at the requested volume mount path in a container and periodically rotates the token. An AWS client can then exchange this token (issued by the API server) -with *temporary* credentials for an IAM role via the AWS Security Token Service +with _temporary_ credentials for an IAM role via the AWS Security Token Service ([STS]) [AssumeRoleWithWebIdentity] API operation. The IAM role to be associated with the Kubernetes service account can be specified via an annotation on the service account (`eks.amazonaws.com/role-arn`). As we will discuss later, this can also be used in conjunction with IAM role chaining to implement fine-grained -access control. +access control. As of this writing, `provider-aws` [supports][provider-aws-auth] `IRSA`, role chaining (via the [STS] [AssumeRole] API operation), and the [STS @@ -284,18 +305,19 @@ exhanging it with a set of temporary credentials associated with an IAM role. This set of temporary credentials consists of an access key ID, a secret access key and a security token. Also the target IAM role ARN (Amazon Resource Name) is configurable via the `provider-aws`'s `ProviderConfig` API. This allows -Crossplane users to implement a fine-grained access policy for different -tenants possibly using different AWS accounts: +Crossplane users to implement a fine-grained access policy for different tenants +possibly using different AWS accounts: + - The initial IAM role, which is the target IAM role for the `IRSA` - authentication (via the `AssumeRoleWithWebIdentity` STS API - operation) does not need privileges on the managed external resources when - role chaining is used. + authentication (via the `AssumeRoleWithWebIdentity` STS API operation) does + not need privileges on the managed external resources when role chaining is + used. - `provider-aws` then assumes another IAM role by exchanging the initial set of temporary credentials via STS role chaining. However, currently the `ProviderConfig` API does not allow chains of length greater than one, i.e., `provider-aws` can only call the STS `AssumeRole` API once in a given chain. This is currently an artificial limitation in `provider-aws` imposed by the - `ProviderConfig` API. + `ProviderConfig` API. - The target role ARN for the initial IRSA `AssumeRoleWithWebIdentity` operation is configurable via the `ProviderConfig` API. Thus, if a proper cross-AWS account trust policy exists between the EKS cluster's OIDC provider and a @@ -341,42 +363,41 @@ user-assigned managed identity can be provisioned and assigned to the service instance. Similar to AWS IRSA, Azure has also introduced [Azure AD workload identities][azure-wi], which work in a similar way to IRSA: -| | -| :-: | -| drawing | +| | +| :--------------------------------------------------: | +| drawing | | Azure AD Workload Identities (reproduced from [[1]]) | In Azure AD workload identities, similar to IRSA, a Kubernetes service account is associated with an Azure AD application client ID via the -`azure.workload.identity/client-id` annotation on the service account object. +`azure.workload.identity/client-id` annotation on the service account object. As of this writing, none of `provider-azure` or `provider-jet-azure` supports Azure workload identities. Terraform native `azurerm` provider itself currently -does *not* support workload identities, thus there are technical challenges if +does _not_ support workload identities, thus there are technical challenges if we would like to introduce support for workload identities in `provider-jet-azure`. However, using lower level APIs (then the [Azure Identity SDK for Go][azidentity]), it should be possible to [implement][azure-329] -workload identities for `provider-azure`. +workload identities for `provider-azure`. Both `provider-azure` and `provider-jet-azure` support system-assigned and user-assigned managed identitites as an alternate form of identity-based authentication (with `provider-azure` support being introduced by this [PR][azure-330]). -Using system-assigned managed identities, it's *not* possible to implement an +Using system-assigned managed identities, it's _not_ possible to implement an isolation between tenants (see the discussion above for `provider-aws`) by using separate Azure AD (AAD) applications (service principals) for them, because the system-assigned managed identity is shared between those tenants and currently -it's not possible to switch identities within the Crossplane Azure providers*. +it's not possible to switch identities within the Crossplane Azure providers\*. However, using user-assigned managed identities and per-tenant `ProviderConfig`s as discussed above in the context of single-cluster multi-tenancy, it's possible to implement fine-grained access control for tenants again with the same -limitations mentioned there. - -*: Whether there exists an Azure service (similar to the [STS] of AWS) that allows -us to exchange credentials of an AAD application with (temporary) credentials of -another AAD application needs further investigation. +limitations mentioned there. +\*: Whether there exists an Azure service (similar to the [STS] of AWS) that +allows us to exchange credentials of an AAD application with (temporary) +credentials of another AAD application needs further investigation. **GCP**: GCP also [recommends][gcp-wi] workload identities for assigning identities to workloads running in GKE clusters. With GKE workload identities, a @@ -405,17 +426,18 @@ organizational requirements around least-privilege and fine-grained access control, and they have isolated their tenants sharing the same Crossplane control-plane using the single-cluster multi-tenancy techniques described above. However, currently lacking similar semantics for "role chaining", to the best of -our knowledge, users of AKS and GKE workload identities cannot implement -similar fine-grained access control scenarios because the Crossplane provider is -running as a single Kubernetes deployment, which in turn is associated with a -single Kubernetes service account. And for `provider-aws` users who would like -to have more strict tenant isolation, we need more flexibility in the Crossplane +our knowledge, users of AKS and GKE workload identities cannot implement similar +fine-grained access control scenarios because the Crossplane provider is running +as a single Kubernetes deployment, which in turn is associated with a single +Kubernetes service account. And for `provider-aws` users who would like to have +more strict tenant isolation, we need more flexibility in the Crossplane deployment model. ## Decoupling Crossplane Provider Deployment + Flexibility in Crossplane provider deployment has been discussed especially in [[2]] and [[3]]. [[2]] proposes a provider partitioning scheme on -`ProviderConfig`s and [[3]] calls for a *Provider Runtime Interface* for +`ProviderConfig`s and [[3]] calls for a _Provider Runtime Interface_ for decoupling the runtime aspects of a provider (where & how a provider is deployed & run) from the core Crossplane package manager. We can combine these two approaches to have an extensible, flexible and future-proof deployment model for @@ -434,7 +456,7 @@ spec: ... runtimeConfigs: - name: deploy-1 - runtime: + runtime: apiVersion: runtime.crossplane.io/v1alpha1 kind: KubernetesDeployment spec: @@ -469,7 +491,7 @@ directly manage a Kubernetes deployment for the active revision. Instead it would provision, for the active revision, a number of Kubernetes resources corresponding to each runtime configuration specified in the `runtimeConfigs` array. For the above example, the `PackageRevision` controller would provision -two `KubernetesDeployment` and one `DockerContainer` *runtime configuration* +two `KubernetesDeployment` and one `DockerContainer` _runtime configuration_ resources for the active revision. An example `KubernetesDeployment` object provisioned by the `PackageRevision` controller could look like the following: @@ -479,11 +501,11 @@ kind: KubernetesDeployment metadata: name: deploy-1 ownerReferences: - - apiVersion: pkg.crossplane.io/v1 - controller: true - kind: ProviderRevision - name: crossplane-provider-azure-91818efefdbe - uid: 3a58c719-019f-43eb-b338-d6116e299974 + - apiVersion: pkg.crossplane.io/v1 + controller: true + kind: ProviderRevision + name: crossplane-provider-azure-91818efefdbe + uid: 3a58c719-019f-43eb-b338-d6116e299974 spec: crossplaneProvider: crossplane/provider-azure-controller:v0.19.0 # ControllerConfig reference that defines the corresponding Kubernetes deployment @@ -495,24 +517,22 @@ As an alternative, in order to deprecate the `ControllerConfig` API, the `KubernetesDeployment` could also be defined as follows: ```yaml -... - runtimeConfigs: +--- +runtimeConfigs: - name: deploy-1 - runtime: + runtime: apiVersion: runtime.crossplane.io/v1alpha1 kind: KubernetesDeployment spec: template: # metadata that defines the corresponding Kubernetes deployment's metadata - metadata: - ... + metadata: ... # spec that defines the corresponding Kubernetes deployment's spec - spec: - ... + spec: ... ``` This scheme makes the runtime implementation pluggable, i.e., in different -environments we can have different *provider runtime configuration* contollers +environments we can have different _provider runtime configuration_ contollers running (as Kubernetes controllers) with different capabilities. For instance, the existing deployment implementation embedded into the `PackageRevision` controller can still be shipped with the core Crossplane with a corresponding @@ -520,52 +540,43 @@ runtime configuration object. But another runtime configuration controller, which is also based on Kubernetes deployments, can implement advanced isolation semantics. - [1]: https://azure.github.io/azure-workload-identity/docs/introduction.html [2]: https://github.com/crossplane/crossplane/issues/2411 [3]: https://github.com/crossplane/crossplane/issues/2671 - - -[v1.Reference]: TODO -[managed.ExternalConnecter]: TODO [aws-sdk]: https://github.com/aws/aws-sdk-go-v2 [azure-sdk]: https://github.com/Azure/azure-sdk-for-go [RBAC]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/ [k8s-sa]: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -[xp-mt]: https://docs.crossplane.io/knowledge-base/guides/multi-tenant/ -[xp-2093]: https://github.com/crossplane/crossplane/pull/2093 -[ref-compositions]: https://docs.crossplane.io/v1.12/concepts/composition/#compositions + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ [patch-transform]: - https://github.com/crossplane/crossplane/blob/6c1b06507db47801c7a1c7d91704783e8d13856f/apis/apiextensions/v1/composition_transforms.go#L64 + https://github.com/crossplane/crossplane/blob/6c1b06507db47801c7a1c7d91704783e8d13856f/apis/apiextensions/v1/composition_transforms.go#L64 [kyverno]: https://kyverno.io/ [kyverno-policy]: https://kyverno.io/docs/kyverno-policies/ [aws-eks-node-iam]: - https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html + https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html [IRSA]: - https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html [kiam]: https://github.com/uswitch/kiam [kube2iam]: https://github.com/jtblin/kube2iam -[provider-aws-auth]: https://github.com/crossplane/provider-aws/blob/36299026cd9435c260ad13b32223d2e5fef3c443/AUTHENTICATION.md +[provider-aws-auth]: + https://github.com/crossplane/provider-aws/blob/36299026cd9435c260ad13b32223d2e5fef3c443/AUTHENTICATION.md [provider-aws-irsa]: - https://github.com/crossplane/provider-aws/blob/36299026cd9435c260ad13b32223d2e5fef3c443/AUTHENTICATION.md#using-iam-roles-for-serviceaccounts + https://github.com/crossplane/provider-aws/blob/36299026cd9435c260ad13b32223d2e5fef3c443/AUTHENTICATION.md#using-iam-roles-for-serviceaccounts [k8s-sa-projection]: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection [azure-msi]: - https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview + https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview [azure-wi]: - https://azure.github.io/azure-workload-identity/docs/introduction.html + https://azure.github.io/azure-workload-identity/docs/introduction.html [k8s-volume-projection]: - https://kubernetes.io/docs/concepts/storage/projected-volumes/ + https://kubernetes.io/docs/concepts/storage/projected-volumes/ [STS]: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html [AssumeRoleWithWebIdentity]: - https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html + https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html [AssumeRole]: - https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html + https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html [gcp-wi]: - https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity + https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity [azidentity]: https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity [azure-329]: https://github.com/crossplane/provider-azure/issues/329 [azure-330]: https://github.com/crossplane/provider-azure/pull/330 - -[hnc]: https://github.com/kubernetes-sigs/hierarchical-namespaces \ No newline at end of file diff --git a/docs/generating-a-provider.md b/docs/generating-a-provider.md index 035ebe8e..f5a91da3 100644 --- a/docs/generating-a-provider.md +++ b/docs/generating-a-provider.md @@ -1,210 +1,229 @@ -# Generating a Crossplane Provider + +# Generating a Crossplane provider -We have chosen [Terraform GitHub provider] as an example, but the process will -be quite similar for any other Terraform provider. We will use `myorg` as the -example organization name to be used. +This guide shows you how to generate a Crossplane provider based on an existing +Terraform provider using Upjet. The guide uses the [Terraform GitHub provider] +as the example, but the process is similar for any other Terraform provider. -## Generate +## Prepare your new provider repository -1. Generate a GitHub repository for the Crossplane provider by hitting the - "**Use this template**" button in [upjet-provider-template] repository. The preferred repository name is `provider-` (e.g. `provider-github`), which is assumed by the `./hack/prepare.sh` script in step 3. -2. Clone the repository to your local and `cd` into the repository directory. - Fetch the [upbound/build] submodule by running the following: +1. Create a new GitHub repository for the Crossplane provider by clicking the +"**Use this template**" button in the [upjet-provider-template] repository. The +expected repository name is in the format `provider-`. For example, +`provider-github`. The script in step 3 expects this format and fails if you +follow a different naming convention. +1. Clone the repository to your local environment and `cd` into the repository +directory. +1. Fetch the [upbound/build] submodule by running the following +command: ```bash make submodules ``` -3. Replace `template` with your provider name. +1. To setup your provider name and group run the `./hack/prepare.sh` +script from the repository root to prepare the code. - 1. Run the `./hack/prepare.sh` script from repo root to prepare the repo, e.g., to - replace all occurrences of `template` with your provider name and `upbound` - with your organization name: - - ```bash - ./hack/prepare.sh - ``` - -4. To configure the Terraform provider to generate from, update the following - variables in `Makefile`: - - ```makefile - export TERRAFORM_PROVIDER_SOURCE := integrations/github - export TERRAFORM_PROVIDER_REPO := https://github.com/integrations/terraform-provider-github - export TERRAFORM_PROVIDER_VERSION := 5.5.0 - export TERRAFORM_PROVIDER_DOWNLOAD_NAME := terraform-provider-github - export TERRAFORM_NATIVE_PROVIDER_BINARY := terraform-provider-github_v5.5.0_x5 - export TERRAFORM_DOCS_PATH := website/docs/r + ```bash + ./hack/prepare.sh ``` - - TERRAFORM_PROVIDER_SOURCE: You can find this variable in [Terraform GitHub provider] documentation by hitting the "**USE PROVIDER**" button. - - TERRAFORM_PROVIDER_REPO: You can find this variable in [Terraform GitHub provider] documentation by clicking the "**Report an issue**" link. - - TERRAFORM_PROVIDER_VERSION: You can find this variable in [Terraform GitHub provider] documentation by hitting the "**USE PROVIDER**" button. - - TERRAFORM_PROVIDER_DOWNLOAD_NAME: terraform-provider-. - - TERRAFORM_NATIVE_PROVIDER_BINARY: terraform-provider-github_v_x5 - - TERRAFORM_DOCS_PATH: You can find this by going to the terraform provider repository => click `website` => click `docs` => click `resources`(where resource documentation is stored). - - Check [this line in controller Dockerfile] to see how `TERRAFORM_PROVIDER_SOURCE` and `TERRAFORM_PROVIDER_VERSION` are used to build the provider plugin binary. - - Please make sure your organization name in `PROJECT_REPO` is correct. - -5. Implement `ProviderConfig` logic. In `upjet-provider-template`, there is already - a boilerplate code in file `internal/clients/github.go` which - takes care of properly fetching secret data referenced from `ProviderConfig` - resource. +1. Ensure your organization name is correct in the `Makefile` for the + `PROJECT_REPO` variable. +1. To configure which Terraform provider to generate from, update the following +variables in the `Makefile`: + + | Variable | Description | + | -------- | ----------- | + | `TERRAFORM_PROVIDER_SOURCE` | Find this variable on the Terraform registry for the provider. You can see the source value when clicking on the "`USE PROVIDER`" dropdown button in the navigation. | + |`TERRAFORM_PROVIDER_REPO` | The URL to the repository that hosts the provider's code. | + | `TERRAFORM_PROVIDER_VERSION` | Find this variable on the Terraform registry for the provider. You can see the source value when clicking on the "`USE PROVIDER`" dropdown button in the navigation. | + |`TERRAFORM_PROVIDER_DOWNLOAD_NAME` | The name of the provider in the [Terraform registry](https://releases.hashicorp.com/) | + |`TERRAFORM_NATIVE_PROVIDER_BINARY` | The name of the binary in the Terraform provider. This follows the pattern `terraform-provider-{provider name}_v{provider version}`. | + |`TERRAFORM_DOCS_PATH` | The relative path, from the root of the repository, where the provider resource documentation exist. | + + For example, for the [Terraform GitHub provider], the variables are: + + ```makefile + export TERRAFORM_PROVIDER_SOURCE := integrations/github + export TERRAFORM_PROVIDER_REPO := https://github.com/integrations/terraform-provider-github + export TERRAFORM_PROVIDER_VERSION := 5.32.0 + export TERRAFORM_PROVIDER_DOWNLOAD_NAME := terraform-provider-github + export TERRAFORM_NATIVE_PROVIDER_BINARY := terraform-provider-github_v5.32.0 + export TERRAFORM_DOCS_PATH := website/docs/r + ``` + + Refer to [the Dockerfile](https://github.com/crossplane/upjet-provider-template/blob/main/cluster/images/upjet-provider-template/Dockerfile) to see the variables called when building the provider. + +## Configure the provider resources + +1. First you need to add the `ProviderConfig` logic. + - In `upjet-provider-template`, there is + already boilerplate code in the file `internal/clients/github.go` which takes + care of fetching secret data referenced from the `ProviderConfig` resource. + - Reference the [Terraform Github provider] documentation for information on + authentication and provide the necessary keys.: + + ```go + const ( + ... + keyBaseURL = "base_url" + keyOwner = "owner" + keyToken = "token" + ) + ``` - For our GitHub provider, we need to check [Terraform documentation for provider - configuration] and provide the keys there: + ```go + func TerraformSetupBuilder(version, providerSource, providerVersion string) terraform.SetupFn { + ... + // set provider configuration + ps.Configuration = map[string]any{} + if v, ok := creds[keyBaseURL]; ok { + ps.Configuration[keyBaseURL] = v + } + if v, ok := creds[keyOwner]; ok { + ps.Configuration[keyOwner] = v + } + if v, ok := creds[keyToken]; ok { + ps.Configuration[keyToken] = v + } + return ps, nil + } + ``` - ```go - const ( - ... - keyBaseURL = "base_url" - keyOwner = "owner" - keyToken = "token" - ) - ``` - ```go - func TerraformSetupBuilder(version, providerSource, providerVersion string) terraform.SetupFn { - ... - // set provider configuration - ps.Configuration = map[string]any{} - if v, ok := creds[keyBaseURL]; ok { - ps.Configuration[keyBaseURL] = v - } - if v, ok := creds[keyOwner]; ok { - ps.Configuration[keyOwner] = v - } - if v, ok := creds[keyToken]; ok { - ps.Configuration[keyToken] = v - } - return ps, nil - } - ``` +1. Next add external name configurations for the [github_repository] and + [github_branch] Terraform resources. + + > [!NOTE] + > Only generate resources with an external name configuration defined. + + - Add external name configurations for these two resources in + `config/external_name.go` as an entry to the map called + `ExternalNameConfigs` + + ```go + // ExternalNameConfigs contains all external name configurations for this + // provider. + var ExternalNameConfigs = map[string]config.ExternalName{ + ... + // Name is a parameter and it is also used to import the resource. + "github_repository": config.NameAsIdentifier, + // The import ID consists of several parameters. We'll use branch name as + // the external name. + "github_branch": config.TemplatedStringAsIdentifier("branch", "{{ .parameters.repository }}:{{ .external_name }}:{{ .parameters.source_branch }}"), + } + ``` -6. Before generating all resources that the provider has, let's go step by step - and only start with generating CRDs for [github_repository] and - [github_branch] Terraform resources. - - Only the resources with external name configuration should be generated. - Let's add external name configurations for these two resources in - `config/external_name.go` as an entry to the map called `ExternalNameConfigs`: - - ```go - // ExternalNameConfigs contains all external name configurations for this - // provider. - var ExternalNameConfigs = map[string]config.ExternalName{ - ... - // Name is a parameter and it is also used to import the resource. - "github_repository": config.NameAsIdentifier, - // The import ID consists of several parameters. We'll use branch name as - // the external name. - "github_branch": config.TemplatedStringAsIdentifier("branch", "{{ .parameters.repository }}:{{ .external_name }}:{{ .parameters.source_branch }}"), - } - ``` + - Take a look at the documentation for configuring a resource for more + information about [external name configuration](configuring-a-resource.md#external-name). - Please take a look at the Configuring a Resource documentation for more information about [external name configuration]. +1. Next add custom configurations for these two resources as follows: -7. Finally, we would need to add some custom configurations for these two - resources as follows: + - Create custom configuration directory for whole repository group - ```bash - # Create custom configuration directory for whole repository group - mkdir config/repository - # Create custom configuration directory for whole branch group - mkdir config/branch - ``` + ```bash + mkdir config/repository + ``` - ```bash - cat < config/repository/config.go - package repository - - import "github.com/upbound/upjet/pkg/config" - - // Configure configures individual resources by adding custom ResourceConfigurators. - func Configure(p *config.Provider) { - p.AddResourceConfigurator("github_repository", func(r *config.Resource) { - // We need to override the default group that upjet generated for - // this resource, which would be "github" - r.ShortGroup = "repository" - }) - } - EOF - ``` + - Create custom configuration directory for whole branch group - ```bash - # Note that you need to change `myorg/provider-github`. - cat < config/branch/config.go - package branch - - import "github.com/upbound/upjet/pkg/config" - - func Configure(p *config.Provider) { - p.AddResourceConfigurator("github_branch", func(r *config.Resource) { - // We need to override the default group that upjet generated for - // this resource, which would be "github" - r.ShortGroup = "branch" - - // This resource need the repository in which branch would be created - // as an input. And by defining it as a reference to Repository - // object, we can build cross resource referencing. See - // repositoryRef in the example in the Testing section below. - r.References["repository"] = config.Reference{ - Type: "github.com/myorg/provider-github/apis/repository/v1alpha1.Repository", - } - }) - } - EOF - ``` + ```bash + mkdir config/branch + ``` - And register custom configurations in `config/provider.go`: + - Create the repository group configuration file - ```diff - import ( - ... + ```bash + cat < config/repository/config.go + package repository + + import "github.com/crossplane/upjet/pkg/config" + + // Configure configures individual resources by adding custom ResourceConfigurators. + func Configure(p *config.Provider) { + p.AddResourceConfigurator("github_repository", func(r *config.Resource) { + // We need to override the default group that upjet generated for + // this resource, which would be "github" + r.ShortGroup = "repository" + }) + } + EOF + ``` - ujconfig "github.com/upbound/upjet/pkg/config" + - Create the branch group configuration file - - "github.com/myorg/provider-github/config/null" - + "github.com/myorg/provider-github/config/branch" - + "github.com/myorg/provider-github/config/repository" - ) + > [!NOTE] + > Note that you need to change `myorg/provider-github` to your organization. - func GetProvider() *tjconfig.Provider { - ... - for _, configure := range []func(provider *tjconfig.Provider){ - // add custom config functions - - null.Configure, - + repository.Configure, - + branch.Configure, - } { - configure(pc) - } - ``` - - **_To learn more about custom resource configurations (in step 7), please see - the [Configuring a Resource](/docs/add-new-resource-long.md) document._** + ```bash + cat < config/branch/config.go + package branch + + import "github.com/crossplane/upjet/pkg/config" + + func Configure(p *config.Provider) { + p.AddResourceConfigurator("github_branch", func(r *config.Resource) { + // We need to override the default group that upjet generated for + // this resource, which would be "github" + r.ShortGroup = "branch" + + // This resource need the repository in which branch would be created + // as an input. And by defining it as a reference to Repository + // object, we can build cross resource referencing. See + // repositoryRef in the example in the Testing section below. + r.References["repository"] = config.Reference{ + Type: "github.com/myorg/provider-github/apis/repository/v1alpha1.Repository", + } + }) + } + EOF + ``` + And register custom configurations in `config/provider.go`: + + ```diff + import ( + ... + + ujconfig "github.com/upbound/crossplane/pkg/config" + + - "github.com/myorg/provider-github/config/null" + + "github.com/myorg/provider-github/config/branch" + + "github.com/myorg/provider-github/config/repository" + ) + + func GetProvider() *tjconfig.Provider { + ... + for _, configure := range []func(provider *tjconfig.Provider){ + // add custom config functions + - null.Configure, + + repository.Configure, + + branch.Configure, + } { + configure(pc) + } + ``` -8. Now we can generate our Upjet Provider: + _To learn more about custom resource configurations (in step 7), please + see the [Configuring a Resource](configuring-a-resource.md) document._ - Before we run make generate ensure to install `goimports` - ``` - go install golang.org/x/tools/cmd/goimports@latest - ``` +1. Now we can generate our Upjet Provider: - ```bash - make generate - ``` + Before we run `make generate` ensure to install `goimports` -### Adding More Resources + ```bash + go install golang.org/x/tools/cmd/goimports@latest + ``` -See the guide [here][new-resource-short] to add more resources. + ```bash + make generate + ``` -## Test +## Testing the generated resources Now let's test our generated resources. @@ -239,8 +258,7 @@ Now let's test our generated resources. ``` Create example for `repository` resource, which will use - `upjet-provider-template` repo as template for the repository - to be created: + `upjet-provider-template` repo as template for the repository to be created: ```bash cat < examples/repository/repository.yaml @@ -260,8 +278,8 @@ Now let's test our generated resources. EOF ``` - Create `branch` resource which refers to the above repository - managed resource: + Create `branch` resource which refers to the above repository managed + resource: ```bash cat < examples/branch/branch.yaml @@ -278,8 +296,9 @@ Now let's test our generated resources. EOF ``` - In order to change the `apiVersion`, you can use `WithRootGroup` and `WithShortName` - options in `config/provider.go` as arguments to `ujconfig.NewProvider`. + In order to change the `apiVersion`, you can use `WithRootGroup` and + `WithShortName` options in `config/provider.go` as arguments to + `ujconfig.NewProvider`. 2. Generate a [Personal Access Token](https://github.com/settings/tokens) for your Github account with `repo/public_repo` and `delete_repo` scopes. @@ -300,14 +319,16 @@ Now let's test our generated resources. 5. Run the provider: - Please make sure Terraform is installed before running the "make run" command, you can check [this guide](https://developer.hashicorp.com/terraform/downloads). - + Please make sure Terraform is installed before running the "make run" + command, you can check + [this guide](https://developer.hashicorp.com/terraform/downloads). + ```bash make run ``` -6. Apply ProviderConfig and example manifests (_In another terminal since - the previous command is blocking_): +6. Apply ProviderConfig and example manifests (_In another terminal since the + previous command is blocking_): ```bash # Create "crossplane-system" namespace if not exists @@ -326,10 +347,10 @@ Now let's test our generated resources. ```bash NAME READY SYNCED EXTERNAL-NAME AGE - branch.branch.github.upbound.io/hello-upjet True True hello-crossplane:hello-upjet 89s + branch.branch.github.jet.crossplane.io/hello-upjet True True hello-crossplane:hello-upjet 89s NAME READY SYNCED EXTERNAL-NAME AGE - repository.repository.github.upbound.io/hello-crossplane True True hello-crossplane 89s + repository.repository.github.jet.crossplane.io/hello-crossplane True True hello-crossplane 89s ``` Verify that repo `hello-crossplane` and branch `hello-upjet` created under @@ -348,14 +369,15 @@ Now let's test our generated resources. Verify that the repo got deleted once deletion is completed on the control plane. +## Next steps + +Now that you've seen the basics of generating `CustomResourceDefinitions` for +your provider, you can learn more about +[configuring resources](configuring-a-resource.md) or +[testing your resources](testing-with-uptest.md) with Uptest. [Terraform GitHub provider]: https://registry.terraform.io/providers/integrations/github/latest/docs -[upjet-provider-template]: https://github.com/upbound/upjet-provider-template +[upjet-provider-template]: https://github.com/crossplane/upjet-provider-template [upbound/build]: https://github.com/upbound/build -[Terraform documentation for provider configuration]: https://registry.terraform.io/providers/integrations/github/latest/docs#argument-reference [github_repository]: https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository [github_branch]: https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch -[this line in controller Dockerfile]: https://github.com/upbound/upjet-provider-template/blob/main/cluster/images/upjet-provider-template/Dockerfile#L20-L28 -[terraform-plugin-sdk]: https://github.com/hashicorp/terraform-plugin-sdk -[new-resource-short]: add-new-resource-short.md -[external name configuration]: https://github.com/upbound/upjet/blob/main/docs/add-new-resource-long.md#external-name \ No newline at end of file diff --git a/docs/images/artifacts.png.license b/docs/images/artifacts.png.license new file mode 100644 index 00000000..46b2c283 --- /dev/null +++ b/docs/images/artifacts.png.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC-BY-4.0 diff --git a/docs/images/azure-wi.png.license b/docs/images/azure-wi.png.license new file mode 100644 index 00000000..46b2c283 --- /dev/null +++ b/docs/images/azure-wi.png.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC-BY-4.0 diff --git a/docs/images/managed-all.png.license b/docs/images/managed-all.png.license new file mode 100644 index 00000000..46b2c283 --- /dev/null +++ b/docs/images/managed-all.png.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC-BY-4.0 diff --git a/docs/images/summary.png.license b/docs/images/summary.png.license new file mode 100644 index 00000000..46b2c283 --- /dev/null +++ b/docs/images/summary.png.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC-BY-4.0 diff --git a/docs/images/upjet-components.png b/docs/images/upjet-components.png new file mode 100644 index 00000000..e8a06e40 Binary files /dev/null and b/docs/images/upjet-components.png differ diff --git a/docs/images/upjet-components.png.license b/docs/images/upjet-components.png.license new file mode 100644 index 00000000..46b2c283 --- /dev/null +++ b/docs/images/upjet-components.png.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC-BY-4.0 diff --git a/docs/images/upjet-externalname.excalidraw.license b/docs/images/upjet-externalname.excalidraw.license new file mode 100644 index 00000000..46b2c283 --- /dev/null +++ b/docs/images/upjet-externalname.excalidraw.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC-BY-4.0 diff --git a/docs/images/upjet-externalname.png.license b/docs/images/upjet-externalname.png.license new file mode 100644 index 00000000..46b2c283 --- /dev/null +++ b/docs/images/upjet-externalname.png.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC-BY-4.0 diff --git a/docs/manual-migration-guide-to-op.md b/docs/manual-migration-guide-to-op.md deleted file mode 100644 index 67afc39f..00000000 --- a/docs/manual-migration-guide-to-op.md +++ /dev/null @@ -1,227 +0,0 @@ -## Manual Migration Guide to Official Providers - -This document describes the steps that need to be applied to migrate from -community providers to official providers manually. We plan to implement a -client-based tool to automate this process. - -For the sake of simplicity, we only focus on migrating managed resources -and compositions in this guide. These scenarios can be extended -with other tools like ArgoCD, Flux, Helm, Kustomize, etc. - -### Migrating Managed Resources - -Migrating existing managed resources to official providers can be simplified -as import scenarios. The aim is to modify the community provider's scheme to official -providers and apply those manifests to import existing cloud resources. - -To prevent a conflict between two provider controllers reconciling for the same external resource, -we're scaling down the old provider. This can also be eliminated with the new [pause annotation feature]. - - -1) Backup managed resource manifests -```bash -kubectl get managed -o yaml > backup-mrs.yaml -``` -2) Update deletion policy to `Orphan` with the command below: -```bash -kubectl patch $(kubectl get managed -o name) -p '{"spec": {"deletionPolicy":"Orphan"}}' --type=merge -``` -3) Install the official provider -4) Install provider config -5) Update managed resource manifests to the new API version `upbound.io`, external-name annotations and new field names/types. You can use -[Upbound Marketplace] for comparing CRD schema changes. It is also planned to extend current documentation with external-name syntax in this [issue]. -```bash -cp backup-mrs.yaml op-mrs.yaml -vi op-mrs.yaml -``` -6) Scale down Crossplane deployment -```bash -kubectl scale deploy crossplane --replicas=0 -``` -7) Scale down native provider deployment -```bash -kubectl scale deploy ${deployment_name} --replicas=0 -``` -8) Apply updated managed resources and wait until they become ready -```bash -kubectl apply -f op-mrs.yaml -``` -9) Delete old MRs -```bash -kubectl delete -f backup-mrs.yaml -kubectl patch -f backup-mrs.yaml -p '{"metadata":{"finalizers":[]}}' --type=merge -``` -10) Delete old provider config -```bash -kubectl delete providerconfigs ${provider_config_name} -``` -11) Delete old provider -```bash -kubectl delete providers ${provider_name} -``` -12) Scale up Crossplane deployment -```bash -kubectl scale deploy crossplane --replicas=1 -``` - -#### Migrating VPC Managed Resource - -In below, we display the required changes to migrate a native provider-aws VPC resource to an official -provider-aws VPC. As you can see, we have updated the API version and some field names/types in spec -and status subresources. To find out which fields to update, we need to compare the CRDs in the current -provider version and the target official provider version. - -```diff -- apiVersion: ec2.aws.crossplane.io/v1beta1 -+ apiVersion: ec2.aws.upbound.io/v1beta1 - kind: VPC - metadata: - annotations: - crossplane.io/external-create-pending: "2022-09-23T12:20:31Z" - crossplane.io/external-create-succeeded: "2022-09-23T12:20:33Z" - crossplane.io/external-name: vpc-008f150c8f525bf24 - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"ec2.aws.crossplane.io/v1beta1","kind":"VPC","metadata":{"annotations":{},"name":"ezgi-vpc"},"spec":{"deletionPolicy":"Delete","forProvider":{"cidrBlock":"192.168.0.0/16","enableDnsHostNames":true,"enableDnsSupport":true,"instanceTenancy":"default","region":"us-west-2","tags":[{"key":"Name","value":"platformref-vpc"},{"key":"Owner","value":"Platform Team"},{"key":"crossplane-kind","value":"vpc.ec2.aws.crossplane.io"},{"key":"crossplane-name","value":"ezgi-plat-ref-aws-tcg6t-n6zph"},{"key":"crossplane-providerconfig","value":"default"}]},"providerConfigRef":{"name":"default"}}} - creationTimestamp: "2022-09-23T12:18:21Z" - finalizers: - - finalizer.managedresource.crossplane.io - generation: 2 - name: ezgi-vpc - resourceVersion: "22685" - uid: 81211d98-57f2-4f2e-a6db-04bb75cc60ff - spec: - deletionPolicy: Delete - forProvider: - cidrBlock: 192.168.0.0/16 -- enableDnsHostNames: true -+ enableDnsHostnames: true - enableDnsSupport: true - instanceTenancy: default - region: us-west-2 - tags: -- - key: Name -- value: platformref-vpc -- - key: Owner -- value: Platform Team -- - key: crossplane-kind -- value: vpc.ec2.aws.crossplane.io -- - key: crossplane-name -- value: ezgi-vpc -- - key: crossplane-providerconfig -- value: default -+ Name: platformref-vpc -+ Owner: Platform Team -+ crossplane-kind: vpc.ec2.aws.upbound.io -+ crossplane-name: ezgi-vpc -+ crossplane-providerconfig: default - providerConfigRef: - name: default -``` - - -### Migrating Crossplane Configurations - -Configuration migration can be more challenging. Because, in addition to managed resource migration, we need to -update our composition and claim files to match the new CRDs. Just like managed resource migration, we first start to import -our existing resources to official provider and then update our configuration package version to point to the -official provider. - - -1) Backup managed resource manifests -```bash -kubectl get managed -o yaml > backup-mrs.yaml -``` -2) Scale down Crossplane deployment -```bash -kubectl scale deploy crossplane --replicas=0 -``` -3) Update deletion policy to `Orphan` with the command below: -```bash -kubectl patch $(kubectl get managed -o name) -p '{"spec": {"deletionPolicy":"Orphan"}}' --type=merge -``` -4) Update composition files to the new API version `upbound.io`, external-name annotations and new field names/types. You can use -[Upbound Marketplace] for comparing CRD schema changes. It is also planned to extend current documentation with external-name syntax in this [issue]. -5) Update `crossplane.yaml` file with official provider dependency. -6) Build and push the new configuration version -7) Install Official Provider -8) Install provider config -9) Update managed resource manifests with the same changes done on composition files -```bash -cp backup-mrs.yaml op-mrs.yaml -vi op-mrs.yaml -``` -10) Scale down native provider deployment -```bash -kubectl scale deploy ${deployment_name} --replicas=0 -``` -11) Apply updated managed resources and wait until they become ready -```bash -kubectl apply -f op-mrs.yaml -``` -12) Delete old MRs -```bash -kubectl delete -f backup-mrs.yaml -kubectl patch -f backup-mrs.yaml -p '{"metadata":{"finalizers":[]}}' --type=merge -``` -13) Update the configuration to the new version -```bash -cat <//zz_generated.resolvers.go`: You may observe errors referring to -undeclared `spec` struct fields with names containing acronyms such as: -```shell -apis/ec2/v1alpha2/zz_generated.resolvers.go:195:38: mg.Spec.ForProvider.SecurityGroupIdRefs undefined (type InstanceParameters has no field or method SecurityGroupIdRefs) -``` -You will also need to fix the [reference configurations] for such managed -resources using the [resource configuration API]. - -6. You will need to make changes in your `Makefile` to get your make targets -working again: -- You need to update the declared Go version with the `GO_REQUIRED_VERSION` -make variable. -- You need to update the declared Go linter version with -the `GOLANGCILINT_VERSION` make variable. -```shell -GO_REQUIRED_VERSION ?= 1.19 -GOLANGCILINT_VERSION ?= 1.50.0 -``` - -This make variables must be available when the make targets consuming them -are run, so please make sure to include them at the head of the file. For an -example, please check the Upjet's provider template's [Makefile]. - -7. Now, you may want to run `make lint` to reveal and resolve any linter issues. -You will probably need to run `gofmt -s -w` on certain Go sources to properly -format them. - -After these steps, you should now be able to build your provider package with -`make build`. Please also keep in mind that you may need to update your repo's -CI pipelines especially if you've updated your provider module's Go version. - -8. Now, you may want to build your provider package and test the fresh package - with your provider's managed resources. - -Having successfully migrated from the `github.com/crossplane/terrajet` -Go module to the `github.com/upbound/upjet` module, you may now consider -enabling some new and advanced features only available in Upjet: - -9. You may consider enabling metadata extraction from the [Terraform registry]. -In order to enable metadata extraction for the provider, you will need to run -Upjet's metadata scraper. This can be achieved by including a Go generate -comment in your provider's `apis/generate.go` with something similar to: -```go -//go:generate go run github.com/upbound/upjet/cmd/scraper -n ${TERRAFORM_PROVIDER_SOURCE} -r ../.work/${TERRAFORM_PROVIDER_SOURCE}/${TERRAFORM_DOCS_PATH} -o ../config/provider-metadata.yaml -``` -This generate directive depends on some Makefile changes like adding the -`pull-docs` target and declaring certain Makefile variables. For details, -please refer to Upjet's provider template [Makefile](https://github.com/upbound/upjet-provider-template/blob/main/Makefile) -and [apis/generate.go](https://github.com/upbound/upjet-provider-template/blob/main/apis/generate.go). - -Now, when you run a `make generate`, you should find the extracted metadata at -`config/provider-metadata.yaml`. - -10. Now that your provider extracts Terraform registry metadata, you can use it -to generate CRD documentation and to generate example CR manifests. In order to -do this, you will need to configure your provider with the scraped metadata -as follows: -- In `config/provider.go`: You need to load the provider's metadata from the -`config/provider-metadata.yaml` file. -You can easily do so with the `go:embed` directive: -```go -//go:embed provider-metadata.yaml -var providerMetadata []byte -``` -- In `config/provider.go`: You need to make the provider metadata available -to the provider configuration. This is done by passing the metadata bytes -(stored in the variable `providerMetadata` above) to the -`config.NewProvider` call. For an example, please refer to the template -repo's [config/provider.go](https://github.com/upbound/upjet-provider-template/blob/d34119409586f6205ec8ed4b9b2c2481c74bf07e/config/provider.go#L29). - -Now, when you run `make generate`, the generated CRDs for your provider should -have documentation scraped from the Terraform registry. And you should -have some example manifests generated for your managed resources under -the path `examples-generated` in the repo root. - -Please also take a look at the template repo's [apis/generate.go](https://github.com/upbound/upjet-provider-template/blob/main/apis/generate.go) -for some other `go:generate` directives for cleaning up these newly -generated artifacts. - -11. You may also want to update your provider's `build` submodule to the latest version by running a: -```shell -git submodule update --remote --merge -``` - -12. If you would like to enable a shared gRPC server for your provider -(which implies that the Terraform CLI will not fork multiple native provider -processes to make requests and instead, share a common instance across -all requests to improve the performance of the Crossplane provider), or -if you would like to integrate the single image building process, -please adapt your provider package's Dockerfile -(`cluster/images//Dockerfile`) and -Makefile (`cluster/images//Makefile`) -to the template repo's [associated files](https://github.com/upbound/upjet-provider-template/tree/main/cluster/images/upjet-provider-template). -You will also need to adapt your provider's Makefile to match -the template repo's [Makefile](https://github.com/upbound/upjet-provider-template/blob/main/Makefile). - - -[Upjet]: https://github.com/upbound/upjet -[Terrajet]: https://github.com/crossplane/terrajet -[terrrajet-deprecation]: https://github.com/crossplane/terrajet/issues/308 -[resource configuration API]: - https://github.com/upbound/upjet/blob/7e84c638a8bc5c93c6da3cf9420f961f165dd05d/pkg/config/resource.go#L258 -[reference configurations]: https://github.com/upbound/upjet/blob/c82119f5ef342f752406a0ed38264940b02e795f/pkg/config/resource.go#L293 -[Upjet template repository]: https://github.com/upbound/upjet-provider-template -[Makefile]: https://github.com/upbound/upjet-provider-template/blob/d34119409586f6205ec8ed4b9b2c2481c74bf07e/Makefile#L41 -[Terraform registry]: https://registry.terraform.io/ -[bootstrap a new provider]: https://github.com/upbound/upjet/blob/main/docs/generating-a-provider.md diff --git a/docs/monitoring.md b/docs/monitoring.md index 314d915f..a38673e0 100644 --- a/docs/monitoring.md +++ b/docs/monitoring.md @@ -1,9 +1,15 @@ -## Monitoring the Upjet Runtime + +# Monitoring the Upjet runtime + The [Kubernetes controller-runtime] library provides a Prometheus metrics endpoint by default. The Upjet based providers including the [upbound/provider-aws], [upbound/provider-azure], [upbound/provider-azuread] and -[upbound/provider-gcp] expose [various -metrics](https://book.kubebuilder.io/reference/metrics-reference.html) +[upbound/provider-gcp] expose +[various metrics](https://book.kubebuilder.io/reference/metrics-reference.html) from the controller-runtime to help monitor the health of the various runtime components, such as the [`controller-runtime` client], the [leader election client], the [controller workqueues], etc. In addition to these metrics, each @@ -14,10 +20,11 @@ reconciliation worker goroutines. In addition to these metrics exposed by the `controller-runtime`, the Upjet based providers also expose metrics specific to the Upjet runtime. The Upjet -runtime registers some custom metrics using the [available extension -mechanism](https://book.kubebuilder.io/reference/metrics.html#publishing-additional-metrics), +runtime registers some custom metrics using the +[available extension mechanism](https://book.kubebuilder.io/reference/metrics.html#publishing-additional-metrics), and are available from the default `/metrics` endpoint of the provider pod. Here are these custom metrics exposed from the Upjet runtime: + - `upjet_terraform_cli_duration`: This is a histogram metric and reports statistics, in seconds, on how long it takes a Terraform CLI invocation to complete. @@ -33,35 +40,37 @@ characteristics of the measurements being made, such as differentiating between the CLI processes and the Terraform provider processes when counting the number of active Terraform processes running. Here is a list of labels associated with each of the above custom Upjet metrics: + - Labels associated with the `upjet_terraform_cli_duration` metric: - - `subcommand`: The `terraform` subcommand that's run, e.g., `init`, - `apply`, `plan`, `destroy`, etc. - - `mode`: The execution mode of the Terraform CLI, one of `sync` (so that - the CLI was invoked synchronously as part of a reconcile loop), `async` - (so that the CLI was invoked asynchronously, the reconciler goroutine will - poll and collect results in future). + - `subcommand`: The `terraform` subcommand that's run, e.g., `init`, `apply`, + `plan`, `destroy`, etc. + - `mode`: The execution mode of the Terraform CLI, one of `sync` (so that the + CLI was invoked synchronously as part of a reconcile loop), `async` (so that + the CLI was invoked asynchronously, the reconciler goroutine will poll and + collect results in future). - Labels associated with the `upjet_terraform_active_cli_invocations` metric: - - `subcommand`: The `terraform` subcommand that's run, e.g., `init`, - `apply`, `plan`, `destroy`, etc. - - `mode`: The execution mode of the Terraform CLI, one of `sync` (so that - the CLI was invoked synchronously as part of a reconcile loop), `async` - (so that the CLI was invoked asynchronously, the reconciler goroutine will - poll and collect results in future). + - `subcommand`: The `terraform` subcommand that's run, e.g., `init`, `apply`, + `plan`, `destroy`, etc. + - `mode`: The execution mode of the Terraform CLI, one of `sync` (so that the + CLI was invoked synchronously as part of a reconcile loop), `async` (so that + the CLI was invoked asynchronously, the reconciler goroutine will poll and + collect results in future). - Labels associated with the `upjet_terraform_running_processes` metric: - - `type`: Either `cli` for Terraform CLI (the `terraform` process) processes - or `provider` for the Terraform provider processes. Please note that this - is a best effort metric that may not be able to precisely catch & report - all relevant processes. We may, in the future, improve this if needed by - for example watching the `fork` system calls. But currently, it may prove - to be useful to watch rouge Terraform provider processes. + - `type`: Either `cli` for Terraform CLI (the `terraform` process) processes + or `provider` for the Terraform provider processes. Please note that this is + a best effort metric that may not be able to precisely catch & report all + relevant processes. We may, in the future, improve this if needed by for + example watching the `fork` system calls. But currently, it may prove to be + useful to watch rouge Terraform provider processes. - Labels associated with the `upjet_resource_ttr` metric: - - `group`, `version`, `kind` labels record the [API group, version and - kind](https://kubernetes.io/docs/reference/using-api/api-concepts/) for - the managed resource, whose - [time-to-readiness](https://github.com/crossplane/terrajet/issues/55#issuecomment-929494212) - measurement is captured. + - `group`, `version`, `kind` labels record the + [API group, version and kind](https://kubernetes.io/docs/reference/using-api/api-concepts/) + for the managed resource, whose + [time-to-readiness](https://github.com/crossplane/terrajet/issues/55#issuecomment-929494212) + measurement is captured. ## Examples + You can [export](https://book.kubebuilder.io/reference/metrics.html) all these custom metrics and the `controller-runtime` metrics from the provider pod for Prometheus. Here are some examples showing the custom metrics in action from the @@ -80,16 +89,16 @@ Prometheus console: src="https://user-images.githubusercontent.com/9376684/223299401-8f128b74-8d9c-4c82-86c5-26870385bee7.png"> - The medians (0.5-quantiles) for these observations aggregated by the mode and -Terraform subcommand being invoked: image + Terraform subcommand being invoked: image - `upjet_resource_ttr` histogram metric, showing average resource TTR for the last 10m: image - The median (0.5-quantile) for these TTR observations: + alt="image" + src="https://user-images.githubusercontent.com/9376684/223309727-d1a0f4e2-1ed2-414b-be67-478a0575ee49.png"> These samples have been collected by provisioning 10 [upbound/provider-aws] `cognitoidp.UserPool` resources by running the provider with a poll interval of @@ -98,19 +107,16 @@ These samples have been collected by provisioning 10 [upbound/provider-aws] that, they were destroyed. ## Reference + You can find a full reference of the exposed metrics from the Upjet-based providers [here](provider_metrics_help.txt). -[Kubernetes controller-runtime]: - https://github.com/kubernetes-sigs/controller-runtime +[Kubernetes controller-runtime]: https://github.com/kubernetes-sigs/controller-runtime [upbound/provider-aws]: https://github.com/upbound/provider-aws [upbound/provider-azure]: https://github.com/upbound/provider-azure [upbound/provider-azuread]: https://github.com/upbound/provider-azuread [upbound/provider-gcp]: https://github.com/upbound/provider-gcp -[`controller-runtime` client]: - https://github.com/kubernetes-sigs/controller-runtime/blob/60af59f5b22335516850ca11c974c8f614d5d073/pkg/metrics/client_go_adapter.go#L40 -[leader election client]: - https://github.com/kubernetes-sigs/controller-runtime/blob/60af59f5b22335516850ca11c974c8f614d5d073/pkg/metrics/leaderelection.go#L12 -[controller workqueues]: - https://github.com/kubernetes-sigs/controller-runtime/blob/60af59f5b22335516850ca11c974c8f614d5d073/pkg/metrics/workqueue.go#L40 +[`controller-runtime` client]: https://github.com/kubernetes-sigs/controller-runtime/blob/60af59f5b22335516850ca11c974c8f614d5d073/pkg/metrics/client_go_adapter.go#L40 +[leader election client]: https://github.com/kubernetes-sigs/controller-runtime/blob/60af59f5b22335516850ca11c974c8f614d5d073/pkg/metrics/leaderelection.go#L12 +[controller workqueues]: https://github.com/kubernetes-sigs/controller-runtime/blob/60af59f5b22335516850ca11c974c8f614d5d073/pkg/metrics/workqueue.go#L40 [labels]: https://prometheus.io/docs/practices/naming/#labels diff --git a/docs/moving-resources-to-v1beta1.md b/docs/moving-resources-to-v1beta1.md deleted file mode 100644 index 85822815..00000000 --- a/docs/moving-resources-to-v1beta1.md +++ /dev/null @@ -1,19 +0,0 @@ -## Moving Untested Resources to v1beta1 - -For outside contributors, we wanted to form a baseline for resource test -efforts. Therefore, we created a map: `ExternalNameNotTestedConfigs`. This map -contains the external name configurations of resources, but they were not tested. -And also, the resources’ schemas and controllers will not be generated after -running `make generate`/`make reviewable` commands. - -For the generation of this resource’s schema and controller, we need to add it to -the `ExternalNameConfigs` map. After this addition, this resource’s schema and -the controller will be started to generate. By default, every resource that was -added to this map will be generated in the `v1beta1` version. - -Here there are two important points. For starting to test efforts, you need a -generated CRD and controller. And for this generation, you need to move your -resource to the `ExternalNameConfigs` map. Then you can start testing and if the -test effort is successful, the new entry can remain on the main map. However, if -there are some problems in tests, and you cannot validate the resource please -move the entry to `ExternalNameNotTestedConfigs` again. diff --git a/docs/provider_metrics_help.txt b/docs/provider_metrics_help.txt index 638a829c..8cdc467b 100644 --- a/docs/provider_metrics_help.txt +++ b/docs/provider_metrics_help.txt @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors + +# SPDX-License-Identifier: CC-BY-4.0 + # HELP upjet_terraform_cli_duration Measures in seconds how long it takes a Terraform CLI invocation to complete # TYPE upjet_terraform_cli_duration histogram diff --git a/docs/reference-generation.md b/docs/reference-generation.md deleted file mode 100644 index 1e420891..00000000 --- a/docs/reference-generation.md +++ /dev/null @@ -1,176 +0,0 @@ -## Auto Cross Resource Reference Generation - -Cross Resource Referencing is one of the key concepts of the resource -configuration. As a very common case, cloud services depend on other cloud -services. For example, AWS Subnet resource needs an AWS VPC for creation. So, -for creating a Subnet successfully, before you have to create a VPC resource. -Please see the [Dependencies] documentation for more details. And also, for -resource configuration-related parts of cross-resource referencing, please see -[this part] of [Configuring a Resource] documentation. - -These documentations focus on the general concepts and manual configurations -of Cross Resource References. However, the main topic of this documentation is -automatic example&reference generation. - -Upjet has a scraper tool for scraping provider metadata from the Terraform -Registry. The scraped metadata are: -- Resource Descriptions -- Examples of Resources (in HCL format) -- Field Documentations -- Import Statements - -These are very critical information for our automation processes. We use this -scraped metadata in many contexts. For example, field documentation of -resources and descriptions are used as Golang comments for schema fields and -CRDs. - -Another important scraped information is examples of resources. As a part -of testing efforts, finding the correct combination of field values is not easy -for every scenario. So, having a working example (combination) is very important -for easy testing. - -At this point, this example that is in HCL format is converted to a Managed -Resource manifest, and we can use this manifest in our test efforts. - -This is an example from Terraform Registry AWS Ebs Volume resource: - -``` -resource "aws_ebs_volume" "example" { - availability_zone = "us-west-2a" - size = 40 - - tags = { - Name = "HelloWorld" - } -} - -resource "aws_ebs_snapshot" "example_snapshot" { - volume_id = aws_ebs_volume.example.id - - tags = { - Name = "HelloWorld_snap" - } -} -``` - -The generated example: - -```yaml -apiVersion: ec2.aws.upbound.io/v1beta1 -kind: EBSSnapshot -metadata: - annotations: - meta.upbound.io/example-id: ec2/v1beta1/ebssnapshot - labels: - testing.upbound.io/example-name: example_snapshot - name: example-snapshot -spec: - forProvider: - region: us-west-1 - tags: - Name: HelloWorld_snap - volumeIdSelector: - matchLabels: - testing.upbound.io/example-name: example - ---- - -apiVersion: ec2.aws.upbound.io/v1beta1 -kind: EBSVolume -metadata: - annotations: - meta.upbound.io/example-id: ec2/v1beta1/ebssnapshot - labels: - testing.upbound.io/example-name: example - name: example -spec: - forProvider: - availabilityZone: us-west-2a - region: us-west-1 - size: 40 - tags: - Name: HelloWorld -``` - -Here, there are three very important points that scraper makes easy our life: - -- We do not have to find the correct value combinations for fields. So, we can - easily use the generated example manifest in our tests. -- The HCL example was scraped from registry documentation of the `aws_ebs_snapshot` - resource. In the example, you also see the `aws_ebs_volume` resource manifest - because, for the creation of an EBS Snapshot, you need an EBS Volume resource. - Thanks to the source Registry, (in many cases, there are the dependent resources - of target resources) we can also scrape the dependencies of target resources. -- The last item is actually what is intended to be explained in this document. - For using the Cross Resource References, as I mentioned above, you need to add - some references to the resource configuration. But, in many cases, if in the - scraped example, the mentioned dependencies are already described you do not - have to write explicit references to resource configuration. The Cross Resource - Reference generator generates the mentioned references. - -### Validating the Cross Resource References - -As I mentioned, many references are generated from scraped metadata by an auto -reference generator. However, there are two cases where we miss generating the -references. - -The first one is related to some bugs or improvement points in the generator. -This means that the generator can handle many references in the scraped -examples and generate correctly them. But we cannot say that the ratio is %100. -For some cases, the generator cannot generate references although, they are in -the scraped example manifests. - -The second one is related to the scraped example itself. As I mentioned above, -the source of the generator is the scraped example manifest. So, it checks the -manifest and tries to generate the found cross-resource references. In some -cases, although there are other reference fields, these do not exist in the -example manifest. They can only be mentioned in schema/field documentation. - -For these types of situations, you must configure cross-resource references -explicitly. - -### Removing Auto-Generated Cross Resource References In Some Corner Cases - -In some cases, the generated references can narrow the reference pool covered by -the field. For example, X resource has an A field and Y and Z resources can be -referenced via this field. However, since the reference to Y is mentioned in the -example manifest, this reference field will only be defined over Y. In this case, -since the reference pool of the relevant field will be narrowed, it would be -more appropriate to delete this reference. For example, - -``` -resource "aws_route53_record" "www" { - zone_id = aws_route53_zone.primary.zone_id - name = "example.com" - type = "A" - - alias { - name = aws_elb.main.dns_name - zone_id = aws_elb.main.zone_id - evaluate_target_health = true - } -} -``` - -Route53 Record resource’s alias.name field has a reference. In the example, this -reference is shown by using the `aws_elb` resource. However, when we check the -field documentation, we see that this field can also be used for reference -for other resources: - -``` -Alias -Alias records support the following: - -name - (Required) DNS domain name for a CloudFront distribution, S3 bucket, ELB, -or another resource record set in this hosted zone. -``` - -### Conclusion - -As a result, mentioned scraper and example&reference generators are very useful -for making easy the test efforts. But using these functionalities, we must be -careful to avoid undesired states. - -[Dependencies]: https://crossplane.io/docs/v1.7/concepts/managed-resources.html#dependencies -[this part]: https://github.com/upbound/upjet/blob/main/docs/configuring-a-resource.md#cross-resource-referencing -[Configuring a Resource]: https://github.com/upbound/upjet/blob/main/docs/configuring-a-resource.md diff --git a/docs/sizing-guide.md b/docs/sizing-guide.md deleted file mode 100644 index 3ff164fb..00000000 --- a/docs/sizing-guide.md +++ /dev/null @@ -1,130 +0,0 @@ -# Sizing Guide - -As a result of various tests (see [provider-aws], [provider-azure], and -[provider-gcp] issues) on the new runtime features, the following average resource -utilization has been observed. - -| Provider Name | Memory (Avg.) | Memory (Peak) | CPU (Avg.) | -|----------------|---------------|---------------|------------| -| provider-aws | 1.1 GB | 3 GB | 8 Cores | -| provider-azure | 1 GB | 3.5 GB | 4 Cores | -| provider-gcp | 750 MB | 2 GB | 3 Cores | - -**Memory (Avg.)** represents the average memory consumption. This value was -obtained from end-to-end tests that contain the provision and deletion of many -MRs. - -**Memory (Peak)** represents the peak consumption observed during end-to-end -tests. This metric is important because the terraform provider process reaches -this consumption value. So, if you use a machine with lower memory, some -`OOMKilled` errors may be observed for the provider pod. In short, these values -are the minimum recommendation for memory. - -**CPU (Avg.)** represents the average consumption of the CPU. The unit of this -metric is the number of cores. - -## Some Relevant Command-Line Options - -We have some command-line options relevant to the provider's performance. - -- `max-reconcile-rate`: The global maximum rate per second at which resources may -be checked for drift from the desired state. This option directly affects the -number of reconciliations. There are a number of internal parameters set by this -option. `max-reconcile-rate` configures both the average rate and the burstiness -of the global token bucket rate limiter, which acts as a rate limiter across -all the managed resource controllers. It also sets each controller’s maximum -concurrent reconciles option. The default for this command-line option is 10. -Thus with this default the global rate limiter allows on average 10 -reconciliations per second allowing bursts of up to 100 (10 * `max-reconcile-rate`). -And each managed resource controller will have 10 reconciliation workers. -This parameter has an impact on the CPU utilization of the Crossplane provider. -Higher values will result in higher CPU utilization depending on a number of -other factors. - -- `poll`: Poll interval controls how often an individual resource should be -checked for drift. This option has a Go [time.ParseDuration syntax]. Examples are -`5m`, `10m`, `1h`. The default is `10m`, meaning that each managed resource -will be reconciled to check for drifts at least every 10 minutes. An update on -the managed resource will trigger an early reconciliation. - -- `provider-ttl`: TTL for the terraform provider processes before they are -replaced, i.e., gracefully terminated and restarted. The Upjet runtime replaces -the shared Terraform provider processes to prevent any potential memory leaks -from them. If the value of this option is very high, the memory consumption of -the Crossplane provider pod may increase. The default is 100. - -- `terraform-native-provider-path`: Terraform provider path for shared execution. -To disable the shared server runtime, you can set it to an empty string: -`--terraform-native-provider-path=""`. The default is determined at build time -via an environment variable specific to the provider and is the path at which -the Terraform provider binary resides in the pod’s filesystem. - -## Some Limitations -The new runtime has some limitations: - -- The shared scheduler currently has no cap on the number of forked Terraform -provider processes. If you have many AWS accounts (and many corresponding -ProviderConfigs for them) in a single cluster, and if you have MRs referencing -these ProviderConfigs, the Upjet runtime will fork long-running Terraform -provider processes for each. In such a case, you may just want to disable the -shared server runtime by passing `--terraform-native-provider-path=""` as a -command-line parameter to the provider. - -- Until an expired shared Terraform provider is replaced gracefully, you may -observe temporary errors like the following: -`cannot schedule a native provider during observe: e3415719-13ce-45fc-8c82-4753a170ea06: -cannot schedule native Terraform provider process: native provider reuse budget -has been exceeded: invocationCount: 115, ttl: 100` Such errors are temporary and -the MRs should eventually be resync’ed once the Terraform provider process is -gracefully replaced. - -- The `--max-reconcile-rate` command-line option sets the maximum number of -concurrent reconcilers to be used with each managed resource controller. Upjet -executes certain Terrafom CLI commands asynchronously and this may result in -more than the `max-reconcile-rate` CLI invocations to be in flight at a given time. - -## Adding Configuration Parameters to ControllerConfig - -To apply the configuration parameters mentioned above, -you need to add them as arguments to the `ControllerConfig`. - -In the example below you can see the options specified under the -`spec.args` section. - -You can apply this configuration by running `kubectl apply -f` -and referencing the local file path with the config. - -``` -apiVersion: pkg.crossplane.io/v1alpha1 -kind: ControllerConfig -metadata: - name: example-config -spec: - args: - - --max-reconcile-rate=20 - - --provider-ttl=250 ---- -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - name: provider-aws -spec: - package: xpkg.upbound.io/upbound/provider-aws:v0.32.1 - controllerConfigRef: - name: example-config -``` -Note: Due to ControllerConfig being marked as deprecated, you will get the following -warning, which you can ignore for now: - -``` -Warning: This API is deprecated and is scheduled to be removed in a future release. -``` - -Please take a look at the Crossplane documentation for more information about -[ControllerConfig]. - -[provider-aws]: https://github.com/upbound/provider-aws/issues/576 -[provider-azure]: https://github.com/upbound/provider-azure/issues/404 -[provider-gcp]: https://github.com/upbound/provider-gcp/issues/255 -[time.ParseDuration syntax]: https://pkg.go.dev/time#ParseDuration -[ControllerConfig]: https://docs.crossplane.io/v1.11/concepts/packages/#speccontrollerconfigref:~:text=that%20is%20installed.-,spec.controllerConfigRef,-Warning diff --git a/docs/testing-resources-by-using-uptest.md b/docs/testing-resources-by-using-uptest.md deleted file mode 100644 index fc4c8918..00000000 --- a/docs/testing-resources-by-using-uptest.md +++ /dev/null @@ -1,84 +0,0 @@ -## Testing Resources by Using Uptest - -`Uptest` provides a framework to test resources in an end-to-end -pipeline during the resource configuration process. Together with the example -manifest generation tool, it allows us to avoid manual interventions and shortens -testing processes. - -These integration tests are costly as they create real resources in cloud providers. -So they are not executed by default. Instead, a comment should be posted to the PR -for triggering tests. - -Tests can be run by adding something like the following expressions to the -anywhere in comment: - -* `/test-examples="provider-azure/examples/kubernetes/cluster.yaml"` -* `/test-examples="provider-aws/examples/s3/bucket.yaml, - provider-aws/examples/eks/cluster.yaml"` - -You can trigger a test job for an only provider. Provider that the tests will run -is determined by using the first element of the comma separated list. If the -comment contains resources that are from different providers, then these different -resources will be skipped. So, if you want to run tests more than one provider, -you must post separate comments for each provider. - -### Debugging Failed Test - -After a test failed, it is important to understand what is going wrong. For -debugging the tests, we push some collected logs to GitHub Action artifacts. -These artifacts contain the following data: - -* Dump of Kind Cluster -* Kuttl input files (Applied manifests, assertion files) -* Managed resource yaml outputs - -To download the artifacts, firstly you must go to the `Summary` page -of the relevant job: - -![images/summary.png](images/summary.png) - -Then click the `1` under the `Artifacts` button in the upper right. If the -automated tests run for more than one providers, this number will be higher. - -When you click this, you can see the `Artifacts` list of job. You can download -the artifact you are interested in by clicking it. - -![images/artifacts.png](images/artifacts.png) - -When a test fails, the first point to look is the provider container's logs. In -test environment, we run provider by using the `-d` flag to see the debug logs. -In the provider logs, it is possible to see all errors caused by the content of -the resource manifest, caused by the configuration or returned by the cloud -provider. - -Also, as you know, yaml output of the managed resources (it is located in the -`managed.yaml` of the artifact archive's root level) are very useful to catch -errors. - -If you have any doubts about the generated kuttl files, please check the -`kuttl-inputs.yaml` file in the archive's root. - -### Running Uptest locally - -For a faster feedback loop, you might want to run `uptest` locally in your -development setup. - -To do so run a special `uptest-local` target that accepts `PROVIDER_NAME` and -`EXAMPLE_LIST` arguments as in the example below. - -```console -make uptest-local PROVIDER_NAME=provider-azure EXAMPLE_LIST="provider-azure/examples/resource/resourcegroup.yaml" -``` - -You may also provide all the files in a folder like below: - -```console -make uptest-local PROVIDER_NAME=provider-aws EXAMPLE_LIST=$(find provider-aws/examples/secretsmanager/*.yaml | tr '\n' ',') -``` - -The local invocation is intentionally lightweight and skips the local cluster, -credentials and ProviderConfig setup assuming you already have it all already -configured in your environment. - -For a more heavyweight setup see `run_automated_tests` target which is used in a -centralized GitHub Actions invocation. \ No newline at end of file diff --git a/docs/testing-instructions.md b/docs/testing-with-uptest.md similarity index 59% rename from docs/testing-instructions.md rename to docs/testing-with-uptest.md index 34199542..a14aca6a 100644 --- a/docs/testing-instructions.md +++ b/docs/testing-with-uptest.md @@ -1,35 +1,124 @@ -# Testing Instructions and Known Error Cases + +# Testing resources by using Uptest + +`Uptest` provides a framework to test resources in an end-to-end pipeline during +the resource configuration process. Together with the example manifest +generation tool, it allows us to avoid manual interventions and shortens testing +processes. + +These integration tests are costly as they create real resources in cloud +providers. So they are not executed by default. Instead, a comment should be +posted to the PR for triggering tests. + +Tests can be run by adding something like the following expressions to the +anywhere in comment: + +- `/test-examples="provider-azure/examples/kubernetes/cluster.yaml"` +- `/test-examples="provider-aws/examples/s3/bucket.yaml, provider-aws/examples/eks/cluster.yaml"` + +You can trigger a test job for an only provider. Provider that the tests will +run is determined by using the first element of the comma separated list. If the +comment contains resources that are from different providers, then these +different resources will be skipped. So, if you want to run tests more than one +provider, you must post separate comments for each provider. + +## Debugging Failed Test + +After a test failed, it is important to understand what is going wrong. For +debugging the tests, we push some collected logs to GitHub Action artifacts. +These artifacts contain the following data: + +- Dump of Kind Cluster +- Kuttl input files (Applied manifests, assertion files) +- Managed resource yaml outputs + +To download the artifacts, firstly you must go to the `Summary` page of the +relevant job: + +![images/summary.png](images/summary.png) + +Then click the `1` under the `Artifacts` button in the upper right. If the +automated tests run for more than one providers, this number will be higher. + +When you click this, you can see the `Artifacts` list of job. You can download +the artifact you are interested in by clicking it. + +![images/artifacts.png](images/artifacts.png) + +When a test fails, the first point to look is the provider container's logs. In +test environment, we run provider by using the `-d` flag to see the debug logs. +In the provider logs, it is possible to see all errors caused by the content of +the resource manifest, caused by the configuration or returned by the cloud +provider. + +Also, as you know, yaml output of the managed resources (it is located in the +`managed.yaml` of the artifact archive's root level) are very useful to catch +errors. + +If you have any doubts about the generated kuttl files, please check the +`kuttl-inputs.yaml` file in the archive's root. + +## Running Uptest locally + +For a faster feedback loop, you might want to run `uptest` locally in your +development setup. + +To do so run a special `uptest-local` target that accepts `PROVIDER_NAME` and +`EXAMPLE_LIST` arguments as in the example below. + +```bash +make uptest-local PROVIDER_NAME=provider-azure EXAMPLE_LIST="provider-azure/examples/resource/resourcegroup.yaml" +``` + +You may also provide all the files in a folder like below: + +```bash +make uptest-local PROVIDER_NAME=provider-aws EXAMPLE_LIST=$(find provider-aws/examples/secretsmanager/*.yaml | tr '\n' ',') +``` + +The local invocation is intentionally lightweight and skips the local cluster, +credentials and ProviderConfig setup assuming you already have it all already +configured in your environment. + +For a more heavyweight setup see `run_automated_tests` target which is used in a +centralized GitHub Actions invocation. + +## Testing Instructions and Known Error Cases While configuring resources, the testing effort is the longest part. Because the characteristics of cloud providers and services can change. This test effort can -be executed in two main methods. The first one is testing the resources in a -manual way and the second one is using the `Uptest` that is an automated test -tool for Official Providers. `Uptest` provides a framework to test resources in -an end-to-end pipeline during the resource configuration process. Together with -the example manifest generation tool, it allows us to avoid manual interventions +be executed in two main methods. The first one is testing the resources in a +manual way and the second one is using the `Uptest` that is an automated test +tool for Official Providers. `Uptest` provides a framework to test resources in +an end-to-end pipeline during the resource configuration process. Together with +the example manifest generation tool, it allows us to avoid manual interventions and shortens testing processes. -## Testing Methods +### Testing Methods -### Manual Test +#### Manual Test Configured resources can be tested by using manual method. This method generally contains the environment preparation and creating the example manifest in the -Kubernetes cluster steps. The following steps can be followed for preparing the +Kubernetes cluster steps. The following steps can be followed for preparing the environment: -1. Obtaining a Kubernetes Cluster: For manual/local effort, generally a Kind -cluster is sufficient and can be used. For detailed information about Kind see +1. Obtaining a Kubernetes Cluster: For manual/local effort, generally a Kind +cluster is sufficient and can be used. For detailed information about Kind see [this repo]. An alternative way to obtain a cluster is: [k3d] -2. Registering the CRDs (Custom Resource Definitions) to Cluster: We need to -apply the CRD manifests to the cluster. The relevant manifests are located in +2. Registering the CRDs (Custom Resource Definitions) to Cluster: We need to +apply the CRD manifests to the cluster. The relevant manifests are located in the `package/crds` folder of provider subdirectories such as: -`provider-aws/package/crds`. For registering them please run the following +`provider-aws/package/crds`. For registering them please run the following command: `kubectl apply -f package/crds` -3. Create ProviderConfig: ProviderConfig Custom Resource contains some +3. Create ProviderConfig: ProviderConfig Custom Resource contains some configurations and credentials for the provider. For example, to connect to the cloud provider, we use the credentials field of ProviderConfig. For creating the ProviderConfig with correct credentials, please see [the documentation]: @@ -39,13 +128,13 @@ controllers are part of the provider. So, for starting the reconciliations for Custom Resources, we need to run the provider (collect of controllers). For running provider, two ways can be used: - `make run`: This make target starts the controllers. - - Running provider in IDE: Especially for debug effort, you may want to use - an IDE. For running the provider in an IDE, some program arguments are + - Running provider in IDE: Especially for debug effort, you may want to use + an IDE. For running the provider in an IDE, some program arguments are needed to be passed. The following example is for `provider-aws`. - Values of the `--terraform-version`, `--terraform-provider-source` and + Values of the `--terraform-version`, `--terraform-provider-source` and `--terraform-provider-version` options can be collected from the Makefile of the provider: `provider-aws/Makefile` - - `-d` -> To see debug level logs. `make run` also is run the provider in + - `-d` -> To see debug level logs. `make run` also is run the provider in debug mode. - `--terraform-version 1.2.1`: Terraform version. - `--terraform-provider-source hashicorp/aws`: Provider source name. @@ -53,82 +142,81 @@ running provider, two ways can be used: Now our preparation steps are completed. This is the time for testing: -- Create Examples and Start Testing: After completing the steps above, your -environment is ready to testing. For testing, we need to apply some example -manifests to the cluster. The manifests in the `examples-generated` folder can be -used as a first step. Before starting to change these manifests, you should move -them from `examples-generated` folder to the `examples` folder. There are two -main reasons for this. The first one is that these manifests are generated for -every `make generate` command to catch the latest changes in the resources. So -for preserving your changes moving them is necessary. The second reason is that +- Create Examples and Start Testing: After completing the steps above, your +environment is ready to testing. For testing, we need to apply some example +manifests to the cluster. The manifests in the `examples-generated` folder can be +used as a first step. Before starting to change these manifests, you should move +them from `examples-generated` folder to the `examples` folder. There are two +main reasons for this. The first one is that these manifests are generated for +every `make generate` command to catch the latest changes in the resources. So +for preserving your changes moving them is necessary. The second reason is that we use the `examples` folder as the source for keeping these manifests and using them in our automated test effort. In some cases, these manifests need manual interventions so, for successfully -applying them to a cluster (passing the Kubernetes schema validation) you may +applying them to a cluster (passing the Kubernetes schema validation) you may need to do some work. Possible problems you might face: - - The generated manifest cannot provide at least one required field. So + +- The generated manifest cannot provide at least one required field. So before creating the resource you must set the required field in the manifest. - - In some fields of generated manifest the types of values cannot be matched. - For example, X field expects a string but the manifest provides an integer. - In these cases you need to provide the correct type in your example YAML +- In some fields of generated manifest the types of values cannot be matched. + For example, X field expects a string but the manifest provides an integer. + In these cases you need to provide the correct type in your example YAML manifest. -Successfully applying these example manifests to cluster is only the -first step. After successfully creating these Managed Resources, we need to -check whether their statuses are ready or not. So we need to expect a `True` -value for `Synced` and `Ready` conditions. To check the statuses of all created -example manifests quickly you can run the `kubectl get managed` command. We will +Successfully applying these example manifests to cluster is only the +first step. After successfully creating these Managed Resources, we need to +check whether their statuses are ready or not. So we need to expect a `True` +value for `Synced` and `Ready` conditions. To check the statuses of all created +example manifests quickly you can run the `kubectl get managed` command. We will wait for all values to be `True` in this list: ![img.png](images/managed-all.png) -When all of the `Synced` and `Ready` fields are `True`, the test was -successfully completed! However, if there are some resource values that are -`False`, you need to debug this situation. The main debugging ways will be +When all of the `Synced` and `Ready` fields are `True`, the test was +successfully completed! However, if there are some resource values that are +`False`, you need to debug this situation. The main debugging ways will be mentioned in the next parts. -``` -NOTE: For following the test processes in a more accurate way, we have `UpToDate` -status condition. This status condition will be visible when you set the -annotation: `upjet.upbound.io/test=true`. Without adding this annotation you -cannot see the mentioned condition. Uptest adds this annotation to the tested -resources, but if you want to see the value of conditions in your tests in your -local environment (during manual tests) you need to add this condition manually. -For the goal and details of this status condition please see this PR: -https://github.com/upbound/upjet/pull/23 -``` - -``` -NOTE: The resources that are tried to be created may have dependencies. For -example, you might actually need resources Y and Z while trying to test resource -X. Many of the generated examples include these dependencies. However, in some -cases, there may be missing dependencies. In these cases, please add the -relevant dependencies to your example manifest. This is important both for you -to pass the tests and to provide the correct manifests. -``` - -### Automated Tests - Uptest +> [!NOTE] +> For following the test processes in a more accurate way, we have `UpToDate` + status condition. This status condition will be visible when you set the + annotation: `upjet.upbound.io/test=true`. Without adding this annotation you + cannot see the mentioned condition. Uptest adds this annotation to the tested + resources, but if you want to see the value of conditions in your tests in + your local environment (during manual tests) you need to add this condition + manually. For the goal and details of this status condition please see this + PR: https://github.com/upbound/crossplane/pull/23 + +> [!NOTE] +> The resources that are tried to be created may have dependencies. For example, + you might actually need resources Y and Z while trying to test resource X. + Many of the generated examples include these dependencies. However, in some + cases, there may be missing dependencies. In these cases, please add the + relevant dependencies to your example manifest. This is important both for you + to pass the tests and to provide the correct manifests. + +#### Automated Tests - Uptest Configured resources can be tested also by using `Uptest`. We can also separate this part into two main application methods: -#### Using Uptest in GitHub Actions +##### Using Uptest in GitHub Actions We have a GitHub workflow `Automated Tests`. This is an integration test for -Official Providers. This workflow prepares the environment (provisioning Kind -cluster, creating ProviderConfig, installing Provider, etc.) and runs the Uptest -with the input manifest list that will be given by the person who triggers the +Official Providers. This workflow prepares the environment (provisioning Kind +cluster, creating ProviderConfig, installing Provider, etc.) and runs the Uptest +with the input manifest list that will be given by the person who triggers the test. -This `Automated Tests` job can be triggered from the PR that contains the -configuration test works for the related resources/groups. For triggering the +This `Automated Tests` job can be triggered from the PR that contains the +configuration test works for the related resources/groups. For triggering the test, you need to leave a comment in the PR in the following format: `/test-examples="provider-aws/examples/s3/bucket.yaml, provider-aws/examples/eks/cluster.yaml"` -We test using the API group approach for `Automated-Tests`. So, we wait for the -entire API group's resources to pass the test in a single test run. This means +We test using the API group approach for `Automated-Tests`. So, we wait for the +entire API group's resources to pass the test in a single test run. This means that while triggering tests, leaving the following type of comment is expected: `/test-examples="provider-aws/examples/s3` @@ -137,9 +225,9 @@ This comment will test all the examples of the `s3` group. **Ignoring Some Resources in Automated Tests** -Some resources require manual intervention such as providing valid public keys -or using on-the-fly values. These cases can be handled in manual tests, but in -cases where we cannot provide generic values for automated tests, we can skip +Some resources require manual intervention such as providing valid public keys +or using on-the-fly values. These cases can be handled in manual tests, but in +cases where we cannot provide generic values for automated tests, we can skip some resources in the tests of the relevant group via an annotation: ```yaml @@ -150,134 +238,132 @@ The key is important for skipping, we are checking this `upjet.upbound.io/manual annotation key and if is in there, we skip the related resource. The value is also important to see why we skip this resource. -``` -NOTE: For resources that are ignored during Automated Tests, manual testing is a -must. Because we need to make sure that all resources published in the `v1beta1` -version are working. -``` +> [!NOTE] +> For resources that are ignored during Automated Tests, manual testing is a + must. Because we need to make sure that all resources published in the + `v1beta1` version are working. At the end of the tests, Uptest will provide a report for you. And also for all GitHub Actions, we will have an artifact that contains logs for debugging. For details please see [here]. -#### Using Uptest in Local Dev Environment +##### Using Uptest in Local Dev Environment -The main difference between running `Uptest` from your local environment and -running GitHub Actions is that the environment is also prepared during GitHub -Actions. During your tests on local, `Uptest` is only responsible for creating -instance manifests and assertions of them. Therefore, all the preparation steps -mentioned in the Manual Testing section are also necessary for tests performed +The main difference between running `Uptest` from your local environment and +running GitHub Actions is that the environment is also prepared during GitHub +Actions. During your tests on local, `Uptest` is only responsible for creating +instance manifests and assertions of them. Therefore, all the preparation steps +mentioned in the Manual Testing section are also necessary for tests performed using `Uptest` locally. -After preparing the testing environment, you should run the following command to +After preparing the testing environment, you should run the following command to trigger tests locally by using `Uptest`: Example for single file test: -``` + +```bash make uptest-local PROVIDER_NAME=provider-aws EXAMPLE_LIST=provider-aws/examples/secretsmanager/secret.yaml ``` Example of whole API Group test: -``` + +```bash make uptest-local PROVIDER_NAME=provider-aws EXAMPLE_LIST=$(find provider-aws/examples/secretsmanager/*.yaml | tr '\n' ',') ``` ### Debugging Tests -Whether the tests fail using `Uptest` or when testing manually, the steps to be -followed are the same. What finally failed was a Managed Resource tested against -Official Providers. In this case, the first thing to do is to check the manifest -of the failing resource (where the value of `Synced` or `Ready` condition is +Whether the tests fail using `Uptest` or when testing manually, the steps to be +followed are the same. What finally failed was a Managed Resource tested against +Official Providers. In this case, the first thing to do is to check the manifest +of the failing resource (where the value of `Synced` or `Ready` condition is `False`) in the cluster. -If the test was in your local environment, you can check the current state of -the resource by using the following command: +If the test was in your local environment, you can check the current state of +the resource by using the following command: `kubectl get network.compute.gcp.upbound.io/example-network-1 -o yaml` If the test ran in the GitHub Actions, you need to check the action artifact mentioned in the previous part of the documentation. -The second important point to understand the problem is the provider logs. If -the test was in your local environment, you need to check the `make run` or IDE -logs. If testing was in GitHub Actions, you need to check the action artifact. +The second important point to understand the problem is the provider logs. If +the test was in your local environment, you need to check the `make run` or IDE +logs. If testing was in GitHub Actions, you need to check the action artifact. It contains the cluster dump that has the provider logs. ## Known Error Cases -1. `prevent_destroy` Case: In some cases, when unexpected changes or situations -occur in the resources, Terraform tries to delete the related resource and +1. `prevent_destroy` Case: In some cases, when unexpected changes or situations +occur in the resources, Terraform tries to delete the related resource and create it again. However, in order to prevent this situation, the resources are -configurable. In this context, the name of the field where you can provide this +configurable. In this context, the name of the field where you can provide this control is `prevent_destroy`. Please see details of [Terraform Resource Lifecycle]. -For resources in Official Providers, this value defaults to `true`. So the +For resources in Official Providers, this value defaults to `true`. So the deletion of the resource is blocked. -Encountering this situation (i.e. Terraform trying to delete and recreate the -resource) is not normal and may indicate a specific error. Some possible +Encountering this situation (i.e. Terraform trying to delete and recreate the +resource) is not normal and may indicate a specific error. Some possible problems could be: - - As a result of overriding the constructed ID after Terraform calls, Terraform - could not match the IDs and tries to recreate the resource. Please see - [this issue] for details. In this type of cases, you need to review your +- As a result of overriding the constructed ID after Terraform calls, Terraform + could not match the IDs and tries to recreate the resource. Please see + [this issue] for details. In this type of cases, you need to review your external name configuration. - - Crossplane's concept of [Late Initialization] may cause some side effects. - One of them is while late initialization, filling a field that is not initially +- Crossplane's concept of [Late Initialization] may cause some side effects. + One of them is while late initialization, filling a field that is not initially filled on the manifest may cause the resource to be destroyed and recreated. - In such a case, it should be evaluated that which field's value is set will - cause such an error. During this evaluation, it will be necessary to make use - of the terraform registry document. In the end, the field that is thought to - solve the problem is put into the ignore list using the - [late initialization configuration] and the test is repeated from the + In such a case, it should be evaluated that which field's value is set will + cause such an error. During this evaluation, it will be necessary to make use + of the terraform registry document. In the end, the field that is thought to + solve the problem is put into the ignore list using the + [late initialization configuration] and the test is repeated from the beginning. - - Some resources fall into `tainted` state as a result of certain steps in the +- Some resources fall into `tainted` state as a result of certain steps in the creation process fail. Please see [tainted issue] for details. -2. External Name Configuration Related Errors: The most common known issue is -errors in the external name configuration. A clear error message regarding this -situation may not be visible. Many error messages can be related to an incorrect -external name configuration. Such as, a field cannot be read properly from the -parameter map, there are unexpected fields in the generated `main.tf.json` file, +2. External Name Configuration Related Errors: The most common known issue is +errors in the external name configuration. A clear error message regarding this +situation may not be visible. Many error messages can be related to an incorrect +external name configuration. Such as, a field cannot be read properly from the +parameter map, there are unexpected fields in the generated `main.tf.json` file, etc. -Therefore, when debugging a non-ready resource; if you do not see errors -returned by the Cloud API related to the constraints or characteristics of the -service (for example, you are stuck on the creation limit of this resource in -this region, or the use of the relevant field for this resource depends on the -following conditions etc.), the first point to check is external name -configuration. +Therefore, when debugging a non-ready resource; if you do not see errors +returned by the Cloud API related to the constraints or characteristics of the +service (for example, you are stuck on the creation limit of this resource in +this region, or the use of the relevant field for this resource depends on the +following conditions etc.), the first point to check is external name +configuration. -3. Late Initialization Errors: Late Initialization is one of the key concepts of -Crossplane. It allows for some values that are not initially located in the +3. Late Initialization Errors: Late Initialization is one of the key concepts of +Crossplane. It allows for some values that are not initially located in the resource's manifest to be filled with the values returned by the cloud providers. -As a side effect of this, some fields conflict each other. In this case, a -detailed error message is usually displayed about which fields conflict with +As a side effect of this, some fields conflict each other. In this case, a +detailed error message is usually displayed about which fields conflict with each other. In this case, the relevant field should be skipped by [these steps]. -4. Provider Service Specific Errors: Every cloud provider and every service has -its own features and behavior. Therefore, you may see special error messages in -the status of the resources from time to time. These may say that you are out of -the allowed values in some fields of the resource, or that you need to enable -the relevant service, etc. In such cases, please review your example manifest +4. Provider Service Specific Errors: Every cloud provider and every service has +its own features and behavior. Therefore, you may see special error messages in +the status of the resources from time to time. These may say that you are out of +the allowed values in some fields of the resource, or that you need to enable +the relevant service, etc. In such cases, please review your example manifest and try to find the appropriate example. -``` -IMPORTANT NOTE: `make reviewable` and `kubectl apply -f package/crds` commands -must be run after any change that will affect the schema or controller of the -configured/tested resource. - -In addition, the provider needs to be restarted after the changes in the -controllers, because the controller change actually corresponds to the changes -made in the running code. -``` +> [!IMPORTANT] +> `make reviewable` and `kubectl apply -f package/crds` commands must be run + after any change that will affect the schema or controller of the + configured/tested resource. In addition, the provider needs to be restarted + after the changes in the controllers, because the controller change actually + corresponds to the changes made in the running code. [this repo]: https://github.com/kubernetes-sigs/kind [the documentation]: https://crossplane.io/docs/v1.9/getting-started/install-configure.html#install-configuration-package [here]: https://github.com/upbound/official-providers/blob/main/docs/testing-resources-by-using-uptest.md#debugging-failed-test -[these steps]: https://github.com/upbound/upjet/blob/main/docs/configuring-a-resource.md#late-initialization-configuration -[late initialization configuration]: https://github.com/upbound/upjet/blob/main/docs/configuring-a-resource.md#late-initialization-configuration +[these steps]: https://github.com/upbound/crossplane/blob/main/docs/configuring-a-resource.md#late-initialization-configuration +[late initialization configuration]: https://github.com/upbound/crossplane/blob/main/docs/configuring-a-resource.md#late-initialization-configuration [Terraform Resource Lifecycle]: https://learn.hashicorp.com/tutorials/terraform/resource-lifecycle -[this issue]: https://github.com/upbound/upjet/issues/32 +[this issue]: https://github.com/upbound/crossplane/issues/32 [Late Initialization]: https://crossplane.io/docs/v1.9/concepts/managed-resources.html#late-initialization -[tainted issue]: https://github.com/upbound/upjet/issues/80 +[tainted issue]: https://github.com/upbound/crossplane/issues/80 [k3d]: https://k3d.io/ diff --git a/go.mod b/go.mod index 10ca0ba8..2a58ea2a 100644 --- a/go.mod +++ b/go.mod @@ -1,12 +1,16 @@ -module github.com/upbound/upjet +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: CC0-1.0 + +module github.com/crossplane/upjet go 1.20 require ( dario.cat/mergo v1.0.0 github.com/antchfx/htmlquery v1.2.4 - github.com/crossplane/crossplane v1.10.0 - github.com/crossplane/crossplane-runtime v0.20.0 + github.com/crossplane/crossplane v1.13.2 + github.com/crossplane/crossplane-runtime v1.13.0 github.com/fatih/camelcase v1.0.0 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.5.9 diff --git a/go.sum b/go.sum index 76d315af..99b67e47 100644 --- a/go.sum +++ b/go.sum @@ -38,6 +38,7 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -76,10 +77,11 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/crossplane/crossplane v1.10.0 h1:JP6TdhoZuRS27rYd+HCZNEBdf/1/w+rqIShW2qz/Qhk= -github.com/crossplane/crossplane v1.10.0/go.mod h1:a90wo/wkTDHhh8artgsUiLtQu5DIYwA7biHPDoMssms= -github.com/crossplane/crossplane-runtime v0.20.0 h1:MlPNrK6ELKLQdeHaIdKxQpZW2LSivSYXxHKVfU32auU= -github.com/crossplane/crossplane-runtime v0.20.0/go.mod h1:FuKIC8Mg8hE2gIAMyf2wCPkxkFPz+VnMQiYWBq1/p5A= +github.com/crossplane/crossplane v1.13.2 h1:/qxoQvNV9+eJyWVP3pu3j7q0ltdZXPgrDIkbAyCd1uI= +github.com/crossplane/crossplane v1.13.2/go.mod h1:jjYHNF5j2JidsrFZ7sfTZoVnBDVEvZHC64GyH/cYMbU= +github.com/crossplane/crossplane-runtime v1.13.0 h1:EumInUbS8mXV7otwoI3xa0rPczexJOky4XLVlHxxjO0= +github.com/crossplane/crossplane-runtime v1.13.0/go.mod h1:FuKIC8Mg8hE2gIAMyf2wCPkxkFPz+VnMQiYWBq1/p5A= +github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/go.sum.license b/go.sum.license new file mode 100644 index 00000000..ec785f69 --- /dev/null +++ b/go.sum.license @@ -0,0 +1,4 @@ + +SPDX-FileCopyrightText: 2023 The Crossplane Authors + +SPDX-License-Identifier: CC0-1.0 diff --git a/hack/boilerplate.txt b/hack/boilerplate.txt index d274fe3d..80110499 100644 --- a/hack/boilerplate.txt +++ b/hack/boilerplate.txt @@ -1,13 +1,3 @@ -Copyright 2021 Upbound Inc. +SPDX-FileCopyrightText: 2023 The Crossplane Authors -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/pkg/common.go b/pkg/common.go index d99da481..1e55f5a1 100644 --- a/pkg/common.go +++ b/pkg/common.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package pkg import "strings" @@ -18,7 +22,7 @@ func FilterDescription(description, keyword string) string { } } if len(result) == 0 { - return strings.ReplaceAll(strings.ToLower(description), keyword, "Upbound official provider") + return strings.ReplaceAll(strings.ToLower(description), keyword, "provider") } return strings.Join(result, descriptionSeparator) } diff --git a/pkg/config/common.go b/pkg/config/common.go index 18756585..ac21fd66 100644 --- a/pkg/config/common.go +++ b/pkg/config/common.go @@ -1,16 +1,15 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package config import ( "strings" + "github.com/crossplane/upjet/pkg/registry" + tjname "github.com/crossplane/upjet/pkg/types/name" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - - "github.com/upbound/upjet/pkg/registry" - tjname "github.com/upbound/upjet/pkg/types/name" ) const ( @@ -34,7 +33,7 @@ var ( "apis/v1alpha1", "apis/v1beta1", }, - //nolint:staticcheck + Controller: []string{ // Default package for ProviderConfig controllers "internal/controller/providerconfig", diff --git a/pkg/config/common_test.go b/pkg/config/common_test.go index ac5a9601..db3fe5e5 100644 --- a/pkg/config/common_test.go +++ b/pkg/config/common_test.go @@ -1,17 +1,16 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package config import ( "testing" + "github.com/crossplane/upjet/pkg/registry" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - - "github.com/upbound/upjet/pkg/registry" ) func TestDefaultResource(t *testing.T) { diff --git a/pkg/config/externalname.go b/pkg/config/externalname.go index 5532d181..7b87884a 100644 --- a/pkg/config/externalname.go +++ b/pkg/config/externalname.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package config diff --git a/pkg/config/externalname_test.go b/pkg/config/externalname_test.go index 52f7ae0d..c9f39b2a 100644 --- a/pkg/config/externalname_test.go +++ b/pkg/config/externalname_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package config @@ -8,10 +8,10 @@ import ( "context" "testing" - "github.com/crossplane/crossplane-runtime/pkg/test" + "github.com/google/go-cmp/cmp" "github.com/crossplane/crossplane-runtime/pkg/errors" - "github.com/google/go-cmp/cmp" + "github.com/crossplane/crossplane-runtime/pkg/test" ) func TestGetExternalNameFromTemplated(t *testing.T) { diff --git a/pkg/config/provider.go b/pkg/config/provider.go index 56664ef5..8c6e1328 100644 --- a/pkg/config/provider.go +++ b/pkg/config/provider.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package config @@ -8,11 +8,10 @@ import ( "fmt" "regexp" + "github.com/crossplane/upjet/pkg/registry" + conversiontfjson "github.com/crossplane/upjet/pkg/types/conversion/tfjson" tfjson "github.com/hashicorp/terraform-json" "github.com/pkg/errors" - - "github.com/upbound/upjet/pkg/registry" - conversiontfjson "github.com/upbound/upjet/pkg/types/conversion/tfjson" ) // ResourceConfiguratorFn is a function that implements the ResourceConfigurator @@ -203,7 +202,7 @@ func WithMainTemplate(template string) ProviderOption { // NewProvider builds and returns a new Provider from provider // tfjson schema, that is generated using Terraform CLI with: // `terraform providers schema --json` -func NewProvider(schema []byte, prefix string, modulePath string, metadata []byte, opts ...ProviderOption) *Provider { // nolint:gocyclo +func NewProvider(schema []byte, prefix string, modulePath string, metadata []byte, opts ...ProviderOption) *Provider { //nolint:gocyclo ps := tfjson.ProviderSchemas{} if err := ps.UnmarshalJSON(schema); err != nil { panic(err) diff --git a/pkg/config/resource.go b/pkg/config/resource.go index 1d021f4f..e97b1809 100644 --- a/pkg/config/resource.go +++ b/pkg/config/resource.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package config @@ -9,6 +9,7 @@ import ( "fmt" "time" + "github.com/crossplane/upjet/pkg/registry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/pkg/errors" "k8s.io/apimachinery/pkg/util/json" @@ -20,8 +21,6 @@ import ( "github.com/crossplane/crossplane-runtime/pkg/fieldpath" "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - - "github.com/upbound/upjet/pkg/registry" ) // SetIdentifierArgumentsFn sets the name of the resource in Terraform attributes map, diff --git a/pkg/config/resource_test.go b/pkg/config/resource_test.go index c8f5e94e..4663781b 100644 --- a/pkg/config/resource_test.go +++ b/pkg/config/resource_test.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package config import ( diff --git a/pkg/controller/api.go b/pkg/controller/api.go index da17a591..f5a5c5f5 100644 --- a/pkg/controller/api.go +++ b/pkg/controller/api.go @@ -1,29 +1,15 @@ -/* - Copyright 2021 Upbound Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package controller import ( "context" - "github.com/upbound/upjet/pkg/controller/handler" - - xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/terraform" "github.com/pkg/errors" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime/schema" @@ -31,8 +17,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ctrl "sigs.k8s.io/controller-runtime/pkg/manager" - "github.com/upbound/upjet/pkg/resource" - "github.com/upbound/upjet/pkg/terraform" + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" ) const ( diff --git a/pkg/controller/api_test.go b/pkg/controller/api_test.go index cfcbbaeb..b42e662c 100644 --- a/pkg/controller/api_test.go +++ b/pkg/controller/api_test.go @@ -1,18 +1,6 @@ -/* - Copyright 2021 Upbound Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package controller @@ -20,6 +8,9 @@ import ( "context" "testing" + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/fake" + tjerrors "github.com/crossplane/upjet/pkg/terraform/errors" "github.com/google/go-cmp/cmp" "github.com/pkg/errors" "sigs.k8s.io/controller-runtime/pkg/client" @@ -28,10 +19,6 @@ import ( xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" xpfake "github.com/crossplane/crossplane-runtime/pkg/resource/fake" "github.com/crossplane/crossplane-runtime/pkg/test" - - "github.com/upbound/upjet/pkg/resource" - "github.com/upbound/upjet/pkg/resource/fake" - tjerrors "github.com/upbound/upjet/pkg/terraform/errors" ) func TestAPICallbacksCreate(t *testing.T) { diff --git a/pkg/controller/external.go b/pkg/controller/external.go index f8b6ce60..62580935 100644 --- a/pkg/controller/external.go +++ b/pkg/controller/external.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package controller @@ -8,22 +8,21 @@ import ( "context" "time" - tferrors "github.com/upbound/upjet/pkg/terraform/errors" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" + "github.com/crossplane/upjet/pkg/terraform" + tferrors "github.com/crossplane/upjet/pkg/terraform/errors" + "github.com/pkg/errors" + "k8s.io/apimachinery/pkg/util/sets" + "sigs.k8s.io/controller-runtime/pkg/client" xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" "github.com/crossplane/crossplane-runtime/pkg/logging" "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - "github.com/pkg/errors" - "k8s.io/apimachinery/pkg/util/sets" - "sigs.k8s.io/controller-runtime/pkg/client" - - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/controller/handler" - "github.com/upbound/upjet/pkg/metrics" - "github.com/upbound/upjet/pkg/resource" - "github.com/upbound/upjet/pkg/resource/json" - "github.com/upbound/upjet/pkg/terraform" ) const ( diff --git a/pkg/controller/external_test.go b/pkg/controller/external_test.go index cb76b511..7710e705 100644 --- a/pkg/controller/external_test.go +++ b/pkg/controller/external_test.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package controller @@ -18,6 +8,17 @@ import ( "context" "testing" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/fake" + "github.com/crossplane/upjet/pkg/resource/json" + "github.com/crossplane/upjet/pkg/terraform" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "github.com/pkg/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" "github.com/crossplane/crossplane-runtime/pkg/logging" xpmeta "github.com/crossplane/crossplane-runtime/pkg/meta" @@ -25,17 +26,6 @@ import ( xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" xpfake "github.com/crossplane/crossplane-runtime/pkg/resource/fake" "github.com/crossplane/crossplane-runtime/pkg/test" - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/pkg/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/client" - - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/resource" - "github.com/upbound/upjet/pkg/resource/fake" - "github.com/upbound/upjet/pkg/resource/json" - "github.com/upbound/upjet/pkg/terraform" ) const ( diff --git a/pkg/controller/handler/eventhandler.go b/pkg/controller/handler/eventhandler.go index d5f14a01..734bc1b6 100644 --- a/pkg/controller/handler/eventhandler.go +++ b/pkg/controller/handler/eventhandler.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package handler @@ -18,12 +8,13 @@ import ( "context" "sync" - "github.com/crossplane/crossplane-runtime/pkg/logging" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/util/workqueue" "sigs.k8s.io/controller-runtime/pkg/event" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" + + "github.com/crossplane/crossplane-runtime/pkg/logging" ) // EventHandler handles Kubernetes events by queueing reconcile requests for diff --git a/pkg/controller/interfaces.go b/pkg/controller/interfaces.go index 04f638fc..7d4fc4a0 100644 --- a/pkg/controller/interfaces.go +++ b/pkg/controller/interfaces.go @@ -1,15 +1,15 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package controller import ( "context" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/resource" - "github.com/upbound/upjet/pkg/terraform" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/terraform" ) // TODO(muvaf): It's a bit weird that the functions return the struct of a diff --git a/pkg/controller/options.go b/pkg/controller/options.go index 32e091fb..e9e54a95 100644 --- a/pkg/controller/options.go +++ b/pkg/controller/options.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package controller @@ -8,11 +8,11 @@ import ( "crypto/tls" "time" - "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/terraform" "k8s.io/apimachinery/pkg/runtime/schema" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/terraform" + "github.com/crossplane/crossplane-runtime/pkg/controller" ) // Options contains incriminating options for a given Upjet controller instance. diff --git a/pkg/examples/example.go b/pkg/examples/example.go index 2fcfcfe8..8c6981e6 100644 --- a/pkg/examples/example.go +++ b/pkg/examples/example.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package examples @@ -20,11 +20,11 @@ import ( "github.com/pkg/errors" "sigs.k8s.io/yaml" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/registry/reference" - "github.com/upbound/upjet/pkg/resource/json" - tjtypes "github.com/upbound/upjet/pkg/types" - "github.com/upbound/upjet/pkg/types/name" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/registry/reference" + "github.com/crossplane/upjet/pkg/resource/json" + tjtypes "github.com/crossplane/upjet/pkg/types" + "github.com/crossplane/upjet/pkg/types/name" ) var ( diff --git a/pkg/generate.go b/pkg/generate.go index 47466234..c2ec639b 100644 --- a/pkg/generate.go +++ b/pkg/generate.go @@ -1,16 +1,6 @@ -// Copyright 2021 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 //go:build generate // +build generate diff --git a/pkg/metrics/metrics.go b/pkg/metrics/metrics.go index 31d73f0b..4e71dc7d 100644 --- a/pkg/metrics/metrics.go +++ b/pkg/metrics/metrics.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package metrics diff --git a/pkg/migration/api_steps.go b/pkg/migration/api_steps.go index 6ae56fec..f077fc89 100644 --- a/pkg/migration/api_steps.go +++ b/pkg/migration/api_steps.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration @@ -18,13 +8,14 @@ import ( "fmt" "strconv" + "github.com/pkg/errors" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" "github.com/crossplane/crossplane-runtime/pkg/meta" "github.com/crossplane/crossplane-runtime/pkg/resource/unstructured/claim" "github.com/crossplane/crossplane-runtime/pkg/resource/unstructured/composite" - "github.com/pkg/errors" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) const ( @@ -69,7 +60,7 @@ func (pg *PlanGenerator) addStepsForManagedResource(u *UnstructuredWithMetadata) if _, ok, err := toManagedResource(pg.registry.scheme, u.Object); err != nil || !ok { // not a managed resource or unable to determine // whether it's a managed resource - return nil // nolint:nilerr + return nil //nolint:nilerr } } qName := getQualifiedName(u.Object) @@ -310,14 +301,14 @@ func (pg *PlanGenerator) stepEditClaims(claims []UnstructuredWithMetadata, conve // NOTE: to cover different migration scenarios, we may use // "migration templates" instead of a static plan. But a static plan should be // fine as a start. -func (pg *PlanGenerator) stepAPI(s step) *Step { // nolint:gocyclo // all steps under a single clause for readability +func (pg *PlanGenerator) stepAPI(s step) *Step { //nolint:gocyclo // all steps under a single clause for readability stepKey := strconv.Itoa(int(s)) if pg.Plan.Spec.stepMap[stepKey] != nil { return pg.Plan.Spec.stepMap[stepKey] } pg.Plan.Spec.stepMap[stepKey] = &Step{} - switch s { // nolint:exhaustive + switch s { //nolint:exhaustive case stepPauseManaged: setPatchStep("pause-managed", pg.Plan.Spec.stepMap[stepKey]) diff --git a/pkg/migration/categorical_steps.go b/pkg/migration/categorical_steps.go index cbec4287..965c5cae 100644 --- a/pkg/migration/categorical_steps.go +++ b/pkg/migration/categorical_steps.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/migration/configurationmetadata_steps.go b/pkg/migration/configurationmetadata_steps.go index 3cb9b626..ea18ff33 100644 --- a/pkg/migration/configurationmetadata_steps.go +++ b/pkg/migration/configurationmetadata_steps.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration @@ -18,9 +8,10 @@ import ( "fmt" "strconv" + "github.com/pkg/errors" + xpmetav1 "github.com/crossplane/crossplane/apis/pkg/meta/v1" xpmetav1alpha1 "github.com/crossplane/crossplane/apis/pkg/meta/v1alpha1" - "github.com/pkg/errors" ) const ( @@ -113,7 +104,7 @@ func (pg *PlanGenerator) configurationSubStep(s step) string { return pg.subSteps[s] } -func (pg *PlanGenerator) stepConfigurationWithSubStep(s step, newSubStep bool) *Step { // nolint:gocyclo // easy to follow all steps here +func (pg *PlanGenerator) stepConfigurationWithSubStep(s step, newSubStep bool) *Step { //nolint:gocyclo // easy to follow all steps here stepKey := strconv.Itoa(int(s)) if newSubStep { stepKey = fmt.Sprintf("%s.%s", stepKey, pg.configurationSubStep(s)) @@ -123,7 +114,7 @@ func (pg *PlanGenerator) stepConfigurationWithSubStep(s step, newSubStep bool) * } pg.Plan.Spec.stepMap[stepKey] = &Step{} - switch s { // nolint:gocritic,exhaustive + switch s { //nolint:exhaustive case stepOrphanMRs: setPatchStep("deletion-policy-orphan", pg.Plan.Spec.stepMap[stepKey]) case stepRevertOrphanMRs: diff --git a/pkg/migration/configurationpackage_steps.go b/pkg/migration/configurationpackage_steps.go index a8231a1c..d8103eaa 100644 --- a/pkg/migration/configurationpackage_steps.go +++ b/pkg/migration/configurationpackage_steps.go @@ -1,28 +1,17 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration import ( "fmt" - "github.com/crossplane/crossplane-runtime/pkg/fieldpath" - - v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" - "github.com/pkg/errors" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/fieldpath" ) const ( diff --git a/pkg/migration/converter.go b/pkg/migration/converter.go index 51ef31f2..b6cbe41f 100644 --- a/pkg/migration/converter.go +++ b/pkg/migration/converter.go @@ -1,30 +1,12 @@ -// Copyright 2022 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration import ( "fmt" - "github.com/crossplane/crossplane-runtime/pkg/fieldpath" - xpmeta "github.com/crossplane/crossplane-runtime/pkg/meta" - "github.com/crossplane/crossplane-runtime/pkg/resource" - xpv1 "github.com/crossplane/crossplane/apis/apiextensions/v1" - xpmetav1 "github.com/crossplane/crossplane/apis/pkg/meta/v1" - xpmetav1alpha1 "github.com/crossplane/crossplane/apis/pkg/meta/v1alpha1" - xppkgv1 "github.com/crossplane/crossplane/apis/pkg/v1" - xppkgv1beta1 "github.com/crossplane/crossplane/apis/pkg/v1beta1" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -33,6 +15,16 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/json" k8sjson "sigs.k8s.io/json" + + "github.com/crossplane/crossplane-runtime/pkg/fieldpath" + xpmeta "github.com/crossplane/crossplane-runtime/pkg/meta" + "github.com/crossplane/crossplane-runtime/pkg/resource" + + xpv1 "github.com/crossplane/crossplane/apis/apiextensions/v1" + xpmetav1 "github.com/crossplane/crossplane/apis/pkg/meta/v1" + xpmetav1alpha1 "github.com/crossplane/crossplane/apis/pkg/meta/v1alpha1" + xppkgv1 "github.com/crossplane/crossplane/apis/pkg/v1" + xppkgv1beta1 "github.com/crossplane/crossplane/apis/pkg/v1beta1" ) const ( @@ -277,7 +269,7 @@ func toPackageLock(u unstructured.Unstructured) (*xppkgv1beta1.Lock, error) { func ConvertComposedTemplatePatchesMap(sourceTemplate xpv1.ComposedTemplate, conversionMap map[string]string) []xpv1.Patch { var patchesToAdd []xpv1.Patch for _, p := range sourceTemplate.Patches { - switch p.Type { // nolint:exhaustive + switch p.Type { //nolint:exhaustive case xpv1.PatchTypeFromCompositeFieldPath, xpv1.PatchTypeCombineFromComposite, "": { if p.ToFieldPath != nil { diff --git a/pkg/migration/errors.go b/pkg/migration/errors.go index b28b7b9c..84d6d255 100644 --- a/pkg/migration/errors.go +++ b/pkg/migration/errors.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/migration/exec_steps.go b/pkg/migration/exec_steps.go index ee414a31..bfd31725 100644 --- a/pkg/migration/exec_steps.go +++ b/pkg/migration/exec_steps.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/migration/fake/mocks/mock.go b/pkg/migration/fake/mocks/mock.go index da753ea3..607703b1 100644 --- a/pkg/migration/fake/mocks/mock.go +++ b/pkg/migration/fake/mocks/mock.go @@ -1,16 +1,6 @@ -// Copyright 2021 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 // Code generated by MockGen. DO NOT EDIT. // Source: github.com/crossplane/crossplane-runtime/pkg/resource (interfaces: Managed) diff --git a/pkg/migration/fake/objects.go b/pkg/migration/fake/objects.go index e3c64885..c9b1a59e 100644 --- a/pkg/migration/fake/objects.go +++ b/pkg/migration/fake/objects.go @@ -1,26 +1,16 @@ -// Copyright 2022 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 //go:generate go run github.com/golang/mock/mockgen -copyright_file ../../../hack/boilerplate.txt -destination=./mocks/mock.go -package mocks github.com/crossplane/crossplane-runtime/pkg/resource Managed package fake import ( - xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/upjet/pkg/migration/fake/mocks" "k8s.io/apimachinery/pkg/runtime/schema" - "github.com/upbound/upjet/pkg/migration/fake/mocks" + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) const ( diff --git a/pkg/migration/filesystem.go b/pkg/migration/filesystem.go index b79a612b..ac52ae5b 100644 --- a/pkg/migration/filesystem.go +++ b/pkg/migration/filesystem.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package migration import ( diff --git a/pkg/migration/filesystem_test.go b/pkg/migration/filesystem_test.go index 8cf452e8..92b9e096 100644 --- a/pkg/migration/filesystem_test.go +++ b/pkg/migration/filesystem_test.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package migration import ( diff --git a/pkg/migration/fork_executor.go b/pkg/migration/fork_executor.go index 93b75088..61e46281 100644 --- a/pkg/migration/fork_executor.go +++ b/pkg/migration/fork_executor.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/migration/fork_executor_test.go b/pkg/migration/fork_executor_test.go index a0c57c2a..cc146156 100644 --- a/pkg/migration/fork_executor_test.go +++ b/pkg/migration/fork_executor_test.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/migration/interfaces.go b/pkg/migration/interfaces.go index a9aff16d..a8771588 100644 --- a/pkg/migration/interfaces.go +++ b/pkg/migration/interfaces.go @@ -1,21 +1,12 @@ -// Copyright 2022 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration import ( "github.com/crossplane/crossplane-runtime/pkg/resource" + xpv1 "github.com/crossplane/crossplane/apis/apiextensions/v1" xpmetav1 "github.com/crossplane/crossplane/apis/pkg/meta/v1" xpmetav1alpha1 "github.com/crossplane/crossplane/apis/pkg/meta/v1alpha1" diff --git a/pkg/migration/kubernetes.go b/pkg/migration/kubernetes.go index 39b2c3ff..67cf4a6a 100644 --- a/pkg/migration/kubernetes.go +++ b/pkg/migration/kubernetes.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package migration import ( @@ -8,17 +12,16 @@ import ( "strings" "time" - "k8s.io/cli-runtime/pkg/resource" - "k8s.io/client-go/rest" - "github.com/pkg/errors" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/cli-runtime/pkg/resource" "k8s.io/client-go/discovery" "k8s.io/client-go/discovery/cached/disk" "k8s.io/client-go/dynamic" + "k8s.io/client-go/rest" "k8s.io/client-go/restmapper" "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/util/homedir" diff --git a/pkg/migration/kubernetes_test.go b/pkg/migration/kubernetes_test.go index 41a028fa..bddedcc7 100644 --- a/pkg/migration/kubernetes_test.go +++ b/pkg/migration/kubernetes_test.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package migration import ( diff --git a/pkg/migration/package_lock_steps.go b/pkg/migration/package_lock_steps.go index f14d3422..e3336cc3 100644 --- a/pkg/migration/package_lock_steps.go +++ b/pkg/migration/package_lock_steps.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/migration/patches.go b/pkg/migration/patches.go index 9b96c444..d5d84188 100644 --- a/pkg/migration/patches.go +++ b/pkg/migration/patches.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration @@ -21,10 +11,11 @@ import ( "regexp" "strings" - xpv1 "github.com/crossplane/crossplane/apis/apiextensions/v1" "github.com/pkg/errors" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + + xpv1 "github.com/crossplane/crossplane/apis/apiextensions/v1" ) var ( @@ -67,7 +58,7 @@ func (pg *PlanGenerator) removeInvalidPatches(gvkSource, gvkTarget schema.GroupV var patches []xpv1.Patch for _, p := range targetTemplate.Patches { s := source - switch p.Type { // nolint:exhaustive + switch p.Type { //nolint:exhaustive case xpv1.PatchTypePatchSet: ps := getNamedPatchSet(p.PatchSetName, patchSets) if ps == nil { @@ -122,7 +113,7 @@ func assertPatchSchemaConformance(p xpv1.Patch, source, target any) (bool, error // because this is defaulting logic and what we default can be overridden // later in the convert, the type switch is not exhaustive // TODO: consider processing other patch types - switch p.Type { // nolint:exhaustive + switch p.Type { //nolint:exhaustive case xpv1.PatchTypeFromCompositeFieldPath, "": // the default type targetPath = p.ToFieldPath case xpv1.PatchTypeToCompositeFieldPath: @@ -167,7 +158,7 @@ func isRawExtension(source, target reflect.Type) bool { // assertNameAndTypeAtPath asserts that the migration source and target // templates both have the same kind for the type at the specified path. // Also validates the specific path is valid for the source. -func assertNameAndTypeAtPath(source, target reflect.Type, pathComponents []string) (bool, error) { // nolint:gocyclo +func assertNameAndTypeAtPath(source, target reflect.Type, pathComponents []string) (bool, error) { //nolint:gocyclo if len(pathComponents) < 1 { return compareKinds(source, target), nil } @@ -231,7 +222,7 @@ func compareKinds(s, t reflect.Type) bool { // with the specified serialized (JSON) name. Returns a nil (and a nil error) // if a field with the specified serialized name is not found // in the specified type. -func getFieldWithSerializedName(t reflect.Type, name string) (*reflect.StructField, error) { // nolint:gocyclo +func getFieldWithSerializedName(t reflect.Type, name string) (*reflect.StructField, error) { //nolint:gocyclo if t.Kind() == reflect.Pointer { t = t.Elem() } diff --git a/pkg/migration/patches_test.go b/pkg/migration/patches_test.go index 9c62d86e..02142bf9 100644 --- a/pkg/migration/patches_test.go +++ b/pkg/migration/patches_test.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/migration/plan_executor.go b/pkg/migration/plan_executor.go index fc720b23..63f4ff38 100644 --- a/pkg/migration/plan_executor.go +++ b/pkg/migration/plan_executor.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/migration/plan_generator.go b/pkg/migration/plan_generator.go index b74fb3af..fcd8d4a6 100644 --- a/pkg/migration/plan_generator.go +++ b/pkg/migration/plan_generator.go @@ -1,37 +1,28 @@ -// Copyright 2022 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration import ( "fmt" - "reflect" "time" + "github.com/pkg/errors" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/rand" + "github.com/crossplane/crossplane-runtime/pkg/fieldpath" "github.com/crossplane/crossplane-runtime/pkg/resource" + xpv1 "github.com/crossplane/crossplane/apis/apiextensions/v1" xpmetav1 "github.com/crossplane/crossplane/apis/pkg/meta/v1" xpmetav1alpha1 "github.com/crossplane/crossplane/apis/pkg/meta/v1alpha1" xppkgv1 "github.com/crossplane/crossplane/apis/pkg/v1" xppkgv1beta1 "github.com/crossplane/crossplane/apis/pkg/v1beta1" - "github.com/pkg/errors" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/rand" ) const ( @@ -453,7 +444,7 @@ func assertMetadataName(parentName string, resources []resource.Managed) { } } -func (pg *PlanGenerator) convertComposition(o UnstructuredWithMetadata) (*UnstructuredWithMetadata, bool, error) { // nolint:gocyclo +func (pg *PlanGenerator) convertComposition(o UnstructuredWithMetadata) (*UnstructuredWithMetadata, bool, error) { //nolint:gocyclo convertedPS, err := pg.convertPatchSets(o) if err != nil { return nil, false, errors.Wrap(err, "failed to convert patch sets") diff --git a/pkg/migration/plan_generator_test.go b/pkg/migration/plan_generator_test.go index 4b718ac3..eb16bdff 100644 --- a/pkg/migration/plan_generator_test.go +++ b/pkg/migration/plan_generator_test.go @@ -1,16 +1,6 @@ -// Copyright 2022 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration @@ -21,13 +11,7 @@ import ( "regexp" "testing" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - "github.com/crossplane/crossplane-runtime/pkg/test" - v1 "github.com/crossplane/crossplane/apis/apiextensions/v1" - xpmetav1 "github.com/crossplane/crossplane/apis/pkg/meta/v1" - xpmetav1alpha1 "github.com/crossplane/crossplane/apis/pkg/meta/v1alpha1" - xppkgv1 "github.com/crossplane/crossplane/apis/pkg/v1" - xppkgv1beta1 "github.com/crossplane/crossplane/apis/pkg/v1beta1" + "github.com/crossplane/upjet/pkg/migration/fake" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -37,7 +21,14 @@ import ( "k8s.io/apimachinery/pkg/util/yaml" k8syaml "sigs.k8s.io/yaml" - "github.com/upbound/upjet/pkg/migration/fake" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/test" + + v1 "github.com/crossplane/crossplane/apis/apiextensions/v1" + xpmetav1 "github.com/crossplane/crossplane/apis/pkg/meta/v1" + xpmetav1alpha1 "github.com/crossplane/crossplane/apis/pkg/meta/v1alpha1" + xppkgv1 "github.com/crossplane/crossplane/apis/pkg/v1" + xppkgv1beta1 "github.com/crossplane/crossplane/apis/pkg/v1beta1" ) func TestGeneratePlan(t *testing.T) { diff --git a/pkg/migration/plan_steps.go b/pkg/migration/plan_steps.go index 4e29ed56..bab12351 100644 --- a/pkg/migration/plan_steps.go +++ b/pkg/migration/plan_steps.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/migration/provider_package_steps.go b/pkg/migration/provider_package_steps.go index 9b75f673..5064b086 100644 --- a/pkg/migration/provider_package_steps.go +++ b/pkg/migration/provider_package_steps.go @@ -1,16 +1,6 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration @@ -18,9 +8,10 @@ import ( "fmt" "strings" - "github.com/crossplane/crossplane-runtime/pkg/fieldpath" "github.com/pkg/errors" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + + "github.com/crossplane/crossplane-runtime/pkg/fieldpath" ) const ( diff --git a/pkg/migration/registry.go b/pkg/migration/registry.go index 51c582df..617dfd7b 100644 --- a/pkg/migration/registry.go +++ b/pkg/migration/registry.go @@ -1,31 +1,23 @@ -// Copyright 2022 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration import ( "regexp" + "github.com/pkg/errors" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "github.com/crossplane/crossplane-runtime/pkg/resource" + xpv1 "github.com/crossplane/crossplane/apis/apiextensions/v1" xpmetav1 "github.com/crossplane/crossplane/apis/pkg/meta/v1" xpmetav1alpha1 "github.com/crossplane/crossplane/apis/pkg/meta/v1alpha1" xppkgv1 "github.com/crossplane/crossplane/apis/pkg/v1" xppkgv1beta1 "github.com/crossplane/crossplane/apis/pkg/v1beta1" - "github.com/pkg/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" ) var ( diff --git a/pkg/migration/testdata/plan/claim.yaml b/pkg/migration/testdata/plan/claim.yaml index f5231590..1fd8ac65 100644 --- a/pkg/migration/testdata/plan/claim.yaml +++ b/pkg/migration/testdata/plan/claim.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: test.com/v1alpha1 kind: MyResource metadata: diff --git a/pkg/migration/testdata/plan/composition.yaml b/pkg/migration/testdata/plan/composition.yaml index d66c2477..9c7ca023 100644 --- a/pkg/migration/testdata/plan/composition.yaml +++ b/pkg/migration/testdata/plan/composition.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: diff --git a/pkg/migration/testdata/plan/configurationpkgv1.yaml b/pkg/migration/testdata/plan/configurationpkgv1.yaml index 972b8c3d..ee2aa48f 100644 --- a/pkg/migration/testdata/plan/configurationpkgv1.yaml +++ b/pkg/migration/testdata/plan/configurationpkgv1.yaml @@ -1,6 +1,10 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Configuration metadata: name: platform-ref-aws spec: - package: xpkg.upbound.io/upbound/provider-ref-aws:v0.1.0 \ No newline at end of file + package: xpkg.upbound.io/upbound/provider-ref-aws:v0.1.0 diff --git a/pkg/migration/testdata/plan/configurationv1.yaml b/pkg/migration/testdata/plan/configurationv1.yaml index 809b0a26..5004580e 100644 --- a/pkg/migration/testdata/plan/configurationv1.yaml +++ b/pkg/migration/testdata/plan/configurationv1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: meta.pkg.crossplane.io/v1 kind: Configuration metadata: @@ -33,4 +37,4 @@ spec: - provider: xpkg.upbound.io/upbound/provider-aws version: ">=v0.15.0" - provider: xpkg.upbound.io/crossplane-contrib/provider-helm - version: ">=v0.12.0" \ No newline at end of file + version: ">=v0.12.0" diff --git a/pkg/migration/testdata/plan/configurationv1alpha1.yaml b/pkg/migration/testdata/plan/configurationv1alpha1.yaml index 117faf74..772c5108 100644 --- a/pkg/migration/testdata/plan/configurationv1alpha1.yaml +++ b/pkg/migration/testdata/plan/configurationv1alpha1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: meta.pkg.crossplane.io/v1alpha1 kind: Configuration metadata: @@ -33,4 +37,4 @@ spec: - provider: xpkg.upbound.io/upbound/provider-aws version: ">=v0.15.0" - provider: xpkg.upbound.io/crossplane-contrib/provider-helm - version: ">=v0.12.0" \ No newline at end of file + version: ">=v0.12.0" diff --git a/pkg/migration/testdata/plan/generated/activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml index 2d83bc3c..263c101a 100644 --- a/pkg/migration/testdata/plan/generated/activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: diff --git a/pkg/migration/testdata/plan/generated/activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml index dc9d0827..69893cfc 100644 --- a/pkg/migration/testdata/plan/generated/activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: diff --git a/pkg/migration/testdata/plan/generated/activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml index 8491afdc..1761efe3 100644 --- a/pkg/migration/testdata/plan/generated/activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: diff --git a/pkg/migration/testdata/plan/generated/configurationv1_migration_plan.yaml b/pkg/migration/testdata/plan/generated/configurationv1_migration_plan.yaml index e1dc326e..98e978d5 100644 --- a/pkg/migration/testdata/plan/generated/configurationv1_migration_plan.yaml +++ b/pkg/migration/testdata/plan/generated/configurationv1_migration_plan.yaml @@ -1,63 +1,67 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + spec: steps: - - exec: - command: sh - args: - - "-c" - - "kubectl get managed -o yaml > backup/managed-resources.yaml" - name: backup-managed-resources - manualExecution: - - sh -c "kubectl get managed -o yaml > backup/managed-resources.yaml" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl get managed -o yaml > backup/managed-resources.yaml" + name: backup-managed-resources + manualExecution: + - sh -c "kubectl get managed -o yaml > backup/managed-resources.yaml" + type: Exec - - exec: - command: sh - args: - - "-c" - - "kubectl get composite -o yaml > backup/composite-resources.yaml" - name: backup-composite-resources - manualExecution: - - sh -c "kubectl get composite -o yaml > backup/composite-resources.yaml" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl get composite -o yaml > backup/composite-resources.yaml" + name: backup-composite-resources + manualExecution: + - sh -c "kubectl get composite -o yaml > backup/composite-resources.yaml" + type: Exec - - exec: - command: sh - args: - - "-c" - - "kubectl get claim --all-namespaces -o yaml > backup/claim-resources.yaml" - name: backup-claim-resources - manualExecution: - - sh -c "kubectl get claim --all-namespaces -o yaml > backup/claim-resources.yaml" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl get claim --all-namespaces -o yaml > backup/claim-resources.yaml" + name: backup-claim-resources + manualExecution: + - sh -c "kubectl get claim --all-namespaces -o yaml > backup/claim-resources.yaml" + type: Exec - - exec: - command: sh - args: - - "-c" - - "cp edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1.yaml testdata/plan/configurationv1.yaml" - name: edit-configuration-metadata - manualExecution: - - sh -c "cp edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1.yaml testdata/plan/configurationv1.yaml" - type: Exec + - exec: + command: sh + args: + - "-c" + - "cp edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1.yaml testdata/plan/configurationv1.yaml" + name: edit-configuration-metadata + manualExecution: + - sh -c "cp edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1.yaml testdata/plan/configurationv1.yaml" + type: Exec - - exec: - command: sh - args: - - "-c" - - "up xpkg build --package-root={{PKG_ROOT}} --examples-root={{EXAMPLES_ROOT}} -o {{PKG_PATH}}" - name: build-configuration - manualExecution: - - sh -c "up xpkg build --package-root={{PKG_ROOT}} --examples-root={{EXAMPLES_ROOT}} -o {{PKG_PATH}}" - type: Exec + - exec: + command: sh + args: + - "-c" + - "up xpkg build --package-root={{PKG_ROOT}} --examples-root={{EXAMPLES_ROOT}} -o {{PKG_PATH}}" + name: build-configuration + manualExecution: + - sh -c "up xpkg build --package-root={{PKG_ROOT}} --examples-root={{EXAMPLES_ROOT}} -o {{PKG_PATH}}" + type: Exec - - exec: - command: sh - args: - - "-c" - - "up xpkg push {{TARGET_CONFIGURATION_PACKAGE}} -f {{PKG_PATH}}" - name: push-configuration - manualExecution: - - sh -c "up xpkg push {{TARGET_CONFIGURATION_PACKAGE}} -f {{PKG_PATH}}" - type: Exec + - exec: + command: sh + args: + - "-c" + - "up xpkg push {{TARGET_CONFIGURATION_PACKAGE}} -f {{PKG_PATH}}" + name: push-configuration + manualExecution: + - sh -c "up xpkg push {{TARGET_CONFIGURATION_PACKAGE}} -f {{PKG_PATH}}" + type: Exec version: 0.1.0 diff --git a/pkg/migration/testdata/plan/generated/configurationv1_pkg_migration_plan.yaml b/pkg/migration/testdata/plan/generated/configurationv1_pkg_migration_plan.yaml index 22b05730..c7c2128c 100644 --- a/pkg/migration/testdata/plan/generated/configurationv1_pkg_migration_plan.yaml +++ b/pkg/migration/testdata/plan/generated/configurationv1_pkg_migration_plan.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + spec: steps: - exec: diff --git a/pkg/migration/testdata/plan/generated/configurationv1alpha1_migration_plan.yaml b/pkg/migration/testdata/plan/generated/configurationv1alpha1_migration_plan.yaml index 2903ad87..ec9d0258 100644 --- a/pkg/migration/testdata/plan/generated/configurationv1alpha1_migration_plan.yaml +++ b/pkg/migration/testdata/plan/generated/configurationv1alpha1_migration_plan.yaml @@ -1,63 +1,67 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + spec: steps: - - exec: - command: sh - args: - - "-c" - - "kubectl get managed -o yaml > backup/managed-resources.yaml" - name: backup-managed-resources - manualExecution: - - sh -c "kubectl get managed -o yaml > backup/managed-resources.yaml" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl get managed -o yaml > backup/managed-resources.yaml" + name: backup-managed-resources + manualExecution: + - sh -c "kubectl get managed -o yaml > backup/managed-resources.yaml" + type: Exec - - exec: - command: sh - args: - - "-c" - - "kubectl get composite -o yaml > backup/composite-resources.yaml" - name: backup-composite-resources - manualExecution: - - sh -c "kubectl get composite -o yaml > backup/composite-resources.yaml" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl get composite -o yaml > backup/composite-resources.yaml" + name: backup-composite-resources + manualExecution: + - sh -c "kubectl get composite -o yaml > backup/composite-resources.yaml" + type: Exec - - exec: - command: sh - args: - - "-c" - - "kubectl get claim --all-namespaces -o yaml > backup/claim-resources.yaml" - name: backup-claim-resources - manualExecution: - - sh -c "kubectl get claim --all-namespaces -o yaml > backup/claim-resources.yaml" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl get claim --all-namespaces -o yaml > backup/claim-resources.yaml" + name: backup-claim-resources + manualExecution: + - sh -c "kubectl get claim --all-namespaces -o yaml > backup/claim-resources.yaml" + type: Exec - - exec: - command: sh - args: - - "-c" - - "cp edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1alpha1.yaml testdata/plan/configurationv1alpha1.yaml" - name: edit-configuration-metadata - manualExecution: - - sh -c "cp edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1alpha1.yaml testdata/plan/configurationv1alpha1.yaml" - type: Exec + - exec: + command: sh + args: + - "-c" + - "cp edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1alpha1.yaml testdata/plan/configurationv1alpha1.yaml" + name: edit-configuration-metadata + manualExecution: + - sh -c "cp edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1alpha1.yaml testdata/plan/configurationv1alpha1.yaml" + type: Exec - - exec: - command: sh - args: - - "-c" - - "up xpkg build --package-root={{PKG_ROOT}} --examples-root={{EXAMPLES_ROOT}} -o {{PKG_PATH}}" - name: build-configuration - manualExecution: - - sh -c "up xpkg build --package-root={{PKG_ROOT}} --examples-root={{EXAMPLES_ROOT}} -o {{PKG_PATH}}" - type: Exec + - exec: + command: sh + args: + - "-c" + - "up xpkg build --package-root={{PKG_ROOT}} --examples-root={{EXAMPLES_ROOT}} -o {{PKG_PATH}}" + name: build-configuration + manualExecution: + - sh -c "up xpkg build --package-root={{PKG_ROOT}} --examples-root={{EXAMPLES_ROOT}} -o {{PKG_PATH}}" + type: Exec - - exec: - command: sh - args: - - "-c" - - "up xpkg push {{TARGET_CONFIGURATION_PACKAGE}} -f {{PKG_PATH}}" - name: push-configuration - manualExecution: - - sh -c "up xpkg push {{TARGET_CONFIGURATION_PACKAGE}} -f {{PKG_PATH}}" - type: Exec + - exec: + command: sh + args: + - "-c" + - "up xpkg push {{TARGET_CONFIGURATION_PACKAGE}} -f {{PKG_PATH}}" + name: push-configuration + manualExecution: + - sh -c "up xpkg push {{TARGET_CONFIGURATION_PACKAGE}} -f {{PKG_PATH}}" + type: Exec version: 0.1.0 diff --git a/pkg/migration/testdata/plan/generated/create-new-managed/sample-vpc.vpcs.faketargetapi.yaml b/pkg/migration/testdata/plan/generated/create-new-managed/sample-vpc.vpcs.faketargetapi.yaml index 8a71e291..14597c2e 100644 --- a/pkg/migration/testdata/plan/generated/create-new-managed/sample-vpc.vpcs.faketargetapi.yaml +++ b/pkg/migration/testdata/plan/generated/create-new-managed/sample-vpc.vpcs.faketargetapi.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: faketargetapi/v1alpha1 kind: VPC metadata: diff --git a/pkg/migration/testdata/plan/generated/deletion-policy-delete/sample-vpc.vpcs.fakesourceapi_v1alpha1.yaml b/pkg/migration/testdata/plan/generated/deletion-policy-delete/sample-vpc.vpcs.fakesourceapi_v1alpha1.yaml index c1c0157d..f0c2cfcb 100644 --- a/pkg/migration/testdata/plan/generated/deletion-policy-delete/sample-vpc.vpcs.fakesourceapi_v1alpha1.yaml +++ b/pkg/migration/testdata/plan/generated/deletion-policy-delete/sample-vpc.vpcs.fakesourceapi_v1alpha1.yaml @@ -1,6 +1,10 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: fakesourceapi/v1alpha1 kind: VPC metadata: name: sample-vpc spec: - deletionPolicy: Delete \ No newline at end of file + deletionPolicy: Delete diff --git a/pkg/migration/testdata/plan/generated/deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml b/pkg/migration/testdata/plan/generated/deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml index aecbd81e..de5bbaf0 100644 --- a/pkg/migration/testdata/plan/generated/deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml +++ b/pkg/migration/testdata/plan/generated/deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: fakesourceapi/v1alpha1 kind: VPC metadata: diff --git a/pkg/migration/testdata/plan/generated/deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi_v1alpha1.yaml b/pkg/migration/testdata/plan/generated/deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi_v1alpha1.yaml index b855631f..de5bbaf0 100644 --- a/pkg/migration/testdata/plan/generated/deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi_v1alpha1.yaml +++ b/pkg/migration/testdata/plan/generated/deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi_v1alpha1.yaml @@ -1,6 +1,10 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: fakesourceapi/v1alpha1 kind: VPC metadata: name: sample-vpc spec: - deletionPolicy: Orphan \ No newline at end of file + deletionPolicy: Orphan diff --git a/pkg/migration/testdata/plan/generated/disable-dependency-resolution/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/disable-dependency-resolution/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml index 5c747b09..2295384f 100644 --- a/pkg/migration/testdata/plan/generated/disable-dependency-resolution/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/disable-dependency-resolution/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Configuration metadata: diff --git a/pkg/migration/testdata/plan/generated/edit-claims/my-resource.myresources.test.com.yaml b/pkg/migration/testdata/plan/generated/edit-claims/my-resource.myresources.test.com.yaml index c2cb9a3a..e1cfffbc 100644 --- a/pkg/migration/testdata/plan/generated/edit-claims/my-resource.myresources.test.com.yaml +++ b/pkg/migration/testdata/plan/generated/edit-claims/my-resource.myresources.test.com.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: test.com/v1alpha1 kind: MyResource metadata: diff --git a/pkg/migration/testdata/plan/generated/edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml b/pkg/migration/testdata/plan/generated/edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml index 207c070d..3d3271dc 100644 --- a/pkg/migration/testdata/plan/generated/edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml +++ b/pkg/migration/testdata/plan/generated/edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: test.com/v1alpha1 kind: XMyResource metadata: @@ -6,6 +10,6 @@ spec: compositionRef: name: example-migrated resourceRefs: - - apiVersion: faketargetapi/v1alpha1 - kind: VPC - name: sample-vpc + - apiVersion: faketargetapi/v1alpha1 + kind: VPC + name: sample-vpc diff --git a/pkg/migration/testdata/plan/generated/edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1.yaml index 32560007..24b6f3f3 100644 --- a/pkg/migration/testdata/plan/generated/edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: meta.pkg.crossplane.io/v1 kind: Configuration metadata: diff --git a/pkg/migration/testdata/plan/generated/edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1alpha1.yaml b/pkg/migration/testdata/plan/generated/edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1alpha1.yaml index c64da0bd..ef6ef948 100644 --- a/pkg/migration/testdata/plan/generated/edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1alpha1.yaml +++ b/pkg/migration/testdata/plan/generated/edit-configuration-metadata/platform-ref-aws.configurations.meta.pkg.crossplane.io_v1alpha1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: meta.pkg.crossplane.io/v1alpha1 kind: Configuration metadata: diff --git a/pkg/migration/testdata/plan/generated/edit-configuration-package/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/edit-configuration-package/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml index e74b8374..8b8ff78c 100644 --- a/pkg/migration/testdata/plan/generated/edit-configuration-package/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/edit-configuration-package/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Configuration metadata: diff --git a/pkg/migration/testdata/plan/generated/edit-package-lock/lock.locks.pkg.crossplane.io_v1beta1.yaml b/pkg/migration/testdata/plan/generated/edit-package-lock/lock.locks.pkg.crossplane.io_v1beta1.yaml index 3a0cfdb5..14ee1e63 100644 --- a/pkg/migration/testdata/plan/generated/edit-package-lock/lock.locks.pkg.crossplane.io_v1beta1.yaml +++ b/pkg/migration/testdata/plan/generated/edit-package-lock/lock.locks.pkg.crossplane.io_v1beta1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1beta1 kind: Lock metadata: @@ -11,4 +15,3 @@ packages: type: Provider source: xpkg.upbound.io/upbound/test-provider version: vX.Y.Z - diff --git a/pkg/migration/testdata/plan/generated/enable-dependency-resolution/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/enable-dependency-resolution/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml index d0ee5a05..1f89d359 100644 --- a/pkg/migration/testdata/plan/generated/enable-dependency-resolution/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/enable-dependency-resolution/platform-ref-aws.configurations.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Configuration metadata: diff --git a/pkg/migration/testdata/plan/generated/migration_plan.yaml b/pkg/migration/testdata/plan/generated/migration_plan.yaml index 1a8b4e91..e93b18b3 100644 --- a/pkg/migration/testdata/plan/generated/migration_plan.yaml +++ b/pkg/migration/testdata/plan/generated/migration_plan.yaml @@ -1,104 +1,108 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + spec: steps: - - patch: - type: merge - files: - - pause-managed/sample-vpc.vpcs.fakesourceapi.yaml - name: pause-managed - manualExecution: - - "kubectl patch --type='merge' -f pause-managed/sample-vpc.vpcs.fakesourceapi.yaml --patch-file pause-managed/sample-vpc.vpcs.fakesourceapi.yaml" - type: Patch + - patch: + type: merge + files: + - pause-managed/sample-vpc.vpcs.fakesourceapi.yaml + name: pause-managed + manualExecution: + - "kubectl patch --type='merge' -f pause-managed/sample-vpc.vpcs.fakesourceapi.yaml --patch-file pause-managed/sample-vpc.vpcs.fakesourceapi.yaml" + type: Patch - - patch: - type: merge - files: - - pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml - name: pause-composites - manualExecution: - - "kubectl patch --type='merge' -f pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml --patch-file pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml" - type: Patch + - patch: + type: merge + files: + - pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml + name: pause-composites + manualExecution: + - "kubectl patch --type='merge' -f pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml --patch-file pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml" + type: Patch - - apply: - files: - - create-new-managed/sample-vpc.vpcs.faketargetapi.yaml - name: create-new-managed - manualExecution: - - "kubectl apply -f create-new-managed/sample-vpc.vpcs.faketargetapi.yaml" - type: Apply + - apply: + files: + - create-new-managed/sample-vpc.vpcs.faketargetapi.yaml + name: create-new-managed + manualExecution: + - "kubectl apply -f create-new-managed/sample-vpc.vpcs.faketargetapi.yaml" + type: Apply - - apply: - files: - - new-compositions/example-migrated.compositions.apiextensions.crossplane.io.yaml - name: new-compositions - manualExecution: - - "kubectl apply -f new-compositions/example-migrated.compositions.apiextensions.crossplane.io.yaml" - type: Apply + - apply: + files: + - new-compositions/example-migrated.compositions.apiextensions.crossplane.io.yaml + name: new-compositions + manualExecution: + - "kubectl apply -f new-compositions/example-migrated.compositions.apiextensions.crossplane.io.yaml" + type: Apply - - patch: - type: merge - files: - - edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml - name: edit-composites - manualExecution: - - "kubectl patch --type='merge' -f edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml --patch-file edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml" - type: Patch + - patch: + type: merge + files: + - edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml + name: edit-composites + manualExecution: + - "kubectl patch --type='merge' -f edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml --patch-file edit-composites/my-resource-dwjgh.xmyresources.test.com.yaml" + type: Patch - - patch: - type: merge - files: - - edit-claims/my-resource.myresources.test.com.yaml - name: edit-claims - manualExecution: - - "kubectl patch --type='merge' -f edit-claims/my-resource.myresources.test.com.yaml --patch-file edit-claims/my-resource.myresources.test.com.yaml" - type: Patch + - patch: + type: merge + files: + - edit-claims/my-resource.myresources.test.com.yaml + name: edit-claims + manualExecution: + - "kubectl patch --type='merge' -f edit-claims/my-resource.myresources.test.com.yaml --patch-file edit-claims/my-resource.myresources.test.com.yaml" + type: Patch - - patch: - type: merge - files: - - deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml - name: deletion-policy-orphan - manualExecution: - - "kubectl patch --type='merge' -f deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml --patch-file deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml" - type: Patch + - patch: + type: merge + files: + - deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml + name: deletion-policy-orphan + manualExecution: + - "kubectl patch --type='merge' -f deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml --patch-file deletion-policy-orphan/sample-vpc.vpcs.fakesourceapi.yaml" + type: Patch - - patch: - type: merge - files: - - remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml - name: remove-finalizers - manualExecution: - - "kubectl patch --type='merge' -f remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml --patch-file remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml" - type: Patch + - patch: + type: merge + files: + - remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml + name: remove-finalizers + manualExecution: + - "kubectl patch --type='merge' -f remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml --patch-file remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml" + type: Patch - - delete: - options: - finalizerPolicy: Remove - resources: - - group: fakesourceapi - kind: VPC - name: sample-vpc - version: v1alpha1 - name: delete-old-managed - manualExecution: - - "kubectl delete VPC.fakesourceapi sample-vpc" - type: Delete + - delete: + options: + finalizerPolicy: Remove + resources: + - group: fakesourceapi + kind: VPC + name: sample-vpc + version: v1alpha1 + name: delete-old-managed + manualExecution: + - "kubectl delete VPC.fakesourceapi sample-vpc" + type: Delete - - patch: - type: merge - files: - - start-managed/sample-vpc.vpcs.faketargetapi.yaml - name: start-managed - manualExecution: - - "kubectl patch --type='merge' -f start-managed/sample-vpc.vpcs.faketargetapi.yaml --patch-file start-managed/sample-vpc.vpcs.faketargetapi.yaml" - type: Patch + - patch: + type: merge + files: + - start-managed/sample-vpc.vpcs.faketargetapi.yaml + name: start-managed + manualExecution: + - "kubectl patch --type='merge' -f start-managed/sample-vpc.vpcs.faketargetapi.yaml --patch-file start-managed/sample-vpc.vpcs.faketargetapi.yaml" + type: Patch - - patch: - type: merge - files: - - start-composites/my-resource-dwjgh.xmyresources.test.com.yaml - name: start-composites - manualExecution: - - "kubectl patch --type='merge' -f start-composites/my-resource-dwjgh.xmyresources.test.com.yaml --patch-file start-composites/my-resource-dwjgh.xmyresources.test.com.yaml" - type: Patch + - patch: + type: merge + files: + - start-composites/my-resource-dwjgh.xmyresources.test.com.yaml + name: start-composites + manualExecution: + - "kubectl patch --type='merge' -f start-composites/my-resource-dwjgh.xmyresources.test.com.yaml --patch-file start-composites/my-resource-dwjgh.xmyresources.test.com.yaml" + type: Patch -version: 0.1.0 \ No newline at end of file +version: 0.1.0 diff --git a/pkg/migration/testdata/plan/generated/migration_plan_filesystem.yaml b/pkg/migration/testdata/plan/generated/migration_plan_filesystem.yaml index efc090ab..e60f1478 100644 --- a/pkg/migration/testdata/plan/generated/migration_plan_filesystem.yaml +++ b/pkg/migration/testdata/plan/generated/migration_plan_filesystem.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + spec: steps: - apply: @@ -52,4 +56,4 @@ spec: - "kubectl patch --type='merge' -f start-composites/my-resource-dwjgh.xmyresources.test.com.yaml --patch-file start-composites/my-resource-dwjgh.xmyresources.test.com.yaml" type: Patch -version: 0.1.0 \ No newline at end of file +version: 0.1.0 diff --git a/pkg/migration/testdata/plan/generated/new-compositions/example-migrated.compositions.apiextensions.crossplane.io.yaml b/pkg/migration/testdata/plan/generated/new-compositions/example-migrated.compositions.apiextensions.crossplane.io.yaml index 77540f4d..0dc3fb24 100644 --- a/pkg/migration/testdata/plan/generated/new-compositions/example-migrated.compositions.apiextensions.crossplane.io.yaml +++ b/pkg/migration/testdata/plan/generated/new-compositions/example-migrated.compositions.apiextensions.crossplane.io.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: @@ -38,37 +42,37 @@ spec: - fromFieldPath: "spec.parameters.tagValue" toFieldPath: spec.forProvider.tags["key4"] resources: - - base: - apiVersion: faketargetapi/v1alpha1 - kind: VPC - mockManaged: - ctrl: null - recorder: null - spec: - forProvider: - cidrBlock: 192.168.0.0/16 - region: us-west-1 - tags: - key1: val1 - key2: val2 - key3: val3 - name: vpc - patches: - - fromFieldPath: spec.parameters.tagValue - toFieldPath: spec.forProvider.tags["key1"] - - fromFieldPath: spec.parameters.tagValue - toFieldPath: spec.forProvider.tags["key2"] - - type: PatchSet - patchSetName: ps1 - - type: PatchSet - patchSetName: ps2 - - type: PatchSet - patchSetName: ps3 - - type: PatchSet - patchSetName: ps4 - - type: PatchSet - patchSetName: ps5 - - type: PatchSet - patchSetName: ps6 - - fromFieldPath: "spec.parameters.tagValue" - toFieldPath: spec.forProvider.param + - base: + apiVersion: faketargetapi/v1alpha1 + kind: VPC + mockManaged: + ctrl: null + recorder: null + spec: + forProvider: + cidrBlock: 192.168.0.0/16 + region: us-west-1 + tags: + key1: val1 + key2: val2 + key3: val3 + name: vpc + patches: + - fromFieldPath: spec.parameters.tagValue + toFieldPath: spec.forProvider.tags["key1"] + - fromFieldPath: spec.parameters.tagValue + toFieldPath: spec.forProvider.tags["key2"] + - type: PatchSet + patchSetName: ps1 + - type: PatchSet + patchSetName: ps2 + - type: PatchSet + patchSetName: ps3 + - type: PatchSet + patchSetName: ps4 + - type: PatchSet + patchSetName: ps5 + - type: PatchSet + patchSetName: ps6 + - fromFieldPath: "spec.parameters.tagValue" + toFieldPath: spec.forProvider.param diff --git a/pkg/migration/testdata/plan/generated/new-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/new-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml index 4f6a43dd..22d58807 100644 --- a/pkg/migration/testdata/plan/generated/new-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/new-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: diff --git a/pkg/migration/testdata/plan/generated/new-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/new-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml index 05fe4545..e8670c7d 100644 --- a/pkg/migration/testdata/plan/generated/new-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/new-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: diff --git a/pkg/migration/testdata/plan/generated/new-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml b/pkg/migration/testdata/plan/generated/new-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml index eddda03d..bfcc9825 100644 --- a/pkg/migration/testdata/plan/generated/new-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml +++ b/pkg/migration/testdata/plan/generated/new-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: diff --git a/pkg/migration/testdata/plan/generated/pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml b/pkg/migration/testdata/plan/generated/pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml index 56760677..26f88624 100644 --- a/pkg/migration/testdata/plan/generated/pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml +++ b/pkg/migration/testdata/plan/generated/pause-composites/my-resource-dwjgh.xmyresources.test.com.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: test.com/v1alpha1 kind: XMyResource metadata: diff --git a/pkg/migration/testdata/plan/generated/pause-managed/sample-vpc.vpcs.fakesourceapi.yaml b/pkg/migration/testdata/plan/generated/pause-managed/sample-vpc.vpcs.fakesourceapi.yaml index 20d1ec18..663c2d2b 100644 --- a/pkg/migration/testdata/plan/generated/pause-managed/sample-vpc.vpcs.fakesourceapi.yaml +++ b/pkg/migration/testdata/plan/generated/pause-managed/sample-vpc.vpcs.fakesourceapi.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: fakesourceapi/v1alpha1 kind: VPC metadata: diff --git a/pkg/migration/testdata/plan/generated/providerv1_migration_plan.yaml b/pkg/migration/testdata/plan/generated/providerv1_migration_plan.yaml index 7cfa9a85..2636c549 100644 --- a/pkg/migration/testdata/plan/generated/providerv1_migration_plan.yaml +++ b/pkg/migration/testdata/plan/generated/providerv1_migration_plan.yaml @@ -1,114 +1,118 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + spec: steps: - - apply: - files: - - new-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml - name: new-ssop - manualExecution: - - "kubectl apply -f new-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml" - type: Apply + - apply: + files: + - new-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml + name: new-ssop + manualExecution: + - "kubectl apply -f new-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml" + type: Apply - - exec: - command: sh - args: - - "-c" - - "kubectl wait provider.pkg provider-family-aws --for condition=Healthy" - name: wait-for-healthy - manualExecution: - - sh -c "kubectl wait provider.pkg provider-family-aws --for condition=Healthy" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl wait provider.pkg provider-family-aws --for condition=Healthy" + name: wait-for-healthy + manualExecution: + - sh -c "kubectl wait provider.pkg provider-family-aws --for condition=Healthy" + type: Exec - - apply: - files: - - new-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml - - new-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml - name: new-ssop - manualExecution: - - "kubectl apply -f new-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml" - - "kubectl apply -f new-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml" - type: Apply + - apply: + files: + - new-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml + - new-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml + name: new-ssop + manualExecution: + - "kubectl apply -f new-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml" + - "kubectl apply -f new-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml" + type: Apply - - exec: - command: sh - args: - - "-c" - - "kubectl wait provider.pkg provider-aws-ec2 --for condition=Healthy" - name: wait-for-healthy - manualExecution: - - sh -c "kubectl wait provider.pkg provider-aws-ec2 --for condition=Healthy" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl wait provider.pkg provider-aws-ec2 --for condition=Healthy" + name: wait-for-healthy + manualExecution: + - sh -c "kubectl wait provider.pkg provider-aws-ec2 --for condition=Healthy" + type: Exec - - exec: - command: sh - args: - - "-c" - - "kubectl wait provider.pkg provider-aws-eks --for condition=Healthy" - name: wait-for-healthy - manualExecution: - - sh -c "kubectl wait provider.pkg provider-aws-eks --for condition=Healthy" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl wait provider.pkg provider-aws-eks --for condition=Healthy" + name: wait-for-healthy + manualExecution: + - sh -c "kubectl wait provider.pkg provider-aws-eks --for condition=Healthy" + type: Exec - - delete: - options: - finalizerPolicy: Remove - resources: - - group: pkg.crossplane.io - kind: Provider - name: provider-aws - version: v1 - name: delete-monolithic-provider - manualExecution: - - "kubectl delete Provider.pkg.crossplane.io provider-aws" - type: Delete + - delete: + options: + finalizerPolicy: Remove + resources: + - group: pkg.crossplane.io + kind: Provider + name: provider-aws + version: v1 + name: delete-monolithic-provider + manualExecution: + - "kubectl delete Provider.pkg.crossplane.io provider-aws" + type: Delete - - patch: - type: merge - files: - - activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml - name: activate-ssop - manualExecution: - - "kubectl patch --type='merge' -f activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml --patch-file activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml" - type: Patch + - patch: + type: merge + files: + - activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml + name: activate-ssop + manualExecution: + - "kubectl patch --type='merge' -f activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml --patch-file activate-ssop/provider-family-aws.providers.pkg.crossplane.io_v1.yaml" + type: Patch - - exec: - command: sh - args: - - "-c" - - "kubectl wait provider.pkg provider-family-aws --for condition=Installed" - name: wait-for-installed - manualExecution: - - sh -c "kubectl wait provider.pkg provider-family-aws --for condition=Installed" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl wait provider.pkg provider-family-aws --for condition=Installed" + name: wait-for-installed + manualExecution: + - sh -c "kubectl wait provider.pkg provider-family-aws --for condition=Installed" + type: Exec - - patch: - type: merge - files: - - activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml - - activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml - name: activate-ssop - manualExecution: - - "kubectl patch --type='merge' -f activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml --patch-file activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml" - - "kubectl patch --type='merge' -f activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml --patch-file activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml" - type: Patch + - patch: + type: merge + files: + - activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml + - activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml + name: activate-ssop + manualExecution: + - "kubectl patch --type='merge' -f activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml --patch-file activate-ssop/provider-aws-ec2.providers.pkg.crossplane.io_v1.yaml" + - "kubectl patch --type='merge' -f activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml --patch-file activate-ssop/provider-aws-eks.providers.pkg.crossplane.io_v1.yaml" + type: Patch - - exec: - command: sh - args: - - "-c" - - "kubectl wait provider.pkg provider-aws-ec2 --for condition=Installed" - name: wait-for-installed - manualExecution: - - sh -c "kubectl wait provider.pkg provider-aws-ec2 --for condition=Installed" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl wait provider.pkg provider-aws-ec2 --for condition=Installed" + name: wait-for-installed + manualExecution: + - sh -c "kubectl wait provider.pkg provider-aws-ec2 --for condition=Installed" + type: Exec - - exec: - command: sh - args: - - "-c" - - "kubectl wait provider.pkg provider-aws-eks --for condition=Installed" - name: wait-for-installed - manualExecution: - - sh -c "kubectl wait provider.pkg provider-aws-eks --for condition=Installed" - type: Exec + - exec: + command: sh + args: + - "-c" + - "kubectl wait provider.pkg provider-aws-eks --for condition=Installed" + name: wait-for-installed + manualExecution: + - sh -c "kubectl wait provider.pkg provider-aws-eks --for condition=Installed" + type: Exec version: 0.1.0 diff --git a/pkg/migration/testdata/plan/generated/remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml b/pkg/migration/testdata/plan/generated/remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml index 3544a379..8288dc18 100644 --- a/pkg/migration/testdata/plan/generated/remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml +++ b/pkg/migration/testdata/plan/generated/remove-finalizers/sample-vpc.vpcs.fakesourceapi.yaml @@ -1,6 +1,9 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: fakesourceapi/v1alpha1 kind: VPC metadata: name: sample-vpc finalizers: [] - diff --git a/pkg/migration/testdata/plan/generated/sp_migration_plan.yaml b/pkg/migration/testdata/plan/generated/sp_migration_plan.yaml index 98797fe2..c4988d82 100644 --- a/pkg/migration/testdata/plan/generated/sp_migration_plan.yaml +++ b/pkg/migration/testdata/plan/generated/sp_migration_plan.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + # Expected Parameters: # Monolith provider name # Configuration name @@ -156,4 +160,3 @@ spec: type: Patch version: 0.1.0 - diff --git a/pkg/migration/testdata/plan/generated/start-composites/my-resource-dwjgh.xmyresources.test.com.yaml b/pkg/migration/testdata/plan/generated/start-composites/my-resource-dwjgh.xmyresources.test.com.yaml index b1e5983e..9f7ff4f4 100644 --- a/pkg/migration/testdata/plan/generated/start-composites/my-resource-dwjgh.xmyresources.test.com.yaml +++ b/pkg/migration/testdata/plan/generated/start-composites/my-resource-dwjgh.xmyresources.test.com.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: test.com/v1alpha1 kind: XMyResource metadata: diff --git a/pkg/migration/testdata/plan/generated/start-managed/sample-vpc.vpcs.faketargetapi.yaml b/pkg/migration/testdata/plan/generated/start-managed/sample-vpc.vpcs.faketargetapi.yaml index db644a2a..01f174cd 100644 --- a/pkg/migration/testdata/plan/generated/start-managed/sample-vpc.vpcs.faketargetapi.yaml +++ b/pkg/migration/testdata/plan/generated/start-managed/sample-vpc.vpcs.faketargetapi.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: faketargetapi/v1alpha1 kind: VPC metadata: diff --git a/pkg/migration/testdata/plan/lockv1beta1.yaml b/pkg/migration/testdata/plan/lockv1beta1.yaml index ac24f14e..14591e64 100644 --- a/pkg/migration/testdata/plan/lockv1beta1.yaml +++ b/pkg/migration/testdata/plan/lockv1beta1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1beta1 kind: Lock metadata: diff --git a/pkg/migration/testdata/plan/providerv1.yaml b/pkg/migration/testdata/plan/providerv1.yaml index b34a4ecd..0c451011 100644 --- a/pkg/migration/testdata/plan/providerv1.yaml +++ b/pkg/migration/testdata/plan/providerv1.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: diff --git a/pkg/migration/testdata/plan/sourcevpc.yaml b/pkg/migration/testdata/plan/sourcevpc.yaml index 01ae52ec..97c5354c 100644 --- a/pkg/migration/testdata/plan/sourcevpc.yaml +++ b/pkg/migration/testdata/plan/sourcevpc.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: fakesourceapi/v1alpha1 kind: VPC metadata: diff --git a/pkg/migration/testdata/plan/sourcevpc2.yaml b/pkg/migration/testdata/plan/sourcevpc2.yaml index 42461ebb..1ac874f3 100644 --- a/pkg/migration/testdata/plan/sourcevpc2.yaml +++ b/pkg/migration/testdata/plan/sourcevpc2.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: fakesourceapi/v1alpha1 kind: VPC metadata: diff --git a/pkg/migration/testdata/plan/xr.yaml b/pkg/migration/testdata/plan/xr.yaml index 80e2b668..953b6439 100644 --- a/pkg/migration/testdata/plan/xr.yaml +++ b/pkg/migration/testdata/plan/xr.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: test.com/v1alpha1 kind: XMyResource metadata: diff --git a/pkg/migration/testdata/plan/xrd.yaml b/pkg/migration/testdata/plan/xrd.yaml index 4fba46ef..4a46fd00 100644 --- a/pkg/migration/testdata/plan/xrd.yaml +++ b/pkg/migration/testdata/plan/xrd.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: apiextensions.crossplane.io/v1 kind: CompositeResourceDefinition metadata: @@ -11,25 +15,25 @@ spec: kind: XMyResource plural: xmyresources versions: - - name: v1alpha1 - referenceable: true - schema: - openAPIV3Schema: - properties: - spec: - properties: - parameters: - properties: - tagValue: - type: string - region: - type: string - required: - - tagValue - - region - type: object - required: - - parameters - type: object - type: object - served: true + - name: v1alpha1 + referenceable: true + schema: + openAPIV3Schema: + properties: + spec: + properties: + parameters: + properties: + tagValue: + type: string + region: + type: string + required: + - tagValue + - region + type: object + required: + - parameters + type: object + type: object + served: true diff --git a/pkg/migration/testdata/source/awsvpc.yaml b/pkg/migration/testdata/source/awsvpc.yaml index c62e492a..88fc6925 100644 --- a/pkg/migration/testdata/source/awsvpc.yaml +++ b/pkg/migration/testdata/source/awsvpc.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: ec2.aws.crossplane.io/v1beta1 kind: VPC metadata: diff --git a/pkg/migration/testdata/source/resourcegroup.yaml b/pkg/migration/testdata/source/resourcegroup.yaml index a84ff84a..7b48c2ef 100644 --- a/pkg/migration/testdata/source/resourcegroup.yaml +++ b/pkg/migration/testdata/source/resourcegroup.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: azure.crossplane.io/v1beta1 kind: ResourceGroup metadata: diff --git a/pkg/migration/types.go b/pkg/migration/types.go index 40c4ad88..615e9ef6 100644 --- a/pkg/migration/types.go +++ b/pkg/migration/types.go @@ -1,16 +1,6 @@ -// Copyright 2022 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package migration diff --git a/pkg/pipeline/controller.go b/pkg/pipeline/controller.go index 5f2c70a8..e34f05aa 100644 --- a/pkg/pipeline/controller.go +++ b/pkg/pipeline/controller.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package pipeline @@ -9,11 +9,10 @@ import ( "path/filepath" "strings" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/pipeline/templates" "github.com/muvaf/typewriter/pkg/wrapper" "github.com/pkg/errors" - - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/pipeline/templates" ) // NewControllerGenerator returns a new ControllerGenerator. diff --git a/pkg/pipeline/crd.go b/pkg/pipeline/crd.go index 8eb9c0f6..1654051a 100644 --- a/pkg/pipeline/crd.go +++ b/pkg/pipeline/crd.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package pipeline @@ -16,10 +16,10 @@ import ( "github.com/muvaf/typewriter/pkg/wrapper" "github.com/pkg/errors" - tjpkg "github.com/upbound/upjet/pkg" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/pipeline/templates" - tjtypes "github.com/upbound/upjet/pkg/types" + tjpkg "github.com/crossplane/upjet/pkg" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/pipeline/templates" + tjtypes "github.com/crossplane/upjet/pkg/types" ) const ( diff --git a/pkg/pipeline/crd_test.go b/pkg/pipeline/crd_test.go index 76889e16..29b7708d 100644 --- a/pkg/pipeline/crd_test.go +++ b/pkg/pipeline/crd_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package pipeline @@ -8,7 +8,6 @@ import ( "testing" "github.com/google/go-cmp/cmp" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/pkg/pipeline/register.go b/pkg/pipeline/register.go index cbba70b8..5cd80fbb 100644 --- a/pkg/pipeline/register.go +++ b/pkg/pipeline/register.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package pipeline @@ -9,10 +9,9 @@ import ( "path/filepath" "sort" + "github.com/crossplane/upjet/pkg/pipeline/templates" "github.com/muvaf/typewriter/pkg/wrapper" "github.com/pkg/errors" - - "github.com/upbound/upjet/pkg/pipeline/templates" ) // NewRegisterGenerator returns a new RegisterGenerator. diff --git a/pkg/pipeline/run.go b/pkg/pipeline/run.go index a2cd4ca0..4b1e3353 100644 --- a/pkg/pipeline/run.go +++ b/pkg/pipeline/run.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package pipeline @@ -11,10 +11,10 @@ import ( "sort" "strings" - "github.com/crossplane/crossplane-runtime/pkg/errors" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/examples" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/examples" + "github.com/crossplane/crossplane-runtime/pkg/errors" ) type terraformedInput struct { @@ -23,7 +23,7 @@ type terraformedInput struct { } // Run runs the Upjet code generation pipelines. -func Run(pc *config.Provider, rootDir string) { // nolint:gocyclo +func Run(pc *config.Provider, rootDir string) { //nolint:gocyclo // Note(turkenh): nolint reasoning - this is the main function of the code // generation pipeline. We didn't want to split it into multiple functions // for better readability considering the straightforward logic here. diff --git a/pkg/pipeline/setup.go b/pkg/pipeline/setup.go index 183cdc46..121f6cba 100644 --- a/pkg/pipeline/setup.go +++ b/pkg/pipeline/setup.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package pipeline @@ -12,11 +12,10 @@ import ( "sort" "text/template" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/pipeline/templates" "github.com/muvaf/typewriter/pkg/wrapper" "github.com/pkg/errors" - - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/pipeline/templates" ) // NewProviderGenerator returns a new ProviderGenerator. diff --git a/pkg/pipeline/templates/controller.go.tmpl b/pkg/pipeline/templates/controller.go.tmpl index 4dcb6d8f..c85e320f 100644 --- a/pkg/pipeline/templates/controller.go.tmpl +++ b/pkg/pipeline/templates/controller.go.tmpl @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + {{ .Header }} {{ .GenStatement }} @@ -12,9 +16,9 @@ import ( "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - "github.com/upbound/upjet/pkg/controller/handler" - tjcontroller "github.com/upbound/upjet/pkg/controller" - "github.com/upbound/upjet/pkg/terraform" + "github.com/crossplane/upjet/pkg/controller/handler" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/terraform" ctrl "sigs.k8s.io/controller-runtime" {{ .Imports }} diff --git a/pkg/pipeline/templates/crd_types.go.tmpl b/pkg/pipeline/templates/crd_types.go.tmpl index 6482343d..2c61f8d4 100644 --- a/pkg/pipeline/templates/crd_types.go.tmpl +++ b/pkg/pipeline/templates/crd_types.go.tmpl @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + {{ .Header }} {{ .GenStatement }} diff --git a/pkg/pipeline/templates/embed.go b/pkg/pipeline/templates/embed.go index 7acedda1..c809057a 100644 --- a/pkg/pipeline/templates/embed.go +++ b/pkg/pipeline/templates/embed.go @@ -1,10 +1,10 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package templates -import _ "embed" // nolint:golint +import _ "embed" //nolint:golint // CRDTypesTemplate is populated with CRD and type information. // diff --git a/pkg/pipeline/templates/groupversion_info.go.tmpl b/pkg/pipeline/templates/groupversion_info.go.tmpl index 56eb3dfd..91c31a01 100644 --- a/pkg/pipeline/templates/groupversion_info.go.tmpl +++ b/pkg/pipeline/templates/groupversion_info.go.tmpl @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + {{ .Header }} {{ .GenStatement }} diff --git a/pkg/pipeline/templates/register.go.tmpl b/pkg/pipeline/templates/register.go.tmpl index 2c9e01bd..bb84131a 100644 --- a/pkg/pipeline/templates/register.go.tmpl +++ b/pkg/pipeline/templates/register.go.tmpl @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + {{ .Header }} {{ .GenStatement }} diff --git a/pkg/pipeline/templates/setup.go.tmpl b/pkg/pipeline/templates/setup.go.tmpl index 72b9f5a4..184e6718 100644 --- a/pkg/pipeline/templates/setup.go.tmpl +++ b/pkg/pipeline/templates/setup.go.tmpl @@ -1,13 +1,13 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package controller import ( ctrl "sigs.k8s.io/controller-runtime" - "github.com/upbound/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller" {{ .Imports }} ) diff --git a/pkg/pipeline/templates/terraformed.go.tmpl b/pkg/pipeline/templates/terraformed.go.tmpl index 798cedf5..ee503fc4 100644 --- a/pkg/pipeline/templates/terraformed.go.tmpl +++ b/pkg/pipeline/templates/terraformed.go.tmpl @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + {{ .Header }} {{ .GenStatement }} @@ -7,8 +11,8 @@ package {{ .APIVersion }} import ( "github.com/pkg/errors" - "github.com/upbound/upjet/pkg/resource" - "github.com/upbound/upjet/pkg/resource/json" + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" {{ .Imports }} ) {{ range .Resources }} diff --git a/pkg/pipeline/terraformed.go b/pkg/pipeline/terraformed.go index f412a894..10796b22 100644 --- a/pkg/pipeline/terraformed.go +++ b/pkg/pipeline/terraformed.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package pipeline @@ -10,10 +10,9 @@ import ( "path/filepath" "strings" + "github.com/crossplane/upjet/pkg/pipeline/templates" "github.com/muvaf/typewriter/pkg/wrapper" "github.com/pkg/errors" - - "github.com/upbound/upjet/pkg/pipeline/templates" ) // NewTerraformedGenerator returns a new TerraformedGenerator. diff --git a/pkg/pipeline/version.go b/pkg/pipeline/version.go index ab4425a5..c155a061 100644 --- a/pkg/pipeline/version.go +++ b/pkg/pipeline/version.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package pipeline @@ -10,10 +10,9 @@ import ( "path/filepath" "strings" + "github.com/crossplane/upjet/pkg/pipeline/templates" "github.com/muvaf/typewriter/pkg/wrapper" "github.com/pkg/errors" - - "github.com/upbound/upjet/pkg/pipeline/templates" ) // NewVersionGenerator returns a new VersionGenerator. diff --git a/pkg/registry/meta.go b/pkg/registry/meta.go index 7367e4ea..94033526 100644 --- a/pkg/registry/meta.go +++ b/pkg/registry/meta.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package registry @@ -71,7 +71,7 @@ func getResourceNameFromPath(path, resourcePrefix string) string { return fmt.Sprintf("%s%s", prefix, tokens[0]) } -func (r *Resource) scrapeExamples(doc *html.Node, codeElXPath string, path string, resourcePrefix string, debug bool) error { // nolint: gocyclo +func (r *Resource) scrapeExamples(doc *html.Node, codeElXPath string, path string, resourcePrefix string, debug bool) error { //nolint: gocyclo resourceName := r.Title nodes := htmlquery.Find(doc, codeElXPath) for _, n := range nodes { @@ -110,7 +110,7 @@ func (r *Resource) scrapeExamples(doc *html.Node, codeElXPath string, path strin return nil } -func (r *Resource) findReferences(parentPath string, file *hcl.File, b *hclsyntax.Block) (map[string]string, error) { // nolint: gocyclo +func (r *Resource) findReferences(parentPath string, file *hcl.File, b *hclsyntax.Block) (map[string]string, error) { //nolint: gocyclo refs := make(map[string]string) if parentPath == "" && b.Labels[0] != r.Name { return refs, nil @@ -362,7 +362,7 @@ func getPrevLiWithCodeText(codeText string, pNode *html.Node) *html.Node { // extractText extracts text from the children of an element node, // removing any HTML tags and leaving only text data. func extractText(n *html.Node) string { - switch n.Type { // nolint:exhaustive + switch n.Type { //nolint:exhaustive case html.TextNode: return n.Data case html.ElementNode: @@ -410,7 +410,7 @@ func (r *Resource) scrapeDocString(n *html.Node, attrName *string, processed map } processed[s] = struct{}{} - switch s.Type { // nolint:exhaustive + switch s.Type { //nolint:exhaustive case html.TextNode: sb.WriteString(s.Data) case html.ElementNode: diff --git a/pkg/registry/meta_test.go b/pkg/registry/meta_test.go index 0035ec06..4fb46975 100644 --- a/pkg/registry/meta_test.go +++ b/pkg/registry/meta_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package registry @@ -8,11 +8,11 @@ import ( "os" "testing" - "github.com/crossplane/crossplane-runtime/pkg/fieldpath" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "gopkg.in/yaml.v3" + "github.com/crossplane/crossplane-runtime/pkg/fieldpath" xptest "github.com/crossplane/crossplane-runtime/pkg/test" ) diff --git a/pkg/registry/reference/references.go b/pkg/registry/reference/references.go index f59a16ec..f15b6dec 100644 --- a/pkg/registry/reference/references.go +++ b/pkg/registry/reference/references.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package reference @@ -8,15 +8,14 @@ import ( "fmt" "strings" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/registry" + "github.com/crossplane/upjet/pkg/types" "github.com/pkg/errors" - - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/registry" - "github.com/upbound/upjet/pkg/types" ) const ( - extractorPackagePath = "github.com/upbound/upjet/pkg/resource" + extractorPackagePath = "github.com/crossplane/upjet/pkg/resource" extractResourceIDFuncPath = extractorPackagePath + ".ExtractResourceID()" fmtExtractParamFuncPath = extractorPackagePath + `.ExtractParamPath("%s",%t)` ) @@ -56,7 +55,7 @@ func getExtractorFuncPath(r *config.Resource, sourceAttr string) string { // InjectReferences injects cross-resource references using the // provider metadata scraped from the Terraform registry. -func (rr *Injector) InjectReferences(configResources map[string]*config.Resource) error { // nolint:gocyclo +func (rr *Injector) InjectReferences(configResources map[string]*config.Resource) error { //nolint:gocyclo for n, r := range configResources { m := configResources[n].MetaResource if m == nil { diff --git a/pkg/registry/reference/resolver.go b/pkg/registry/reference/resolver.go index 91906d51..63941112 100644 --- a/pkg/registry/reference/resolver.go +++ b/pkg/registry/reference/resolver.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package reference @@ -10,12 +10,12 @@ import ( "strconv" "strings" - "github.com/crossplane/crossplane-runtime/pkg/fieldpath" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/registry" + "github.com/crossplane/upjet/pkg/resource/json" "github.com/pkg/errors" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/registry" - "github.com/upbound/upjet/pkg/resource/json" + "github.com/crossplane/crossplane-runtime/pkg/fieldpath" ) const ( @@ -128,7 +128,7 @@ func (rr *Injector) ResolveReferencesOfPaved(pm *PavedWithManifest, resolutionCo return errors.Wrap(rr.resolveReferences(pm.Paved.UnstructuredContent(), resolutionContext), "failed to resolve references of paved") } -func (rr *Injector) resolveReferences(params map[string]any, resolutionContext *ResolutionContext) error { // nolint:gocyclo +func (rr *Injector) resolveReferences(params map[string]any, resolutionContext *ResolutionContext) error { //nolint:gocyclo for paramName, paramValue := range params { switch t := paramValue.(type) { case map[string]any: diff --git a/pkg/registry/resource.go b/pkg/registry/resource.go index 5cab89cb..53e9f781 100644 --- a/pkg/registry/resource.go +++ b/pkg/registry/resource.go @@ -1,15 +1,15 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package registry import ( - "github.com/crossplane/crossplane-runtime/pkg/fieldpath" + "github.com/crossplane/upjet/pkg/resource/json" "github.com/pkg/errors" "gopkg.in/yaml.v2" - "github.com/upbound/upjet/pkg/resource/json" + "github.com/crossplane/crossplane-runtime/pkg/fieldpath" ) const ( diff --git a/pkg/registry/testdata/aws/pm.yaml b/pkg/registry/testdata/aws/pm.yaml index 47b80fbd..4eeb7ac8 100644 --- a/pkg/registry/testdata/aws/pm.yaml +++ b/pkg/registry/testdata/aws/pm.yaml @@ -1,150 +1,154 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + name: test-provider resources: - aws_accessanalyzer_analyzer: - subCategory: IAM Access Analyzer - description: Manages an Access Analyzer Analyzer - name: aws_accessanalyzer_analyzer - title: aws_accessanalyzer_analyzer - examples: - - name: example - manifest: |- - { - "analyzer_name": "example" - } - - name: example - manifest: |- - { - "analyzer_name": "example", - "depends_on": [ - "${aws_organizations_organization.example}" - ], - "type": "ORGANIZATION" - } - dependencies: - aws_organizations_organization.example: |- - { - "aws_service_access_principals": [ - "access-analyzer.amazonaws.com" - ] - } - argumentDocs: - analyzer_name: '- (Required) Name of the Analyzer.' - arn: '- The Amazon Resource Name (ARN) of the Analyzer.' - id: '- Analyzer name.' - tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' - tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' - type: '- (Optional) Type of Analyzer. Valid values are ACCOUNT or ORGANIZATION. Defaults to ACCOUNT.' - importStatements: [] - aws_ebs_volume: - subCategory: EBS (EC2) - description: Provides an elastic block storage resource. - name: aws_ebs_volume - title: aws_ebs_volume - examples: - - name: example - manifest: |- - { - "availability_zone": "us-west-2a", - "size": 40, - "tags": { - "Name": "HelloWorld" + aws_accessanalyzer_analyzer: + subCategory: IAM Access Analyzer + description: Manages an Access Analyzer Analyzer + name: aws_accessanalyzer_analyzer + title: aws_accessanalyzer_analyzer + examples: + - name: example + manifest: |- + { + "analyzer_name": "example" + } + - name: example + manifest: |- + { + "analyzer_name": "example", + "depends_on": [ + "${aws_organizations_organization.example}" + ], + "type": "ORGANIZATION" + } + dependencies: + aws_organizations_organization.example: |- + { + "aws_service_access_principals": [ + "access-analyzer.amazonaws.com" + ] + } + argumentDocs: + analyzer_name: "- (Required) Name of the Analyzer." + arn: "- The Amazon Resource Name (ARN) of the Analyzer." + id: "- Analyzer name." + tags: "- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level." + tags_all: "- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block." + type: "- (Optional) Type of Analyzer. Valid values are ACCOUNT or ORGANIZATION. Defaults to ACCOUNT." + importStatements: [] + aws_ebs_volume: + subCategory: EBS (EC2) + description: Provides an elastic block storage resource. + name: aws_ebs_volume + title: aws_ebs_volume + examples: + - name: example + manifest: |- + { + "availability_zone": "us-west-2a", + "size": 40, + "tags": { + "Name": "HelloWorld" + } + } + argumentDocs: + arn: "- The volume ARN (e.g., arn:aws:ec2:us-east-1:0123456789012:volume/vol-59fcb34e)." + availability_zone: "- (Required) The AZ where the EBS volume will exist." + create: "- (Default 5 minutes) Used for creating volumes. This includes the time required for the volume to become available" + delete: "- (Default 5 minutes) Used for destroying volumes" + encrypted: "- (Optional) If true, the disk will be encrypted." + id: "- The volume ID (e.g., vol-59fcb34e)." + iops: "- (Optional) The amount of IOPS to provision for the disk. Only valid for type of io1, io2 or gp3." + kms_key_id: "- (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true. Note: Terraform must be running with credentials which have the GenerateDataKeyWithoutPlaintext permission on the specified KMS key as required by the EBS KMS CMK volume provisioning process to prevent a volume from being created and almost immediately deleted." + multi_attach_enabled: "- (Optional) Specifies whether to enable Amazon EBS Multi-Attach. Multi-Attach is supported on io1 and io2 volumes." + outpost_arn: "- (Optional) The Amazon Resource Name (ARN) of the Outpost." + size: "- (Optional) The size of the drive in GiBs." + snapshot_id: (Optional) A snapshot to base the EBS volume off of. + tags: "- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level." + tags_all: "- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block." + throughput: "- (Optional) The throughput that the volume supports, in MiB/s. Only valid for type of gp3." + type: "- (Optional) The type of EBS volume. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: gp2)." + update: "- (Default 5 minutes) Used for size, type, or iops volume changes" + importStatements: [] + aws_s3_bucket_acl: + subCategory: S3 (Simple Storage) + description: Provides an S3 bucket ACL resource. + name: aws_s3_bucket_acl + title: aws_s3_bucket_acl + examples: + - name: example_bucket_acl + manifest: |- + { + "acl": "private", + "bucket": "${aws_s3_bucket.example.id}" + } + references: + bucket: aws_s3_bucket.example.id + dependencies: + aws_s3_bucket.example: |- + { + "bucket": "my-tf-example-bucket" + } + - name: example + manifest: |- + { + "access_control_policy": [ + { + "grant": [ + { + "grantee": [ + { + "id": "${data.aws_canonical_user_id.current.id}", + "type": "CanonicalUser" + } + ], + "permission": "READ" + }, + { + "grantee": [ + { + "type": "Group", + "uri": "http://acs.amazonaws.com/groups/s3/LogDelivery" + } + ], + "permission": "READ_ACP" } - } - argumentDocs: - arn: '- The volume ARN (e.g., arn:aws:ec2:us-east-1:0123456789012:volume/vol-59fcb34e).' - availability_zone: '- (Required) The AZ where the EBS volume will exist.' - create: '- (Default 5 minutes) Used for creating volumes. This includes the time required for the volume to become available' - delete: '- (Default 5 minutes) Used for destroying volumes' - encrypted: '- (Optional) If true, the disk will be encrypted.' - id: '- The volume ID (e.g., vol-59fcb34e).' - iops: '- (Optional) The amount of IOPS to provision for the disk. Only valid for type of io1, io2 or gp3.' - kms_key_id: '- (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true. Note: Terraform must be running with credentials which have the GenerateDataKeyWithoutPlaintext permission on the specified KMS key as required by the EBS KMS CMK volume provisioning process to prevent a volume from being created and almost immediately deleted.' - multi_attach_enabled: '- (Optional) Specifies whether to enable Amazon EBS Multi-Attach. Multi-Attach is supported on io1 and io2 volumes.' - outpost_arn: '- (Optional) The Amazon Resource Name (ARN) of the Outpost.' - size: '- (Optional) The size of the drive in GiBs.' - snapshot_id: (Optional) A snapshot to base the EBS volume off of. - tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' - tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' - throughput: '- (Optional) The throughput that the volume supports, in MiB/s. Only valid for type of gp3.' - type: '- (Optional) The type of EBS volume. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: gp2).' - update: '- (Default 5 minutes) Used for size, type, or iops volume changes' - importStatements: [] - aws_s3_bucket_acl: - subCategory: S3 (Simple Storage) - description: Provides an S3 bucket ACL resource. - name: aws_s3_bucket_acl - title: aws_s3_bucket_acl - examples: - - name: example_bucket_acl - manifest: |- - { - "acl": "private", - "bucket": "${aws_s3_bucket.example.id}" - } - references: - bucket: aws_s3_bucket.example.id - dependencies: - aws_s3_bucket.example: |- - { - "bucket": "my-tf-example-bucket" - } - - name: example - manifest: |- - { - "access_control_policy": [ - { - "grant": [ - { - "grantee": [ - { - "id": "${data.aws_canonical_user_id.current.id}", - "type": "CanonicalUser" - } - ], - "permission": "READ" - }, - { - "grantee": [ - { - "type": "Group", - "uri": "http://acs.amazonaws.com/groups/s3/LogDelivery" - } - ], - "permission": "READ_ACP" - } - ], - "owner": [ - { - "id": "${data.aws_canonical_user_id.current.id}" - } - ] - } - ], - "bucket": "${aws_s3_bucket.example.id}" - } - references: - access_control_policy.grant.grantee.id: data.aws_canonical_user_id.current.id - access_control_policy.owner.id: data.aws_canonical_user_id.current.id - bucket: aws_s3_bucket.example.id - dependencies: - aws_s3_bucket.example: |- - { - "bucket": "my-tf-example-bucket" - } - argumentDocs: - access_control_policy: '- (Optional, Conflicts with acl) A configuration block that sets the ACL permissions for an object per grantee documented below.' - access_control_policy.grant: '- (Required) Set of grant configuration blocks documented below.' - access_control_policy.grant.grantee: '- (Required) Configuration block for the person being granted permissions documented below.' - access_control_policy.grant.permission: '- (Required) Logging permissions assigned to the grantee for the bucket.' - access_control_policy.owner: '- (Required) Configuration block of the bucket owner''s display name and ID documented below.' - acl: '- (Optional, Conflicts with access_control_policy) The canned ACL to apply to the bucket.' - bucket: '- (Required, Forces new resource) The name of the bucket.' - expected_bucket_owner: '- (Optional, Forces new resource) The account ID of the expected bucket owner.' - grantee.email_address: '- (Optional) Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.' - grantee.id: '- (Optional) The canonical user ID of the grantee.' - grantee.type: '- (Required) Type of grantee. Valid values: CanonicalUser, AmazonCustomerByEmail, Group.' - grantee.uri: '- (Optional) URI of the grantee group.' - id: '- The bucket, expected_bucket_owner (if configured), and acl (if configured) separated by commas (,).' - owner.display_name: '- (Optional) The display name of the owner.' - owner.id: '- (Required) The ID of the owner.' - importStatements: [] + ], + "owner": [ + { + "id": "${data.aws_canonical_user_id.current.id}" + } + ] + } + ], + "bucket": "${aws_s3_bucket.example.id}" + } + references: + access_control_policy.grant.grantee.id: data.aws_canonical_user_id.current.id + access_control_policy.owner.id: data.aws_canonical_user_id.current.id + bucket: aws_s3_bucket.example.id + dependencies: + aws_s3_bucket.example: |- + { + "bucket": "my-tf-example-bucket" + } + argumentDocs: + access_control_policy: "- (Optional, Conflicts with acl) A configuration block that sets the ACL permissions for an object per grantee documented below." + access_control_policy.grant: "- (Required) Set of grant configuration blocks documented below." + access_control_policy.grant.grantee: "- (Required) Configuration block for the person being granted permissions documented below." + access_control_policy.grant.permission: "- (Required) Logging permissions assigned to the grantee for the bucket." + access_control_policy.owner: "- (Required) Configuration block of the bucket owner's display name and ID documented below." + acl: "- (Optional, Conflicts with access_control_policy) The canned ACL to apply to the bucket." + bucket: "- (Required, Forces new resource) The name of the bucket." + expected_bucket_owner: "- (Optional, Forces new resource) The account ID of the expected bucket owner." + grantee.email_address: "- (Optional) Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified." + grantee.id: "- (Optional) The canonical user ID of the grantee." + grantee.type: "- (Required) Type of grantee. Valid values: CanonicalUser, AmazonCustomerByEmail, Group." + grantee.uri: "- (Optional) URI of the grantee group." + id: "- The bucket, expected_bucket_owner (if configured), and acl (if configured) separated by commas (,)." + owner.display_name: "- (Optional) The display name of the owner." + owner.id: "- (Required) The ID of the owner." + importStatements: [] diff --git a/pkg/registry/testdata/aws/r/accessanalyzer_analyzer.html.markdown b/pkg/registry/testdata/aws/r/accessanalyzer_analyzer.html.markdown index ef1d7c34..d4c1d209 100644 --- a/pkg/registry/testdata/aws/r/accessanalyzer_analyzer.html.markdown +++ b/pkg/registry/testdata/aws/r/accessanalyzer_analyzer.html.markdown @@ -1,4 +1,11 @@ + + --- + subcategory: "IAM Access Analyzer" layout: "aws" page_title: "AWS: aws_accessanalyzer_analyzer" @@ -59,5 +66,5 @@ In addition to all arguments above, the following attributes are exported: Access Analyzer Analyzers can be imported using the `analyzer_name`, e.g., ``` -$ terraform import aws_accessanalyzer_analyzer.example example +terraform import aws_accessanalyzer_analyzer.example example ``` diff --git a/pkg/registry/testdata/aws/r/ebs_volume.html.markdown b/pkg/registry/testdata/aws/r/ebs_volume.html.markdown index f363c50b..4a934ca8 100644 --- a/pkg/registry/testdata/aws/r/ebs_volume.html.markdown +++ b/pkg/registry/testdata/aws/r/ebs_volume.html.markdown @@ -1,4 +1,11 @@ + + --- + subcategory: "EBS (EC2)" layout: "aws" page_title: "AWS: aws_ebs_volume" @@ -55,14 +62,14 @@ In addition to all arguments above, the following attributes are exported: `aws_ebs_volume` provides the following [Timeouts](https://www.terraform.io/docs/configuration/blocks/resources/syntax.html#operation-timeouts) configuration options: -- `create` - (Default `5 minutes`) Used for creating volumes. This includes the time required for the volume to become available -- `update` - (Default `5 minutes`) Used for `size`, `type`, or `iops` volume changes -- `delete` - (Default `5 minutes`) Used for destroying volumes +* `create` - (Default `5 minutes`) Used for creating volumes. This includes the time required for the volume to become available +* `update` - (Default `5 minutes`) Used for `size`, `type`, or `iops` volume changes +* `delete` - (Default `5 minutes`) Used for destroying volumes ## Import EBS Volumes can be imported using the `id`, e.g., ``` -$ terraform import aws_ebs_volume.id vol-049df61146c4d7901 +terraform import aws_ebs_volume.id vol-049df61146c4d7901 ``` diff --git a/pkg/registry/testdata/aws/r/s3_bucket_acl.html.markdown b/pkg/registry/testdata/aws/r/s3_bucket_acl.html.markdown index 65b619cb..ab2d176f 100644 --- a/pkg/registry/testdata/aws/r/s3_bucket_acl.html.markdown +++ b/pkg/registry/testdata/aws/r/s3_bucket_acl.html.markdown @@ -1,4 +1,11 @@ + + --- + subcategory: "S3 (Simple Storage)" layout: "aws" page_title: "AWS: aws_s3_bucket_acl" @@ -111,33 +118,32 @@ In addition to all arguments above, the following attributes are exported: S3 bucket ACL can be imported in one of four ways. - If the owner (account ID) of the source bucket is the _same_ account used to configure the Terraform AWS Provider, and the source bucket is **not configured** with a [canned ACL][1] (i.e. predefined grant), the S3 bucket ACL resource should be imported using the `bucket` e.g., ``` -$ terraform import aws_s3_bucket_acl.example bucket-name +terraform import aws_s3_bucket_acl.example bucket-name ``` If the owner (account ID) of the source bucket is the _same_ account used to configure the Terraform AWS Provider, and the source bucket is **configured** with a [canned ACL][1] (i.e. predefined grant), the S3 bucket ACL resource should be imported using the `bucket` and `acl` separated by a comma (`,`), e.g. ``` -$ terraform import aws_s3_bucket_acl.example bucket-name,private +terraform import aws_s3_bucket_acl.example bucket-name,private ``` If the owner (account ID) of the source bucket _differs_ from the account used to configure the Terraform AWS Provider, and the source bucket is **not configured** with a [canned ACL][1] (i.e. predefined grant), the S3 bucket ACL resource should be imported using the `bucket` and `expected_bucket_owner` separated by a comma (`,`) e.g., ``` -$ terraform import aws_s3_bucket_acl.example bucket-name,123456789012 +terraform import aws_s3_bucket_acl.example bucket-name,123456789012 ``` If the owner (account ID) of the source bucket _differs_ from the account used to configure the Terraform AWS Provider, and the source bucket is **configured** with a [canned ACL][1] (i.e. predefined grant), the S3 bucket ACL resource should be imported using the `bucket`, `expected_bucket_owner`, and `acl` separated by commas (`,`), e.g., ``` -$ terraform import aws_s3_bucket_acl.example bucket-name,123456789012,private +terraform import aws_s3_bucket_acl.example bucket-name,123456789012,private ``` [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl diff --git a/pkg/registry/testdata/azure/pm.yaml b/pkg/registry/testdata/azure/pm.yaml index f61672fd..546d1493 100644 --- a/pkg/registry/testdata/azure/pm.yaml +++ b/pkg/registry/testdata/azure/pm.yaml @@ -1,337 +1,341 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + name: test-provider resources: - azurerm_aadb2c_directory: - subCategory: AAD B2C - description: Manages an AAD B2C Directory. - name: azurerm_aadb2c_directory - title: azurerm_aadb2c_directory - examples: - - name: example - manifest: |- - { - "country_code": "US", - "data_residency_location": "United States", - "display_name": "example-b2c-tenant", - "domain_name": "exampleb2ctenant.onmicrosoft.com", - "resource_group_name": "example-rg", - "sku_name": "PremiumP1" - } - argumentDocs: - billing_type: '- The type of billing for the AAD B2C tenant. Possible values include: MAU or Auths.' - country_code: '- (Optional) Country code of the B2C tenant. The country_code should be valid for the specified data_residency_location. See official docs for valid country codes. Required when creating a new resource. Changing this forces a new AAD B2C Directory to be created.' - data_residency_location: '- (Required) Location in which the B2C tenant is hosted and data resides. The data_residency_location should be valid for the specified country_code. See official docs for more information. Changing this forces a new AAD B2C Directory to be created.' - display_name: '- (Optional) The initial display name of the B2C tenant. Required when creating a new resource. Changing this forces a new AAD B2C Directory to be created.' - domain_name: '- (Required) Domain name of the B2C tenant, including the .onmicrosoft.com suffix. Changing this forces a new AAD B2C Directory to be created.' - effective_start_date: '- The date from which the billing type took effect. May not be populated until after the first billing cycle.' - id: '- The ID of the AAD B2C Directory.' - resource_group_name: '- (Required) The name of the Resource Group where the AAD B2C Directory should exist. Changing this forces a new AAD B2C Directory to be created.' - sku_name: '- (Required) Billing SKU for the B2C tenant. Must be one of: PremiumP1 or PremiumP2 (Standard is not supported). See official docs for more information.' - tags: '- (Optional) A mapping of tags which should be assigned to the AAD B2C Directory.' - tenant_id: '- The Tenant ID for the AAD B2C tenant.' - timeouts.create: '- (Defaults to 30 minutes) Used when creating the AAD B2C Directory.' - timeouts.delete: '- (Defaults to 30 minutes) Used when deleting the AAD B2C Directory.' - timeouts.read: '- (Defaults to 5 minutes) Used when retrieving the AAD B2C Directory.' - timeouts.update: '- (Defaults to 30 minutes) Used when updating the AAD B2C Directory.' - importStatements: - - terraform import azurerm_aadb2c_directory.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.AzureActiveDirectory/b2cDirectories/directory-name - azurerm_attestation_provider: - subCategory: Attestation - description: Manages a Attestation Provider. - name: azurerm_attestation_provider - title: azurerm_attestation - examples: - - name: example - manifest: |- - { - "location": "${azurerm_resource_group.example.location}", - "name": "example-attestationprovider", - "policy_signing_certificate_data": "${file(\"./example/cert.pem\")}", - "resource_group_name": "${azurerm_resource_group.example.name}" - } - references: - location: azurerm_resource_group.example.location - resource_group_name: azurerm_resource_group.example.name - dependencies: - azurerm_resource_group.example: |- - { - "location": "West Europe", - "name": "example-resources" - } - argumentDocs: - attestation_uri: '- The URI of the Attestation Service.' - id: '- The ID of the Attestation Provider.' - location: '- (Required) The Azure Region where the Attestation Provider should exist. Changing this forces a new resource to be created.' - name: '- (Required) The name which should be used for this Attestation Provider. Changing this forces a new resource to be created.' - policy_signing_certificate_data: '- (Optional) A valid X.509 certificate (Section 4 of RFC4648). Changing this forces a new resource to be created.' - resource_group_name: '- (Required) The name of the Resource Group where the attestation provider should exist. Changing this forces a new resource to be created.' - tags: '- (Optional) A mapping of tags which should be assigned to the Attestation Provider.' - timeouts.create: '- (Defaults to 30 minutes) Used when creating the Attestation Provider.' - timeouts.delete: '- (Defaults to 30 minutes) Used when deleting the Attestation Provider.' - timeouts.read: '- (Defaults to 5 minutes) Used when retrieving the Attestation Provider.' - timeouts.update: '- (Defaults to 30 minutes) Used when updating the Attestation Provider.' - trust_model: '- Trust model used for the Attestation Service.' - importStatements: - - terraform import azurerm_attestation_provider.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Attestation/attestationProviders/provider1 - azurerm_kubernetes_cluster: - subCategory: Container - description: Manages a managed Kubernetes Cluster (also known as AKS / Azure Kubernetes Service) - name: azurerm_kubernetes_cluster - title: azurerm_kubernetes_cluster - examples: - - name: example - manifest: |- - { - "default_node_pool": [ - { - "name": "default", - "node_count": 1, - "vm_size": "Standard_D2_v2" - } - ], - "dns_prefix": "exampleaks1", - "identity": [ - { - "type": "SystemAssigned" - } - ], - "location": "${azurerm_resource_group.example.location}", - "name": "example-aks1", - "resource_group_name": "${azurerm_resource_group.example.name}", - "tags": { - "Environment": "Production" - } - } - references: - location: azurerm_resource_group.example.location - resource_group_name: azurerm_resource_group.example.name - dependencies: - azurerm_resource_group.example: |- - { - "location": "West Europe", - "name": "example-resources" - } - argumentDocs: - aci_connector_linux.subnet_name: '- (Required) The subnet name for the virtual nodes to run.' - allowed.day: '- (Required) A day in a week. Possible values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday.' - allowed.hours: '- (Required) An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23.' - auto_scaler_profile.balance_similar_node_groups: '- Detect similar node groups and balance the number of nodes between them. Defaults to false.' - auto_scaler_profile.empty_bulk_delete_max: '- Maximum number of empty nodes that can be deleted at the same time. Defaults to 10.' - auto_scaler_profile.expander: '- Expander to use. Possible values are least-waste, priority, most-pods and random. Defaults to random.' - auto_scaler_profile.max_graceful_termination_sec: '- Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.' - auto_scaler_profile.max_node_provisioning_time: '- Maximum time the autoscaler waits for a node to be provisioned. Defaults to 15m.' - auto_scaler_profile.max_unready_nodes: '- Maximum Number of allowed unready nodes. Defaults to 3.' - auto_scaler_profile.max_unready_percentage: '- Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to 45.' - auto_scaler_profile.new_pod_scale_up_delay: '- For scenarios like burst/batch scale where you don''t want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they''re a certain age. Defaults to 10s.' - auto_scaler_profile.scale_down_delay_after_add: '- How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.' - auto_scaler_profile.scale_down_delay_after_delete: '- How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.' - auto_scaler_profile.scale_down_delay_after_failure: '- How long after scale down failure that scale down evaluation resumes. Defaults to 3m.' - auto_scaler_profile.scale_down_unneeded: '- How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.' - auto_scaler_profile.scale_down_unready: '- How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.' - auto_scaler_profile.scale_down_utilization_threshold: '- Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.' - auto_scaler_profile.scan_interval: '- How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.' - auto_scaler_profile.skip_nodes_with_local_storage: '- If true cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults to true.' - auto_scaler_profile.skip_nodes_with_system_pods: '- If true cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults to true.' - azure_active_directory_role_based_access_control.admin_group_object_ids: '- (Optional) A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.' - azure_active_directory_role_based_access_control.azure_rbac_enabled: '- (Optional) Is Role Based Access Control based on Azure AD enabled?' - azure_active_directory_role_based_access_control.client_app_id: '- (Required) The Client ID of an Azure Active Directory Application.' - azure_active_directory_role_based_access_control.managed: '- (Optional) Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.' - azure_active_directory_role_based_access_control.server_app_id: '- (Required) The Server ID of an Azure Active Directory Application.' - azure_active_directory_role_based_access_control.server_app_secret: '- (Required) The Server Secret of an Azure Active Directory Application.' - azure_active_directory_role_based_access_control.tenant_id: '- (Optional) The Tenant ID used for Azure Active Directory Application. If this isn''t specified the Tenant ID of the current Subscription is used.' - default_node_pool: '- (Required) A default_node_pool block as defined below.' - default_node_pool.enable_auto_scaling: '- (Optional) Should the Kubernetes Auto Scaler be enabled for this Node Pool? Defaults to false.' - default_node_pool.enable_host_encryption: '- (Optional) Should the nodes in the Default Node Pool have host encryption enabled? Defaults to false.' - default_node_pool.enable_node_public_ip: '- (Optional) Should nodes in this Node Pool have a Public IP Address? Defaults to false. Changing this forces a new resource to be created.' - default_node_pool.fips_enabled: '- (Optional) Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created.' - default_node_pool.kubelet_config: '- (Optional) A kubelet_config block as defined below.' - default_node_pool.kubelet_disk_type: '- (Optional) The type of disk used by kubelet. Possible values are OS and Temporary.' - default_node_pool.linux_os_config: '- (Optional) A linux_os_config block as defined below.' - default_node_pool.max_count: '- (Required) The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.' - default_node_pool.max_pods: '- (Optional) The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.' - default_node_pool.min_count: '- (Required) The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.' - default_node_pool.name: '- (Required) The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.' - default_node_pool.node_count: '- (Optional) The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000 and between min_count and max_count.' - default_node_pool.node_labels: '- (Optional) A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.' - default_node_pool.node_public_ip_prefix_id: '- (Optional) Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. enable_node_public_ip should be true. Changing this forces a new resource to be created.' - default_node_pool.only_critical_addons_enabled: '- (Optional) Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint. Changing this forces a new resource to be created.' - default_node_pool.orchestrator_version: '- (Optional) Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by kubernetes_version. If both are unspecified, the latest recommended version will be used at provisioning time (but won''t auto-upgrade)' - default_node_pool.os_disk_size_gb: '- (Optional) The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.' - default_node_pool.os_disk_type: '- (Optional) The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created.' - default_node_pool.os_sku: '- (Optional) OsSKU to be used to specify Linux OSType. Not applicable to Windows OSType. Possible values include: Ubuntu, CBLMariner. Defaults to Ubuntu. Changing this forces a new resource to be created.' - default_node_pool.pod_subnet_id: '- (Optional) The ID of the Subnet where the pods in the default Node Pool should exist. Changing this forces a new resource to be created.' - default_node_pool.tags: '- (Optional) A mapping of tags to assign to the Node Pool.' - default_node_pool.type: '- (Optional) The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets.' - default_node_pool.ultra_ssd_enabled: '- (Optional) Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to false. See the documentation for more information.' - default_node_pool.upgrade_settings: '- (Optional) A upgrade_settings block as documented below.' - default_node_pool.vm_size: '- (Required) The size of the Virtual Machine, such as Standard_DS2_v2. Changing this forces a new resource to be created.' - default_node_pool.vnet_subnet_id: '- (Optional) The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.' - default_node_pool.zones: '- (Optional) Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. Changing this forces a new Kubernetes Cluster to be created.' - dns_prefix: '- (Optional) DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.' - dns_prefix_private_cluster: '- (Optional) Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.' - fqdn: '- The FQDN of the Azure Kubernetes Managed Cluster.' - http_application_routing_zone_name: '- The Zone Name of the HTTP Application Routing.' - http_proxy_config.http_proxy: '- (Optional) The proxy address to be used when communicating over HTTP.' - http_proxy_config.https_proxy: '- (Optional) The proxy address to be used when communicating over HTTPS.' - http_proxy_config.no_proxy: '- (Optional) The list of domains that will not use the proxy for communication.' - http_proxy_config.trusted_ca: '- (Optional) The base64 encoded alternative CA certificate content in PEM format.' - id: '- The Kubernetes Managed Cluster ID.' - identity.aci_connector_linux: '- (Optional) A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.' - identity.api_server_authorized_ip_ranges: '- (Optional) The IP ranges to allow for incoming traffic to the server nodes.' - identity.auto_scaler_profile: '- (Optional) A auto_scaler_profile block as defined below.' - identity.automatic_channel_upgrade: '- (Optional) The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.' - identity.azure_active_directory_role_based_access_control: '- (Optional) - A azure_active_directory_role_based_access_control block as defined below.' - identity.azure_policy_enabled: '- (Optional) Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service' - identity.disk_encryption_set_id: '- (Optional) The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation.' - identity.http_application_routing_enabled: '- (Optional) Should HTTP Application Routing be enabled?' - identity.http_proxy_config: '- (Optional) A http_proxy_config block as defined below.' - identity.identity: '- (Optional) An identity block as defined below. One of either identity or service_principal must be specified.' - identity.identity_ids: '- (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.' - identity.ingress_application_gateway: '- (Optional) A ingress_application_gateway block as defined below.' - identity.key_vault_secrets_provider: '- (Optional) A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.' - identity.kubelet_identity: '- A kubelet_identity block as defined below. Changing this forces a new resource to be created.' - identity.kubernetes_version: '- (Optional) Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won''t auto-upgrade).' - identity.linux_profile: '- (Optional) A linux_profile block as defined below.' - identity.local_account_disabled: '- (Optional) - If true local accounts will be disabled. Defaults to false. See the documentation for more information.' - identity.maintenance_window: '- (Optional) A maintenance_window block as defined below.' - identity.microsoft_defender: '- (Optional) A microsoft_defender block as defined below.' - identity.network_profile: '- (Optional) A network_profile block as defined below.' - identity.node_resource_group: '- (Optional) The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.' - identity.oidc_issuer_enabled: '- (Required) Enable or Disable the OIDC issuer URL' - identity.oms_agent: '- (Optional) A oms_agent block as defined below.' - identity.open_service_mesh_enabled: '- (Optional) Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.' - identity.principal_id: '- The Principal ID associated with this Managed Service Identity.' - identity.private_cluster_enabled: '- (Optional) Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.' - identity.private_cluster_public_fqdn_enabled: '- (Optional) Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.' - identity.private_dns_zone_id: '- (Optional) Either the ID of Private DNS Zone which should be delegated to this Cluster, System to have AKS manage this or None. In case of None you will need to bring your own DNS server and set up resolving, otherwise cluster will have issues after provisioning. Changing this forces a new resource to be created.' - identity.role_based_access_control_enabled: (Optional) - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created. - identity.run_command_enabled: '- (Optional) Whether to enable run command for the cluster or not. Defaults to true.' - identity.service_principal: '- (Optional) A service_principal block as documented below. One of either identity or service_principal must be specified.' - identity.sku_tier: '- (Optional) The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free.' - identity.tags: '- (Optional) A mapping of tags to assign to the resource.' - identity.tenant_id: '- The Tenant ID associated with this Managed Service Identity.' - identity.type: '- (Required) Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned (to enable both).' - identity.windows_profile: '- (Optional) A windows_profile block as defined below.' - ingress_application_gateway.effective_gateway_id: '- The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.' - ingress_application_gateway.gateway_id: '- (Optional) The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.' - ingress_application_gateway.gateway_name: '- (Optional) The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.' - ingress_application_gateway.ingress_application_gateway_identity: '- An ingress_application_gateway_identity block is exported. The exported attributes are defined below.' - ingress_application_gateway.subnet_cidr: '- (Optional) The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.' - ingress_application_gateway.subnet_id: '- (Optional) The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.' - ingress_application_gateway_identity.client_id: '- The Client ID of the user-defined Managed Identity used by the Application Gateway.' - ingress_application_gateway_identity.object_id: '- The Object ID of the user-defined Managed Identity used by the Application Gateway.' - ingress_application_gateway_identity.user_assigned_identity_id: '- The ID of the User Assigned Identity used by the Application Gateway.' - key_vault_secrets_provider.secret_identity: '- An secret_identity block is exported. The exported attributes are defined below.' - key_vault_secrets_provider.secret_identity.client_id: '- The Client ID of the user-defined Managed Identity used by the Secret Provider.' - key_vault_secrets_provider.secret_identity.object_id: '- The Object ID of the user-defined Managed Identity used by the Secret Provider.' - key_vault_secrets_provider.secret_identity.user_assigned_identity_id: '- The ID of the User Assigned Identity used by the Secret Provider.' - key_vault_secrets_provider.secret_rotation_enabled: '- (Required) Is secret rotation enabled?' - key_vault_secrets_provider.secret_rotation_interval: '- (Required) The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m.' - kube_admin_config: '- A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.' - kube_admin_config.client_certificate: '- Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.' - kube_admin_config.client_key: '- Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.' - kube_admin_config.cluster_ca_certificate: '- Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.' - kube_admin_config.host: '- The Kubernetes cluster server host.' - kube_admin_config.password: '- A password or token used to authenticate to the Kubernetes cluster.' - kube_admin_config.username: '- A username used to authenticate to the Kubernetes cluster.' - kube_admin_config_raw: '- Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.' - kube_config: '- A kube_config block as defined below.' - kube_config_raw: '- Raw Kubernetes config to be used by kubectl and other compatible tools.' - kubelet_config.allowed_unsafe_sysctls: '- (Optional) Specifies the allow list of unsafe sysctls command or patterns (ending in *). Changing this forces a new resource to be created.' - kubelet_config.container_log_max_line: '- (Optional) Specifies the maximum number of container log files that can be present for a container. must be at least 2. Changing this forces a new resource to be created.' - kubelet_config.container_log_max_size_mb: '- (Optional) Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. Changing this forces a new resource to be created.' - kubelet_config.cpu_cfs_quota_enabled: '- (Optional) Is CPU CFS quota enforcement for containers enabled? Changing this forces a new resource to be created.' - kubelet_config.cpu_cfs_quota_period: '- (Optional) Specifies the CPU CFS quota period value. Changing this forces a new resource to be created.' - kubelet_config.cpu_manager_policy: '- (Optional) Specifies the CPU Manager policy to use. Possible values are none and static, Changing this forces a new resource to be created.' - kubelet_config.image_gc_high_threshold: '- (Optional) Specifies the percent of disk usage above which image garbage collection is always run. Must be between 0 and 100. Changing this forces a new resource to be created.' - kubelet_config.image_gc_low_threshold: '- (Optional) Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between 0 and 100. Changing this forces a new resource to be created.' - kubelet_config.pod_max_pid: '- (Optional) Specifies the maximum number of processes per pod. Changing this forces a new resource to be created.' - kubelet_config.topology_manager_policy: '- (Optional) Specifies the Topology Manager policy to use. Possible values are none, best-effort, restricted or single-numa-node. Changing this forces a new resource to be created.' - kubelet_identity.client_id: '- (Required) The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically.' - kubelet_identity.object_id: '- (Required) The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically.' - kubelet_identity.user_assigned_identity_id: '- (Required) The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically.' - linux_os_config.swap_file_size_mb: '- (Optional) Specifies the size of swap file on each node in MB. Changing this forces a new resource to be created.' - linux_os_config.sysctl_config: '- (Optional) A sysctl_config block as defined below. Changing this forces a new resource to be created.' - linux_os_config.transparent_huge_page_defrag: '- (Optional) specifies the defrag configuration for Transparent Huge Page. Possible values are always, defer, defer+madvise, madvise and never. Changing this forces a new resource to be created.' - linux_os_config.transparent_huge_page_enabled: '- (Optional) Specifies the Transparent Huge Page enabled configuration. Possible values are always, madvise and never. Changing this forces a new resource to be created.' - linux_profile.admin_username: '- (Required) The Admin Username for the Cluster. Changing this forces a new resource to be created.' - linux_profile.ssh_key: '- (Required) An ssh_key block. Only one is currently allowed. Changing this forces a new resource to be created.' - load_balancer_profile.effective_outbound_ips: '- The outcome (resource IDs) of the specified arguments.' - load_balancer_profile.idle_timeout_in_minutes: '- (Optional) Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between 4 and 120 inclusive. Defaults to 30.' - load_balancer_profile.managed_outbound_ip_count: '- (Optional) Count of desired managed outbound IPs for the cluster load balancer. Must be between 1 and 100 inclusive.' - load_balancer_profile.outbound_ip_address_ids: '- (Optional) The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.' - load_balancer_profile.outbound_ip_prefix_ids: '- (Optional) The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.' - load_balancer_profile.outbound_ports_allocated: '- (Optional) Number of desired SNAT port for each VM in the clusters load balancer. Must be between 0 and 64000 inclusive. Defaults to 0.' - location: '- (Required) The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.' - maintenance_window.allowed: '- (Optional) One or more allowed block as defined below.' - maintenance_window.not_allowed: '- (Optional) One or more not_allowed block as defined below.' - microsoft_defender.log_analytics_workspace_id: '- (Required) Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.' - name: '- (Required) The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.' - nat_gateway_profile.effective_outbound_ips: '- The outcome (resource IDs) of the specified arguments.' - nat_gateway_profile.idle_timeout_in_minutes: '- (Optional) Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between 4 and 120 inclusive. Defaults to 4.' - nat_gateway_profile.managed_outbound_ip_count: '- (Optional) Count of desired managed outbound IPs for the cluster load balancer. Must be between 1 and 100 inclusive.' - network_profile.network_plugin: '- (Required) Network plugin to use for networking. Currently supported values are azure, kubenet and none. Changing this forces a new resource to be created.' - network_profile.network_plugin.dns_service_ip: '- (Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.' - network_profile.network_plugin.docker_bridge_cidr: '- (Optional) IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created.' - network_profile.network_plugin.ip_versions: '- (Optional) Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are IPv4 and/or IPv6. IPv4 must always be specified. Changing this forces a new resource to be created.' - network_profile.network_plugin.load_balancer_profile: '- (Optional) A load_balancer_profile block. This can only be specified when load_balancer_sku is set to standard.' - network_profile.network_plugin.load_balancer_sku: '- (Optional) Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are basic and standard. Defaults to standard.' - network_profile.network_plugin.nat_gateway_profile: '- (Optional) A nat_gateway_profile block. This can only be specified when load_balancer_sku is set to standard and outbound_type is set to managedNATGateway or userAssignedNATGateway.' - network_profile.network_plugin.network_mode: '- (Optional) Network mode to be used with Azure CNI. Possible values are bridge and transparent. Changing this forces a new resource to be created.' - network_profile.network_plugin.network_policy: '- (Optional) Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created.' - network_profile.network_plugin.outbound_type: '- (Optional) The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer, userDefinedRouting, managedNATGateway and userAssignedNATGateway. Defaults to loadBalancer.' - network_profile.network_plugin.pod_cidr: '- (Optional) The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created.' - network_profile.network_plugin.service_cidr: '- (Optional) The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.' - node_resource_group: '- The auto-generated Resource Group which contains the resources for this Managed Kubernetes Cluster.' - not_allowed.end: '- (Required) The end of a time span, formatted as an RFC3339 string.' - not_allowed.start: '- (Required) The start of a time span, formatted as an RFC3339 string.' - oidc_issuer_url: '- The OIDC issuer URL that is associated with the cluster.' - oms_agent.log_analytics_workspace_id: '- (Required) The ID of the Log Analytics Workspace which the OMS Agent should send data to.' - oms_agent.oms_agent_identity: '- An oms_agent_identity block is exported. The exported attributes are defined below.' - oms_agent.oms_agent_identity.client_id: '- The Client ID of the user-defined Managed Identity used by the OMS Agents.' - oms_agent.oms_agent_identity.object_id: '- The Object ID of the user-defined Managed Identity used by the OMS Agents.' - oms_agent.oms_agent_identity.user_assigned_identity_id: '- The ID of the User Assigned Identity used by the OMS Agents.' - portal_fqdn: '- The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.' - private_fqdn: '- The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.' - resource_group_name: '- (Required) Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.' - service_principal.client_id: '- (Required) The Client ID for the Service Principal.' - service_principal.client_secret: '- (Required) The Client Secret for the Service Principal.' - ssh_key.key_data: '- (Required) The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.' - sysctl_config.fs_aio_max_nr: '- (Optional) The sysctl setting fs.aio-max-nr. Must be between 65536 and 6553500. Changing this forces a new resource to be created.' - sysctl_config.fs_file_max: '- (Optional) The sysctl setting fs.file-max. Must be between 8192 and 12000500. Changing this forces a new resource to be created.' - sysctl_config.fs_inotify_max_user_watches: '- (Optional) The sysctl setting fs.inotify.max_user_watches. Must be between 781250 and 2097152. Changing this forces a new resource to be created.' - sysctl_config.fs_nr_open: '- (Optional) The sysctl setting fs.nr_open. Must be between 8192 and 20000500. Changing this forces a new resource to be created.' - sysctl_config.kernel_threads_max: '- (Optional) The sysctl setting kernel.threads-max. Must be between 20 and 513785. Changing this forces a new resource to be created.' - sysctl_config.net_core_netdev_max_backlog: '- (Optional) The sysctl setting net.core.netdev_max_backlog. Must be between 1000 and 3240000. Changing this forces a new resource to be created.' - sysctl_config.net_core_optmem_max: '- (Optional) The sysctl setting net.core.optmem_max. Must be between 20480 and 4194304. Changing this forces a new resource to be created.' - sysctl_config.net_core_rmem_default: '- (Optional) The sysctl setting net.core.rmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.' - sysctl_config.net_core_rmem_max: '- (Optional) The sysctl setting net.core.rmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.' - sysctl_config.net_core_somaxconn: '- (Optional) The sysctl setting net.core.somaxconn. Must be between 4096 and 3240000. Changing this forces a new resource to be created.' - sysctl_config.net_core_wmem_default: '- (Optional) The sysctl setting net.core.wmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.' - sysctl_config.net_core_wmem_max: '- (Optional) The sysctl setting net.core.wmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_ip_local_port_range_max: '- (Optional) The sysctl setting net.ipv4.ip_local_port_range max value. Must be between 1024 and 60999. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_ip_local_port_range_min: '- (Optional) The sysctl setting net.ipv4.ip_local_port_range min value. Must be between 1024 and 60999. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_neigh_default_gc_thresh1: '- (Optional) The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between 128 and 80000. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_neigh_default_gc_thresh2: '- (Optional) The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between 512 and 90000. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_neigh_default_gc_thresh3: '- (Optional) The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between 1024 and 100000. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_tcp_fin_timeout: '- (Optional) The sysctl setting net.ipv4.tcp_fin_timeout. Must be between 5 and 120. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_tcp_keepalive_intvl: '- (Optional) The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between 10 and 75. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_tcp_keepalive_probes: '- (Optional) The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between 1 and 15. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_tcp_keepalive_time: '- (Optional) The sysctl setting net.ipv4.tcp_keepalive_time. Must be between 30 and 432000. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_tcp_max_syn_backlog: '- (Optional) The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between 128 and 3240000. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_tcp_max_tw_buckets: '- (Optional) The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between 8000 and 1440000. Changing this forces a new resource to be created.' - sysctl_config.net_ipv4_tcp_tw_reuse: '- (Optional) The sysctl setting net.ipv4.tcp_tw_reuse. Changing this forces a new resource to be created.' - sysctl_config.net_netfilter_nf_conntrack_buckets: '- (Optional) The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between 65536 and 147456. Changing this forces a new resource to be created.' - sysctl_config.net_netfilter_nf_conntrack_max: '- (Optional) The sysctl setting net.netfilter.nf_conntrack_max. Must be between 131072 and 1048576. Changing this forces a new resource to be created.' - sysctl_config.vm_max_map_count: '- (Optional) The sysctl setting vm.max_map_count. Must be between 65530 and 262144. Changing this forces a new resource to be created.' - sysctl_config.vm_swappiness: '- (Optional) The sysctl setting vm.swappiness. Must be between 0 and 100. Changing this forces a new resource to be created.' - sysctl_config.vm_vfs_cache_pressure: '- (Optional) The sysctl setting vm.vfs_cache_pressure. Must be between 0 and 100. Changing this forces a new resource to be created.' - timeouts.create: '- (Defaults to 90 minutes) Used when creating the Kubernetes Cluster.' - timeouts.delete: '- (Defaults to 90 minutes) Used when deleting the Kubernetes Cluster.' - timeouts.read: '- (Defaults to 5 minutes) Used when retrieving the Kubernetes Cluster.' - timeouts.update: '- (Defaults to 90 minutes) Used when updating the Kubernetes Cluster.' - upgrade_settings.max_surge: '- (Required) The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.' - windows_profile.admin_password: '- (Required) The Admin Password for Windows VMs. Length must be between 14 and 123 characters.' - windows_profile.admin_username: '- (Required) The Admin Username for Windows VMs.' - windows_profile.license: '- (Optional) Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine. At this time the only possible value is Windows_Server.' - importStatements: - - terraform import azurerm_kubernetes_cluster.cluster1 /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/group1/providers/Microsoft.ContainerService/managedClusters/cluster1 + azurerm_aadb2c_directory: + subCategory: AAD B2C + description: Manages an AAD B2C Directory. + name: azurerm_aadb2c_directory + title: azurerm_aadb2c_directory + examples: + - name: example + manifest: |- + { + "country_code": "US", + "data_residency_location": "United States", + "display_name": "example-b2c-tenant", + "domain_name": "exampleb2ctenant.onmicrosoft.com", + "resource_group_name": "example-rg", + "sku_name": "PremiumP1" + } + argumentDocs: + billing_type: "- The type of billing for the AAD B2C tenant. Possible values include: MAU or Auths." + country_code: "- (Optional) Country code of the B2C tenant. The country_code should be valid for the specified data_residency_location. See official docs for valid country codes. Required when creating a new resource. Changing this forces a new AAD B2C Directory to be created." + data_residency_location: "- (Required) Location in which the B2C tenant is hosted and data resides. The data_residency_location should be valid for the specified country_code. See official docs for more information. Changing this forces a new AAD B2C Directory to be created." + display_name: "- (Optional) The initial display name of the B2C tenant. Required when creating a new resource. Changing this forces a new AAD B2C Directory to be created." + domain_name: "- (Required) Domain name of the B2C tenant, including the .onmicrosoft.com suffix. Changing this forces a new AAD B2C Directory to be created." + effective_start_date: "- The date from which the billing type took effect. May not be populated until after the first billing cycle." + id: "- The ID of the AAD B2C Directory." + resource_group_name: "- (Required) The name of the Resource Group where the AAD B2C Directory should exist. Changing this forces a new AAD B2C Directory to be created." + sku_name: "- (Required) Billing SKU for the B2C tenant. Must be one of: PremiumP1 or PremiumP2 (Standard is not supported). See official docs for more information." + tags: "- (Optional) A mapping of tags which should be assigned to the AAD B2C Directory." + tenant_id: "- The Tenant ID for the AAD B2C tenant." + timeouts.create: "- (Defaults to 30 minutes) Used when creating the AAD B2C Directory." + timeouts.delete: "- (Defaults to 30 minutes) Used when deleting the AAD B2C Directory." + timeouts.read: "- (Defaults to 5 minutes) Used when retrieving the AAD B2C Directory." + timeouts.update: "- (Defaults to 30 minutes) Used when updating the AAD B2C Directory." + importStatements: + - terraform import azurerm_aadb2c_directory.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.AzureActiveDirectory/b2cDirectories/directory-name + azurerm_attestation_provider: + subCategory: Attestation + description: Manages a Attestation Provider. + name: azurerm_attestation_provider + title: azurerm_attestation + examples: + - name: example + manifest: |- + { + "location": "${azurerm_resource_group.example.location}", + "name": "example-attestationprovider", + "policy_signing_certificate_data": "${file(\"./example/cert.pem\")}", + "resource_group_name": "${azurerm_resource_group.example.name}" + } + references: + location: azurerm_resource_group.example.location + resource_group_name: azurerm_resource_group.example.name + dependencies: + azurerm_resource_group.example: |- + { + "location": "West Europe", + "name": "example-resources" + } + argumentDocs: + attestation_uri: "- The URI of the Attestation Service." + id: "- The ID of the Attestation Provider." + location: "- (Required) The Azure Region where the Attestation Provider should exist. Changing this forces a new resource to be created." + name: "- (Required) The name which should be used for this Attestation Provider. Changing this forces a new resource to be created." + policy_signing_certificate_data: "- (Optional) A valid X.509 certificate (Section 4 of RFC4648). Changing this forces a new resource to be created." + resource_group_name: "- (Required) The name of the Resource Group where the attestation provider should exist. Changing this forces a new resource to be created." + tags: "- (Optional) A mapping of tags which should be assigned to the Attestation Provider." + timeouts.create: "- (Defaults to 30 minutes) Used when creating the Attestation Provider." + timeouts.delete: "- (Defaults to 30 minutes) Used when deleting the Attestation Provider." + timeouts.read: "- (Defaults to 5 minutes) Used when retrieving the Attestation Provider." + timeouts.update: "- (Defaults to 30 minutes) Used when updating the Attestation Provider." + trust_model: "- Trust model used for the Attestation Service." + importStatements: + - terraform import azurerm_attestation_provider.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Attestation/attestationProviders/provider1 + azurerm_kubernetes_cluster: + subCategory: Container + description: Manages a managed Kubernetes Cluster (also known as AKS / Azure Kubernetes Service) + name: azurerm_kubernetes_cluster + title: azurerm_kubernetes_cluster + examples: + - name: example + manifest: |- + { + "default_node_pool": [ + { + "name": "default", + "node_count": 1, + "vm_size": "Standard_D2_v2" + } + ], + "dns_prefix": "exampleaks1", + "identity": [ + { + "type": "SystemAssigned" + } + ], + "location": "${azurerm_resource_group.example.location}", + "name": "example-aks1", + "resource_group_name": "${azurerm_resource_group.example.name}", + "tags": { + "Environment": "Production" + } + } + references: + location: azurerm_resource_group.example.location + resource_group_name: azurerm_resource_group.example.name + dependencies: + azurerm_resource_group.example: |- + { + "location": "West Europe", + "name": "example-resources" + } + argumentDocs: + aci_connector_linux.subnet_name: "- (Required) The subnet name for the virtual nodes to run." + allowed.day: "- (Required) A day in a week. Possible values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday." + allowed.hours: "- (Required) An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23." + auto_scaler_profile.balance_similar_node_groups: "- Detect similar node groups and balance the number of nodes between them. Defaults to false." + auto_scaler_profile.empty_bulk_delete_max: "- Maximum number of empty nodes that can be deleted at the same time. Defaults to 10." + auto_scaler_profile.expander: "- Expander to use. Possible values are least-waste, priority, most-pods and random. Defaults to random." + auto_scaler_profile.max_graceful_termination_sec: "- Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600." + auto_scaler_profile.max_node_provisioning_time: "- Maximum time the autoscaler waits for a node to be provisioned. Defaults to 15m." + auto_scaler_profile.max_unready_nodes: "- Maximum Number of allowed unready nodes. Defaults to 3." + auto_scaler_profile.max_unready_percentage: "- Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to 45." + auto_scaler_profile.new_pod_scale_up_delay: "- For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to 10s." + auto_scaler_profile.scale_down_delay_after_add: "- How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m." + auto_scaler_profile.scale_down_delay_after_delete: "- How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval." + auto_scaler_profile.scale_down_delay_after_failure: "- How long after scale down failure that scale down evaluation resumes. Defaults to 3m." + auto_scaler_profile.scale_down_unneeded: "- How long a node should be unneeded before it is eligible for scale down. Defaults to 10m." + auto_scaler_profile.scale_down_unready: "- How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m." + auto_scaler_profile.scale_down_utilization_threshold: "- Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5." + auto_scaler_profile.scan_interval: "- How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s." + auto_scaler_profile.skip_nodes_with_local_storage: "- If true cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults to true." + auto_scaler_profile.skip_nodes_with_system_pods: "- If true cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults to true." + azure_active_directory_role_based_access_control.admin_group_object_ids: "- (Optional) A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster." + azure_active_directory_role_based_access_control.azure_rbac_enabled: "- (Optional) Is Role Based Access Control based on Azure AD enabled?" + azure_active_directory_role_based_access_control.client_app_id: "- (Required) The Client ID of an Azure Active Directory Application." + azure_active_directory_role_based_access_control.managed: "- (Optional) Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration." + azure_active_directory_role_based_access_control.server_app_id: "- (Required) The Server ID of an Azure Active Directory Application." + azure_active_directory_role_based_access_control.server_app_secret: "- (Required) The Server Secret of an Azure Active Directory Application." + azure_active_directory_role_based_access_control.tenant_id: "- (Optional) The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used." + default_node_pool: "- (Required) A default_node_pool block as defined below." + default_node_pool.enable_auto_scaling: "- (Optional) Should the Kubernetes Auto Scaler be enabled for this Node Pool? Defaults to false." + default_node_pool.enable_host_encryption: "- (Optional) Should the nodes in the Default Node Pool have host encryption enabled? Defaults to false." + default_node_pool.enable_node_public_ip: "- (Optional) Should nodes in this Node Pool have a Public IP Address? Defaults to false. Changing this forces a new resource to be created." + default_node_pool.fips_enabled: "- (Optional) Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created." + default_node_pool.kubelet_config: "- (Optional) A kubelet_config block as defined below." + default_node_pool.kubelet_disk_type: "- (Optional) The type of disk used by kubelet. Possible values are OS and Temporary." + default_node_pool.linux_os_config: "- (Optional) A linux_os_config block as defined below." + default_node_pool.max_count: "- (Required) The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000." + default_node_pool.max_pods: "- (Optional) The maximum number of pods that can run on each agent. Changing this forces a new resource to be created." + default_node_pool.min_count: "- (Required) The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000." + default_node_pool.name: "- (Required) The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created." + default_node_pool.node_count: "- (Optional) The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000 and between min_count and max_count." + default_node_pool.node_labels: "- (Optional) A map of Kubernetes labels which should be applied to nodes in the Default Node Pool." + default_node_pool.node_public_ip_prefix_id: "- (Optional) Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. enable_node_public_ip should be true. Changing this forces a new resource to be created." + default_node_pool.only_critical_addons_enabled: "- (Optional) Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint. Changing this forces a new resource to be created." + default_node_pool.orchestrator_version: "- (Optional) Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by kubernetes_version. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade)" + default_node_pool.os_disk_size_gb: "- (Optional) The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created." + default_node_pool.os_disk_type: "- (Optional) The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created." + default_node_pool.os_sku: "- (Optional) OsSKU to be used to specify Linux OSType. Not applicable to Windows OSType. Possible values include: Ubuntu, CBLMariner. Defaults to Ubuntu. Changing this forces a new resource to be created." + default_node_pool.pod_subnet_id: "- (Optional) The ID of the Subnet where the pods in the default Node Pool should exist. Changing this forces a new resource to be created." + default_node_pool.tags: "- (Optional) A mapping of tags to assign to the Node Pool." + default_node_pool.type: "- (Optional) The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets." + default_node_pool.ultra_ssd_enabled: "- (Optional) Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to false. See the documentation for more information." + default_node_pool.upgrade_settings: "- (Optional) A upgrade_settings block as documented below." + default_node_pool.vm_size: "- (Required) The size of the Virtual Machine, such as Standard_DS2_v2. Changing this forces a new resource to be created." + default_node_pool.vnet_subnet_id: "- (Optional) The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created." + default_node_pool.zones: "- (Optional) Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. Changing this forces a new Kubernetes Cluster to be created." + dns_prefix: "- (Optional) DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created." + dns_prefix_private_cluster: "- (Optional) Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created." + fqdn: "- The FQDN of the Azure Kubernetes Managed Cluster." + http_application_routing_zone_name: "- The Zone Name of the HTTP Application Routing." + http_proxy_config.http_proxy: "- (Optional) The proxy address to be used when communicating over HTTP." + http_proxy_config.https_proxy: "- (Optional) The proxy address to be used when communicating over HTTPS." + http_proxy_config.no_proxy: "- (Optional) The list of domains that will not use the proxy for communication." + http_proxy_config.trusted_ca: "- (Optional) The base64 encoded alternative CA certificate content in PEM format." + id: "- The Kubernetes Managed Cluster ID." + identity.aci_connector_linux: "- (Optional) A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes." + identity.api_server_authorized_ip_ranges: "- (Optional) The IP ranges to allow for incoming traffic to the server nodes." + identity.auto_scaler_profile: "- (Optional) A auto_scaler_profile block as defined below." + identity.automatic_channel_upgrade: "- (Optional) The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none." + identity.azure_active_directory_role_based_access_control: "- (Optional) - A azure_active_directory_role_based_access_control block as defined below." + identity.azure_policy_enabled: "- (Optional) Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service" + identity.disk_encryption_set_id: "- (Optional) The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation." + identity.http_application_routing_enabled: "- (Optional) Should HTTP Application Routing be enabled?" + identity.http_proxy_config: "- (Optional) A http_proxy_config block as defined below." + identity.identity: "- (Optional) An identity block as defined below. One of either identity or service_principal must be specified." + identity.identity_ids: "- (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster." + identity.ingress_application_gateway: "- (Optional) A ingress_application_gateway block as defined below." + identity.key_vault_secrets_provider: "- (Optional) A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS." + identity.kubelet_identity: "- A kubelet_identity block as defined below. Changing this forces a new resource to be created." + identity.kubernetes_version: "- (Optional) Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade)." + identity.linux_profile: "- (Optional) A linux_profile block as defined below." + identity.local_account_disabled: "- (Optional) - If true local accounts will be disabled. Defaults to false. See the documentation for more information." + identity.maintenance_window: "- (Optional) A maintenance_window block as defined below." + identity.microsoft_defender: "- (Optional) A microsoft_defender block as defined below." + identity.network_profile: "- (Optional) A network_profile block as defined below." + identity.node_resource_group: "- (Optional) The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created." + identity.oidc_issuer_enabled: "- (Required) Enable or Disable the OIDC issuer URL" + identity.oms_agent: "- (Optional) A oms_agent block as defined below." + identity.open_service_mesh_enabled: "- (Optional) Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS." + identity.principal_id: "- The Principal ID associated with this Managed Service Identity." + identity.private_cluster_enabled: "- (Optional) Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created." + identity.private_cluster_public_fqdn_enabled: "- (Optional) Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false." + identity.private_dns_zone_id: "- (Optional) Either the ID of Private DNS Zone which should be delegated to this Cluster, System to have AKS manage this or None. In case of None you will need to bring your own DNS server and set up resolving, otherwise cluster will have issues after provisioning. Changing this forces a new resource to be created." + identity.role_based_access_control_enabled: (Optional) - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created. + identity.run_command_enabled: "- (Optional) Whether to enable run command for the cluster or not. Defaults to true." + identity.service_principal: "- (Optional) A service_principal block as documented below. One of either identity or service_principal must be specified." + identity.sku_tier: "- (Optional) The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free." + identity.tags: "- (Optional) A mapping of tags to assign to the resource." + identity.tenant_id: "- The Tenant ID associated with this Managed Service Identity." + identity.type: "- (Required) Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned (to enable both)." + identity.windows_profile: "- (Optional) A windows_profile block as defined below." + ingress_application_gateway.effective_gateway_id: "- The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster." + ingress_application_gateway.gateway_id: "- (Optional) The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details." + ingress_application_gateway.gateway_name: "- (Optional) The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details." + ingress_application_gateway.ingress_application_gateway_identity: "- An ingress_application_gateway_identity block is exported. The exported attributes are defined below." + ingress_application_gateway.subnet_cidr: "- (Optional) The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details." + ingress_application_gateway.subnet_id: "- (Optional) The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details." + ingress_application_gateway_identity.client_id: "- The Client ID of the user-defined Managed Identity used by the Application Gateway." + ingress_application_gateway_identity.object_id: "- The Object ID of the user-defined Managed Identity used by the Application Gateway." + ingress_application_gateway_identity.user_assigned_identity_id: "- The ID of the User Assigned Identity used by the Application Gateway." + key_vault_secrets_provider.secret_identity: "- An secret_identity block is exported. The exported attributes are defined below." + key_vault_secrets_provider.secret_identity.client_id: "- The Client ID of the user-defined Managed Identity used by the Secret Provider." + key_vault_secrets_provider.secret_identity.object_id: "- The Object ID of the user-defined Managed Identity used by the Secret Provider." + key_vault_secrets_provider.secret_identity.user_assigned_identity_id: "- The ID of the User Assigned Identity used by the Secret Provider." + key_vault_secrets_provider.secret_rotation_enabled: "- (Required) Is secret rotation enabled?" + key_vault_secrets_provider.secret_rotation_interval: "- (Required) The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m." + kube_admin_config: "- A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled." + kube_admin_config.client_certificate: "- Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster." + kube_admin_config.client_key: "- Base64 encoded private key used by clients to authenticate to the Kubernetes cluster." + kube_admin_config.cluster_ca_certificate: "- Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster." + kube_admin_config.host: "- The Kubernetes cluster server host." + kube_admin_config.password: "- A password or token used to authenticate to the Kubernetes cluster." + kube_admin_config.username: "- A username used to authenticate to the Kubernetes cluster." + kube_admin_config_raw: "- Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled." + kube_config: "- A kube_config block as defined below." + kube_config_raw: "- Raw Kubernetes config to be used by kubectl and other compatible tools." + kubelet_config.allowed_unsafe_sysctls: "- (Optional) Specifies the allow list of unsafe sysctls command or patterns (ending in *). Changing this forces a new resource to be created." + kubelet_config.container_log_max_line: "- (Optional) Specifies the maximum number of container log files that can be present for a container. must be at least 2. Changing this forces a new resource to be created." + kubelet_config.container_log_max_size_mb: "- (Optional) Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. Changing this forces a new resource to be created." + kubelet_config.cpu_cfs_quota_enabled: "- (Optional) Is CPU CFS quota enforcement for containers enabled? Changing this forces a new resource to be created." + kubelet_config.cpu_cfs_quota_period: "- (Optional) Specifies the CPU CFS quota period value. Changing this forces a new resource to be created." + kubelet_config.cpu_manager_policy: "- (Optional) Specifies the CPU Manager policy to use. Possible values are none and static, Changing this forces a new resource to be created." + kubelet_config.image_gc_high_threshold: "- (Optional) Specifies the percent of disk usage above which image garbage collection is always run. Must be between 0 and 100. Changing this forces a new resource to be created." + kubelet_config.image_gc_low_threshold: "- (Optional) Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between 0 and 100. Changing this forces a new resource to be created." + kubelet_config.pod_max_pid: "- (Optional) Specifies the maximum number of processes per pod. Changing this forces a new resource to be created." + kubelet_config.topology_manager_policy: "- (Optional) Specifies the Topology Manager policy to use. Possible values are none, best-effort, restricted or single-numa-node. Changing this forces a new resource to be created." + kubelet_identity.client_id: "- (Required) The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically." + kubelet_identity.object_id: "- (Required) The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically." + kubelet_identity.user_assigned_identity_id: "- (Required) The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically." + linux_os_config.swap_file_size_mb: "- (Optional) Specifies the size of swap file on each node in MB. Changing this forces a new resource to be created." + linux_os_config.sysctl_config: "- (Optional) A sysctl_config block as defined below. Changing this forces a new resource to be created." + linux_os_config.transparent_huge_page_defrag: "- (Optional) specifies the defrag configuration for Transparent Huge Page. Possible values are always, defer, defer+madvise, madvise and never. Changing this forces a new resource to be created." + linux_os_config.transparent_huge_page_enabled: "- (Optional) Specifies the Transparent Huge Page enabled configuration. Possible values are always, madvise and never. Changing this forces a new resource to be created." + linux_profile.admin_username: "- (Required) The Admin Username for the Cluster. Changing this forces a new resource to be created." + linux_profile.ssh_key: "- (Required) An ssh_key block. Only one is currently allowed. Changing this forces a new resource to be created." + load_balancer_profile.effective_outbound_ips: "- The outcome (resource IDs) of the specified arguments." + load_balancer_profile.idle_timeout_in_minutes: "- (Optional) Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between 4 and 120 inclusive. Defaults to 30." + load_balancer_profile.managed_outbound_ip_count: "- (Optional) Count of desired managed outbound IPs for the cluster load balancer. Must be between 1 and 100 inclusive." + load_balancer_profile.outbound_ip_address_ids: "- (Optional) The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer." + load_balancer_profile.outbound_ip_prefix_ids: "- (Optional) The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer." + load_balancer_profile.outbound_ports_allocated: "- (Optional) Number of desired SNAT port for each VM in the clusters load balancer. Must be between 0 and 64000 inclusive. Defaults to 0." + location: "- (Required) The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created." + maintenance_window.allowed: "- (Optional) One or more allowed block as defined below." + maintenance_window.not_allowed: "- (Optional) One or more not_allowed block as defined below." + microsoft_defender.log_analytics_workspace_id: "- (Required) Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to." + name: "- (Required) The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created." + nat_gateway_profile.effective_outbound_ips: "- The outcome (resource IDs) of the specified arguments." + nat_gateway_profile.idle_timeout_in_minutes: "- (Optional) Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between 4 and 120 inclusive. Defaults to 4." + nat_gateway_profile.managed_outbound_ip_count: "- (Optional) Count of desired managed outbound IPs for the cluster load balancer. Must be between 1 and 100 inclusive." + network_profile.network_plugin: "- (Required) Network plugin to use for networking. Currently supported values are azure, kubenet and none. Changing this forces a new resource to be created." + network_profile.network_plugin.dns_service_ip: "- (Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created." + network_profile.network_plugin.docker_bridge_cidr: "- (Optional) IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created." + network_profile.network_plugin.ip_versions: "- (Optional) Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are IPv4 and/or IPv6. IPv4 must always be specified. Changing this forces a new resource to be created." + network_profile.network_plugin.load_balancer_profile: "- (Optional) A load_balancer_profile block. This can only be specified when load_balancer_sku is set to standard." + network_profile.network_plugin.load_balancer_sku: "- (Optional) Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are basic and standard. Defaults to standard." + network_profile.network_plugin.nat_gateway_profile: "- (Optional) A nat_gateway_profile block. This can only be specified when load_balancer_sku is set to standard and outbound_type is set to managedNATGateway or userAssignedNATGateway." + network_profile.network_plugin.network_mode: "- (Optional) Network mode to be used with Azure CNI. Possible values are bridge and transparent. Changing this forces a new resource to be created." + network_profile.network_plugin.network_policy: "- (Optional) Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created." + network_profile.network_plugin.outbound_type: "- (Optional) The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer, userDefinedRouting, managedNATGateway and userAssignedNATGateway. Defaults to loadBalancer." + network_profile.network_plugin.pod_cidr: "- (Optional) The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created." + network_profile.network_plugin.service_cidr: "- (Optional) The Network Range used by the Kubernetes service. Changing this forces a new resource to be created." + node_resource_group: "- The auto-generated Resource Group which contains the resources for this Managed Kubernetes Cluster." + not_allowed.end: "- (Required) The end of a time span, formatted as an RFC3339 string." + not_allowed.start: "- (Required) The start of a time span, formatted as an RFC3339 string." + oidc_issuer_url: "- The OIDC issuer URL that is associated with the cluster." + oms_agent.log_analytics_workspace_id: "- (Required) The ID of the Log Analytics Workspace which the OMS Agent should send data to." + oms_agent.oms_agent_identity: "- An oms_agent_identity block is exported. The exported attributes are defined below." + oms_agent.oms_agent_identity.client_id: "- The Client ID of the user-defined Managed Identity used by the OMS Agents." + oms_agent.oms_agent_identity.object_id: "- The Object ID of the user-defined Managed Identity used by the OMS Agents." + oms_agent.oms_agent_identity.user_assigned_identity_id: "- The ID of the User Assigned Identity used by the OMS Agents." + portal_fqdn: "- The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster." + private_fqdn: "- The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster." + resource_group_name: "- (Required) Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created." + service_principal.client_id: "- (Required) The Client ID for the Service Principal." + service_principal.client_secret: "- (Required) The Client Secret for the Service Principal." + ssh_key.key_data: "- (Required) The Public SSH Key used to access the cluster. Changing this forces a new resource to be created." + sysctl_config.fs_aio_max_nr: "- (Optional) The sysctl setting fs.aio-max-nr. Must be between 65536 and 6553500. Changing this forces a new resource to be created." + sysctl_config.fs_file_max: "- (Optional) The sysctl setting fs.file-max. Must be between 8192 and 12000500. Changing this forces a new resource to be created." + sysctl_config.fs_inotify_max_user_watches: "- (Optional) The sysctl setting fs.inotify.max_user_watches. Must be between 781250 and 2097152. Changing this forces a new resource to be created." + sysctl_config.fs_nr_open: "- (Optional) The sysctl setting fs.nr_open. Must be between 8192 and 20000500. Changing this forces a new resource to be created." + sysctl_config.kernel_threads_max: "- (Optional) The sysctl setting kernel.threads-max. Must be between 20 and 513785. Changing this forces a new resource to be created." + sysctl_config.net_core_netdev_max_backlog: "- (Optional) The sysctl setting net.core.netdev_max_backlog. Must be between 1000 and 3240000. Changing this forces a new resource to be created." + sysctl_config.net_core_optmem_max: "- (Optional) The sysctl setting net.core.optmem_max. Must be between 20480 and 4194304. Changing this forces a new resource to be created." + sysctl_config.net_core_rmem_default: "- (Optional) The sysctl setting net.core.rmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created." + sysctl_config.net_core_rmem_max: "- (Optional) The sysctl setting net.core.rmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created." + sysctl_config.net_core_somaxconn: "- (Optional) The sysctl setting net.core.somaxconn. Must be between 4096 and 3240000. Changing this forces a new resource to be created." + sysctl_config.net_core_wmem_default: "- (Optional) The sysctl setting net.core.wmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created." + sysctl_config.net_core_wmem_max: "- (Optional) The sysctl setting net.core.wmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_ip_local_port_range_max: "- (Optional) The sysctl setting net.ipv4.ip_local_port_range max value. Must be between 1024 and 60999. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_ip_local_port_range_min: "- (Optional) The sysctl setting net.ipv4.ip_local_port_range min value. Must be between 1024 and 60999. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_neigh_default_gc_thresh1: "- (Optional) The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between 128 and 80000. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_neigh_default_gc_thresh2: "- (Optional) The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between 512 and 90000. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_neigh_default_gc_thresh3: "- (Optional) The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between 1024 and 100000. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_tcp_fin_timeout: "- (Optional) The sysctl setting net.ipv4.tcp_fin_timeout. Must be between 5 and 120. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_tcp_keepalive_intvl: "- (Optional) The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between 10 and 75. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_tcp_keepalive_probes: "- (Optional) The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between 1 and 15. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_tcp_keepalive_time: "- (Optional) The sysctl setting net.ipv4.tcp_keepalive_time. Must be between 30 and 432000. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_tcp_max_syn_backlog: "- (Optional) The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between 128 and 3240000. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_tcp_max_tw_buckets: "- (Optional) The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between 8000 and 1440000. Changing this forces a new resource to be created." + sysctl_config.net_ipv4_tcp_tw_reuse: "- (Optional) The sysctl setting net.ipv4.tcp_tw_reuse. Changing this forces a new resource to be created." + sysctl_config.net_netfilter_nf_conntrack_buckets: "- (Optional) The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between 65536 and 147456. Changing this forces a new resource to be created." + sysctl_config.net_netfilter_nf_conntrack_max: "- (Optional) The sysctl setting net.netfilter.nf_conntrack_max. Must be between 131072 and 1048576. Changing this forces a new resource to be created." + sysctl_config.vm_max_map_count: "- (Optional) The sysctl setting vm.max_map_count. Must be between 65530 and 262144. Changing this forces a new resource to be created." + sysctl_config.vm_swappiness: "- (Optional) The sysctl setting vm.swappiness. Must be between 0 and 100. Changing this forces a new resource to be created." + sysctl_config.vm_vfs_cache_pressure: "- (Optional) The sysctl setting vm.vfs_cache_pressure. Must be between 0 and 100. Changing this forces a new resource to be created." + timeouts.create: "- (Defaults to 90 minutes) Used when creating the Kubernetes Cluster." + timeouts.delete: "- (Defaults to 90 minutes) Used when deleting the Kubernetes Cluster." + timeouts.read: "- (Defaults to 5 minutes) Used when retrieving the Kubernetes Cluster." + timeouts.update: "- (Defaults to 90 minutes) Used when updating the Kubernetes Cluster." + upgrade_settings.max_surge: "- (Required) The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade." + windows_profile.admin_password: "- (Required) The Admin Password for Windows VMs. Length must be between 14 and 123 characters." + windows_profile.admin_username: "- (Required) The Admin Username for Windows VMs." + windows_profile.license: "- (Optional) Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine. At this time the only possible value is Windows_Server." + importStatements: + - terraform import azurerm_kubernetes_cluster.cluster1 /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/group1/providers/Microsoft.ContainerService/managedClusters/cluster1 diff --git a/pkg/registry/testdata/azure/r/aadb2c_directory.html.markdown b/pkg/registry/testdata/azure/r/aadb2c_directory.html.markdown index 8a3c4b84..c97726d9 100644 --- a/pkg/registry/testdata/azure/r/aadb2c_directory.html.markdown +++ b/pkg/registry/testdata/azure/r/aadb2c_directory.html.markdown @@ -1,4 +1,11 @@ + + --- + subcategory: "AAD B2C" layout: "azurerm" page_title: "Azure Resource Manager: azurerm_aadb2c_directory" @@ -43,7 +50,7 @@ The following arguments are supported: ## Attributes Reference -In addition to the Arguments listed above - the following Attributes are exported: +In addition to the Arguments listed above - the following Attributes are exported: * `id` - The ID of the AAD B2C Directory. diff --git a/pkg/registry/testdata/azure/r/attestation.html.markdown b/pkg/registry/testdata/azure/r/attestation.html.markdown index 10240a8f..257af10f 100644 --- a/pkg/registry/testdata/azure/r/attestation.html.markdown +++ b/pkg/registry/testdata/azure/r/attestation.html.markdown @@ -1,4 +1,11 @@ + + --- + subcategory: "Attestation" layout: "azurerm" page_title: "Azure Resource Manager: azurerm_attestation" @@ -47,7 +54,7 @@ The following arguments are supported: ## Attributes Reference -The following Attributes are exported: +The following Attributes are exported: * `id` - The ID of the Attestation Provider. diff --git a/pkg/registry/testdata/azure/r/kubernetes_cluster.html.markdown b/pkg/registry/testdata/azure/r/kubernetes_cluster.html.markdown index 495a5da2..f1feaa5d 100644 --- a/pkg/registry/testdata/azure/r/kubernetes_cluster.html.markdown +++ b/pkg/registry/testdata/azure/r/kubernetes_cluster.html.markdown @@ -1,4 +1,11 @@ + + --- + subcategory: "Container" layout: "azurerm" page_title: "Azure Resource Manager: azurerm_kubernetes_cluster" @@ -438,7 +445,7 @@ The `kubelet_identity` block supports the following: * `object_id` - (Required) The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. -* `user_assigned_identity_id` - (Required) The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. +* `user_assigned_identity_id` - (Required) The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. --- @@ -791,7 +798,7 @@ The `ingress_application_gateway_identity` block exports the following: --- -The `oms_agent` block exports the following: +The `oms_agent` block exports the following: * `oms_agent_identity` - An `oms_agent_identity` block is exported. The exported attributes are defined below. @@ -823,7 +830,6 @@ The `secret_identity` block exports the following: --- - ## Timeouts The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: diff --git a/pkg/registry/testdata/gcp/pm.yaml b/pkg/registry/testdata/gcp/pm.yaml index 5af96687..c0cdfa9c 100644 --- a/pkg/registry/testdata/gcp/pm.yaml +++ b/pkg/registry/testdata/gcp/pm.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2023 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + name: test-provider resources: google_access_context_manager_access_level: diff --git a/pkg/registry/testdata/gcp/r/access_context_manager_access_level.html.markdown b/pkg/registry/testdata/gcp/r/access_context_manager_access_level.html.markdown index 4cd95e2e..82f5834a 100644 --- a/pkg/registry/testdata/gcp/r/access_context_manager_access_level.html.markdown +++ b/pkg/registry/testdata/gcp/r/access_context_manager_access_level.html.markdown @@ -1,3 +1,9 @@ + + --- # ---------------------------------------------------------------------------- # diff --git a/pkg/registry/testdata/gcp/r/container_cluster.html.markdown b/pkg/registry/testdata/gcp/r/container_cluster.html.markdown index ee43e8f7..1451d6d9 100644 --- a/pkg/registry/testdata/gcp/r/container_cluster.html.markdown +++ b/pkg/registry/testdata/gcp/r/container_cluster.html.markdown @@ -1,3 +1,9 @@ + + --- subcategory: "Kubernetes (Container) Engine" layout: "google" diff --git a/pkg/registry/testdata/gcp/r/storage_bucket.html.markdown b/pkg/registry/testdata/gcp/r/storage_bucket.html.markdown index 26c6297b..925cf83d 100644 --- a/pkg/registry/testdata/gcp/r/storage_bucket.html.markdown +++ b/pkg/registry/testdata/gcp/r/storage_bucket.html.markdown @@ -1,3 +1,9 @@ + + --- subcategory: "Cloud Storage" layout: "google" diff --git a/pkg/resource/conditions.go b/pkg/resource/conditions.go index cb5b488c..62e8462b 100644 --- a/pkg/resource/conditions.go +++ b/pkg/resource/conditions.go @@ -1,17 +1,16 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package resource import ( + tferrors "github.com/crossplane/upjet/pkg/terraform/errors" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - - tferrors "github.com/upbound/upjet/pkg/terraform/errors" ) // Condition constants. diff --git a/pkg/resource/extractor.go b/pkg/resource/extractor.go index 7ecbb78f..20d3f5e8 100644 --- a/pkg/resource/extractor.go +++ b/pkg/resource/extractor.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package resource diff --git a/pkg/resource/fake/mocks/mock.go b/pkg/resource/fake/mocks/mock.go index f46cfafc..d8ffdcec 100644 --- a/pkg/resource/fake/mocks/mock.go +++ b/pkg/resource/fake/mocks/mock.go @@ -1,19 +1,9 @@ -// Copyright 2021 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 // Code generated by MockGen. DO NOT EDIT. -// Source: github.com/upbound/upjet/pkg/resource (interfaces: SecretClient) +// Source: github.com/crossplane/upjet/pkg/resource (interfaces: SecretClient) // Package mocks is a generated GoMock package. package mocks diff --git a/pkg/resource/fake/terraformed.go b/pkg/resource/fake/terraformed.go index 0f1cb732..857788b8 100644 --- a/pkg/resource/fake/terraformed.go +++ b/pkg/resource/fake/terraformed.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package fake diff --git a/pkg/resource/ignored.go b/pkg/resource/ignored.go index c99edbd0..ce37a9bf 100644 --- a/pkg/resource/ignored.go +++ b/pkg/resource/ignored.go @@ -1,6 +1,6 @@ -/* -Copyright 2023 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package resource diff --git a/pkg/resource/ignored_test.go b/pkg/resource/ignored_test.go index e6843370..b0766633 100644 --- a/pkg/resource/ignored_test.go +++ b/pkg/resource/ignored_test.go @@ -1,14 +1,15 @@ -/* -Copyright 2023 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package resource import ( - _ "embed" "testing" "github.com/google/go-cmp/cmp" + + _ "embed" ) func TestGetIgnoredFields(t *testing.T) { diff --git a/pkg/resource/interfaces.go b/pkg/resource/interfaces.go index 9e5f93b4..2c68ea1d 100644 --- a/pkg/resource/interfaces.go +++ b/pkg/resource/interfaces.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package resource diff --git a/pkg/resource/json/json.go b/pkg/resource/json/json.go index 07cd0c7a..87ff2b5e 100644 --- a/pkg/resource/json/json.go +++ b/pkg/resource/json/json.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package json diff --git a/pkg/resource/json/statev4.go b/pkg/resource/json/statev4.go index 4b8117b6..842bf09c 100644 --- a/pkg/resource/json/statev4.go +++ b/pkg/resource/json/statev4.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package json diff --git a/pkg/resource/lateinit.go b/pkg/resource/lateinit.go index 4695f466..9d9ffa9a 100644 --- a/pkg/resource/lateinit.go +++ b/pkg/resource/lateinit.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package resource @@ -10,12 +10,12 @@ import ( "runtime/debug" "strings" - xpmeta "github.com/crossplane/crossplane-runtime/pkg/meta" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/upjet/pkg/config" "github.com/pkg/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/upbound/upjet/pkg/config" + xpmeta "github.com/crossplane/crossplane-runtime/pkg/meta" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" ) const ( @@ -111,7 +111,8 @@ func WithZeroValueJSONOmitEmptyFilter(cName string) GenericLateInitializerOption // zeroValueJSONOmitEmptyFilter is a late-initialization ValueFilter that // skips initialization of a zero-valued field that has omitempty JSON tag -// nolint:gocyclo +// +//nolint:gocyclo func zeroValueJSONOmitEmptyFilter(cName string) ValueFilter { return func(cn string, f reflect.StructField, v reflect.Value) bool { if cName != CNameWildcard && cName != cn { @@ -178,7 +179,8 @@ func isZeroValueOmitted(tag string) bool { // Both crObject and responseObject must be pointers to structs. // Otherwise, an error will be returned. Returns `true` if at least one field has been stored // from source `responseObject` into a corresponding field of target `crObject`. -// nolint:gocyclo +// +//nolint:gocyclo func (li *GenericLateInitializer) LateInitialize(desiredObject, observedObject any) (changed bool, err error) { if desiredObject == nil || reflect.ValueOf(desiredObject).IsNil() || observedObject == nil || reflect.ValueOf(observedObject).IsNil() { @@ -204,7 +206,7 @@ func (li *GenericLateInitializer) LateInitialize(desiredObject, observedObject a return } -// nolint:gocyclo +//nolint:gocyclo func (li *GenericLateInitializer) handleStruct(parentName string, desiredObject any, observedObject any) (bool, error) { typeOfDesiredObject, typeOfObservedObject := reflect.TypeOf(desiredObject), reflect.TypeOf(observedObject) valueOfDesiredObject, valueOfObservedObject := reflect.ValueOf(desiredObject), reflect.ValueOf(observedObject).Elem() @@ -248,7 +250,7 @@ func (li *GenericLateInitializer) handleStruct(parentName string, desiredObject continue } - switch desiredStructField.Type.Kind() { // nolint:exhaustive + switch desiredStructField.Type.Kind() { //nolint:exhaustive // handle pointer struct field case reflect.Ptr: desiredKeepField, err = li.handlePtr(cName, desiredFieldValue, observedFieldValue) @@ -318,7 +320,7 @@ func (li *GenericLateInitializer) handleSlice(cName string, desiredFieldValue, o // error from processing the next element of the slice var err error // check slice item's kind (not slice type) - switch item.Elem().Kind() { // nolint:exhaustive + switch item.Elem().Kind() { //nolint:exhaustive // if dealing with a slice of pointers case reflect.Ptr: _, err = li.handlePtr(cName, item.Elem(), observedFieldValue.Index(i)) @@ -361,7 +363,7 @@ func (li *GenericLateInitializer) handleMap(cName string, desiredFieldValue, obs // error from processing the next element of the map var err error // check map item's kind (not map type) - switch item.Elem().Kind() { // nolint:exhaustive + switch item.Elem().Kind() { //nolint:exhaustive // if dealing with a slice of pointers case reflect.Ptr: _, err = li.handlePtr(cName, item.Elem(), observedFieldValue.MapIndex(k)) diff --git a/pkg/resource/lateinit_test.go b/pkg/resource/lateinit_test.go index d67a11dd..f3c90004 100644 --- a/pkg/resource/lateinit_test.go +++ b/pkg/resource/lateinit_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package resource diff --git a/pkg/resource/sensitive.go b/pkg/resource/sensitive.go index 1ca3bee5..70b21454 100644 --- a/pkg/resource/sensitive.go +++ b/pkg/resource/sensitive.go @@ -1,18 +1,6 @@ -/* -Copyright 2021 Upbound Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License mapping - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package resource @@ -22,15 +10,15 @@ import ( "regexp" "strings" - v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" - "github.com/crossplane/crossplane-runtime/pkg/fieldpath" - "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" - "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/upjet/pkg/config" "github.com/pkg/errors" kerrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" - "github.com/upbound/upjet/pkg/config" + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/fieldpath" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + "github.com/crossplane/crossplane-runtime/pkg/resource" ) const ( @@ -68,7 +56,7 @@ func init() { // SecretClient is the client to get sensitive data from kubernetes secrets // -//go:generate go run github.com/golang/mock/mockgen -copyright_file ../../hack/boilerplate.txt -destination ./fake/mocks/mock.go -package mocks github.com/upbound/upjet/pkg/resource SecretClient +//go:generate go run github.com/golang/mock/mockgen -copyright_file ../../hack/boilerplate.txt -destination ./fake/mocks/mock.go -package mocks github.com/crossplane/upjet/pkg/resource SecretClient type SecretClient interface { GetSecretData(ctx context.Context, ref *v1.SecretReference) (map[string][]byte, error) GetSecretValue(ctx context.Context, sel v1.SecretKeySelector) ([]byte, error) @@ -136,7 +124,7 @@ func GetSensitiveAttributes(from map[string]any, mapping map[string]string) (map // Note(turkenh): k8s secrets uses a strict regex to validate secret // keys which does not allow having brackets inside. So, we need to // do a conversion to be able to store as connection secret keys. - // See https://github.com/upbound/upjet/pull/94 for + // See https://github.com/crossplane/upjet/pull/94 for // more details. k, err := fieldPathToSecretKey(fp) if err != nil { diff --git a/pkg/resource/sensitive_test.go b/pkg/resource/sensitive_test.go index a694c805..4aa71919 100644 --- a/pkg/resource/sensitive_test.go +++ b/pkg/resource/sensitive_test.go @@ -1,18 +1,6 @@ -/* - Copyright 2021 Upbound Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package resource @@ -20,9 +8,10 @@ import ( "context" "testing" - xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" - "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" - "github.com/crossplane/crossplane-runtime/pkg/test" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/resource/fake" + "github.com/crossplane/upjet/pkg/resource/fake/mocks" + "github.com/crossplane/upjet/pkg/resource/json" "github.com/golang/mock/gomock" "github.com/google/go-cmp/cmp" "github.com/pkg/errors" @@ -31,10 +20,9 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/resource/fake" - "github.com/upbound/upjet/pkg/resource/fake/mocks" - "github.com/upbound/upjet/pkg/resource/json" + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + "github.com/crossplane/crossplane-runtime/pkg/test" ) var ( diff --git a/pkg/terraform/errors/errors.go b/pkg/terraform/errors/errors.go index dbe91342..58bb4d6c 100644 --- a/pkg/terraform/errors/errors.go +++ b/pkg/terraform/errors/errors.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package errors diff --git a/pkg/terraform/errors/errors_test.go b/pkg/terraform/errors/errors_test.go index e8091063..e1602254 100644 --- a/pkg/terraform/errors/errors_test.go +++ b/pkg/terraform/errors/errors_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package errors diff --git a/pkg/terraform/files.go b/pkg/terraform/files.go index 8a556755..c724ec1c 100644 --- a/pkg/terraform/files.go +++ b/pkg/terraform/files.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform @@ -12,15 +12,14 @@ import ( "strings" "dario.cat/mergo" - - "github.com/crossplane/crossplane-runtime/pkg/feature" - "github.com/crossplane/crossplane-runtime/pkg/meta" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" "github.com/pkg/errors" "github.com/spf13/afero" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/resource" - "github.com/upbound/upjet/pkg/resource/json" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/meta" ) const ( @@ -185,7 +184,7 @@ func (fp *FileProducer) WriteMainTF() (ProviderHandle, error) { // EnsureTFState writes the Terraform state that should exist in the filesystem // to start any Terraform operation. -func (fp *FileProducer) EnsureTFState(ctx context.Context, tfID string) error { //nolint:gocyclo +func (fp *FileProducer) EnsureTFState(ctx context.Context, tfID string) error { // TODO(muvaf): Reduce the cyclomatic complexity by separating the attributes // generation into its own function/interface. empty, err := fp.isStateEmpty() diff --git a/pkg/terraform/files_test.go b/pkg/terraform/files_test.go index ec38af8e..11bfed06 100644 --- a/pkg/terraform/files_test.go +++ b/pkg/terraform/files_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform @@ -11,19 +11,19 @@ import ( "testing" "time" - "github.com/crossplane/crossplane-runtime/pkg/feature" - "github.com/crossplane/crossplane-runtime/pkg/meta" - xpfake "github.com/crossplane/crossplane-runtime/pkg/resource/fake" - "github.com/crossplane/crossplane-runtime/pkg/test" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/fake" + "github.com/crossplane/upjet/pkg/resource/json" "github.com/google/go-cmp/cmp" "github.com/pkg/errors" "github.com/spf13/afero" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/resource" - "github.com/upbound/upjet/pkg/resource/fake" - "github.com/upbound/upjet/pkg/resource/json" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/meta" + xpfake "github.com/crossplane/crossplane-runtime/pkg/resource/fake" + "github.com/crossplane/crossplane-runtime/pkg/test" ) const ( diff --git a/pkg/terraform/finalizer.go b/pkg/terraform/finalizer.go index e38011eb..bff2607e 100644 --- a/pkg/terraform/finalizer.go +++ b/pkg/terraform/finalizer.go @@ -1,14 +1,15 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform import ( "context" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" "github.com/pkg/errors" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" ) const ( diff --git a/pkg/terraform/finalizer_test.go b/pkg/terraform/finalizer_test.go index c86e32f7..f2be6d11 100644 --- a/pkg/terraform/finalizer_test.go +++ b/pkg/terraform/finalizer_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform @@ -8,13 +8,13 @@ import ( "context" "testing" - "github.com/crossplane/crossplane-runtime/pkg/logging" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - "github.com/crossplane/crossplane-runtime/pkg/test" + "github.com/crossplane/upjet/pkg/resource" "github.com/google/go-cmp/cmp" "github.com/pkg/errors" - "github.com/upbound/upjet/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/logging" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/test" ) var ( diff --git a/pkg/terraform/operation.go b/pkg/terraform/operation.go index 4f199c18..8f71ddb0 100644 --- a/pkg/terraform/operation.go +++ b/pkg/terraform/operation.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform diff --git a/pkg/terraform/operation_test.go b/pkg/terraform/operation_test.go index a630e3df..8700df2b 100644 --- a/pkg/terraform/operation_test.go +++ b/pkg/terraform/operation_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform diff --git a/pkg/terraform/provider_runner.go b/pkg/terraform/provider_runner.go index 101fe0f6..6653995e 100644 --- a/pkg/terraform/provider_runner.go +++ b/pkg/terraform/provider_runner.go @@ -1,16 +1,6 @@ -// Copyright 2022 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package terraform @@ -22,10 +12,11 @@ import ( "sync" "time" - "github.com/crossplane/crossplane-runtime/pkg/logging" "github.com/pkg/errors" "k8s.io/utils/clock" "k8s.io/utils/exec" + + "github.com/crossplane/crossplane-runtime/pkg/logging" ) const ( diff --git a/pkg/terraform/provider_runner_test.go b/pkg/terraform/provider_runner_test.go index 7087d482..bd558110 100644 --- a/pkg/terraform/provider_runner_test.go +++ b/pkg/terraform/provider_runner_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform @@ -14,13 +14,14 @@ import ( "testing" "time" - "github.com/crossplane/crossplane-runtime/pkg/logging" - "github.com/crossplane/crossplane-runtime/pkg/test" "github.com/google/go-cmp/cmp" "github.com/pkg/errors" clock "k8s.io/utils/clock/testing" "k8s.io/utils/exec" testingexec "k8s.io/utils/exec/testing" + + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/test" ) func TestStartSharedServer(t *testing.T) { diff --git a/pkg/terraform/provider_scheduler.go b/pkg/terraform/provider_scheduler.go index da49c1ef..60abc288 100644 --- a/pkg/terraform/provider_scheduler.go +++ b/pkg/terraform/provider_scheduler.go @@ -1,26 +1,16 @@ -// Copyright 2023 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package terraform import ( "sync" - "github.com/crossplane/crossplane-runtime/pkg/logging" + tferrors "github.com/crossplane/upjet/pkg/terraform/errors" "github.com/pkg/errors" - tferrors "github.com/upbound/upjet/pkg/terraform/errors" + "github.com/crossplane/crossplane-runtime/pkg/logging" ) // ProviderHandle represents native plugin (Terraform provider) process diff --git a/pkg/terraform/store.go b/pkg/terraform/store.go index 0b86ea85..2f9b7f57 100644 --- a/pkg/terraform/store.go +++ b/pkg/terraform/store.go @@ -1,16 +1,6 @@ -// Copyright 2021 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package terraform @@ -25,10 +15,9 @@ import ( "sync" "time" - "github.com/crossplane/crossplane-runtime/pkg/feature" - "github.com/crossplane/crossplane-runtime/pkg/logging" - "github.com/crossplane/crossplane-runtime/pkg/meta" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/crossplane/upjet/pkg/resource" "github.com/mitchellh/go-ps" "github.com/pkg/errors" "github.com/spf13/afero" @@ -36,9 +25,10 @@ import ( "k8s.io/utils/exec" "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/metrics" - "github.com/upbound/upjet/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/meta" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" ) const ( diff --git a/pkg/terraform/timeouts.go b/pkg/terraform/timeouts.go index 273d1ede..93c3d240 100644 --- a/pkg/terraform/timeouts.go +++ b/pkg/terraform/timeouts.go @@ -1,26 +1,14 @@ -/* - Copyright 2022 Upbound Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform import ( - "github.com/crossplane/crossplane-runtime/pkg/errors" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/resource/json" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/resource/json" + "github.com/crossplane/crossplane-runtime/pkg/errors" ) // "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0" is a hardcoded string for Terraform diff --git a/pkg/terraform/timeouts_test.go b/pkg/terraform/timeouts_test.go index 044fd67a..cc70cd72 100644 --- a/pkg/terraform/timeouts_test.go +++ b/pkg/terraform/timeouts_test.go @@ -1,18 +1,6 @@ -/* - Copyright 2022 Upbound Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform @@ -181,7 +169,7 @@ func TestInsertTimeoutsMeta(t *testing.T) { }, }, want: want{ - err: errors.Wrap(errors.New(`ReadString: expects " or n, but found m, error found in #2 byte of ...|{malformed}|..., bigger context ...|{malformed}|...`), `cannot parse existing metadata`), // nolint: golint + err: errors.Wrap(errors.New(`ReadString: expects " or n, but found m, error found in #2 byte of ...|{malformed}|..., bigger context ...|{malformed}|...`), `cannot parse existing metadata`), //nolint: golint }, }, "ExistingMetaAndTimeout": { diff --git a/pkg/terraform/workspace.go b/pkg/terraform/workspace.go index 4096cfbe..beb6d2da 100644 --- a/pkg/terraform/workspace.go +++ b/pkg/terraform/workspace.go @@ -1,16 +1,6 @@ -// Copyright 2021 Upbound Inc. +// SPDX-FileCopyrightText: 2023 The Crossplane Authors // -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// SPDX-License-Identifier: Apache-2.0 package terraform @@ -23,16 +13,15 @@ import ( "sync" "time" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" + tferrors "github.com/crossplane/upjet/pkg/terraform/errors" "github.com/pkg/errors" "github.com/spf13/afero" k8sExec "k8s.io/utils/exec" "github.com/crossplane/crossplane-runtime/pkg/logging" - - "github.com/upbound/upjet/pkg/metrics" - "github.com/upbound/upjet/pkg/resource" - "github.com/upbound/upjet/pkg/resource/json" - tferrors "github.com/upbound/upjet/pkg/terraform/errors" ) const ( @@ -355,7 +344,7 @@ type ImportResult RefreshResult // Import makes a blocking terraform import call where only the state file // is changed with the current state of the resource. -func (w *Workspace) Import(ctx context.Context, tr resource.Terraformed) (ImportResult, error) { // nolint:gocyclo +func (w *Workspace) Import(ctx context.Context, tr resource.Terraformed) (ImportResult, error) { //nolint:gocyclo switch { case w.LastOperation.IsRunning(): return ImportResult{ diff --git a/pkg/terraform/workspace_test.go b/pkg/terraform/workspace_test.go index abbcc1e0..b33c88ee 100644 --- a/pkg/terraform/workspace_test.go +++ b/pkg/terraform/workspace_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package terraform @@ -9,6 +9,8 @@ import ( "testing" "time" + "github.com/crossplane/upjet/pkg/resource/json" + tferrors "github.com/crossplane/upjet/pkg/terraform/errors" "github.com/google/go-cmp/cmp" "github.com/pkg/errors" "github.com/spf13/afero" @@ -16,9 +18,6 @@ import ( testingexec "k8s.io/utils/exec/testing" "github.com/crossplane/crossplane-runtime/pkg/test" - - "github.com/upbound/upjet/pkg/resource/json" - tferrors "github.com/upbound/upjet/pkg/terraform/errors" ) var ( diff --git a/pkg/types/builder.go b/pkg/types/builder.go index a4f78574..3f4d2de9 100644 --- a/pkg/types/builder.go +++ b/pkg/types/builder.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package types @@ -11,14 +11,13 @@ import ( "sort" "strings" + "github.com/crossplane/upjet/pkg/config" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" twtypes "github.com/muvaf/typewriter/pkg/types" "github.com/pkg/errors" "k8s.io/utils/pointer" "github.com/crossplane/crossplane-runtime/pkg/fieldpath" - - "github.com/upbound/upjet/pkg/config" ) const ( @@ -160,7 +159,7 @@ func (g *Builder) AddToBuilder(typeNames *TypeNames, r *resource) (*types.Named, return paramType, obsType, initType } -func (g *Builder) buildSchema(f *Field, cfg *config.Resource, names []string, r *resource) (types.Type, types.Type, error) { // nolint:gocyclo +func (g *Builder) buildSchema(f *Field, cfg *config.Resource, names []string, r *resource) (types.Type, types.Type, error) { //nolint:gocyclo switch f.Schema.Type { case schema.TypeBool: return types.NewPointer(types.Universe.Lookup("bool").Type()), nil, nil @@ -244,7 +243,7 @@ func (g *Builder) buildSchema(f *Field, cfg *config.Resource, names []string, r } } // if unset - // see: https://github.com/upbound/upjet/issues/177 + // see: https://github.com/crossplane/upjet/issues/177 case nil: elemType = types.Universe.Lookup("string").Type() initElemType = elemType @@ -330,7 +329,7 @@ func (r *resource) addParameterField(f *Field, field *types.Var) { // not just the top level ones, due to having all forProvider // fields now optional. CEL rules should check if a field is // present either in forProvider or initProvider. - // https://github.com/upbound/upjet/issues/239 + // https://github.com/crossplane/upjet/issues/239 if requiredBySchema && !f.Identifier && len(f.CanonicalPaths) == 1 { requiredBySchema = false // If the field is not a terraform field, we should not require it in init, @@ -375,7 +374,7 @@ func (r *resource) addObservationField(f *Field, field *types.Var) { if obsF.Name() == field.Name() { // If the field is already added, we don't add it again. // Some nested types could have been previously added as an - // observation type while building their schema: https://github.com/upbound/upjet/blob/b89baca4ae24c8fbd8eb403c353ca18916093e5e/pkg/types/builder.go#L206 + // observation type while building their schema: https://github.com/crossplane/upjet/blob/b89baca4ae24c8fbd8eb403c353ca18916093e5e/pkg/types/builder.go#L206 return } } diff --git a/pkg/types/builder_test.go b/pkg/types/builder_test.go index 30680256..86fba91e 100644 --- a/pkg/types/builder_test.go +++ b/pkg/types/builder_test.go @@ -1,18 +1,6 @@ -/* - Copyright 2021 Upbound Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package types @@ -22,12 +10,12 @@ import ( "go/types" "testing" - "github.com/crossplane/crossplane-runtime/pkg/test" + "github.com/crossplane/upjet/pkg/config" "github.com/google/go-cmp/cmp" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/pkg/errors" - "github.com/upbound/upjet/pkg/config" + "github.com/crossplane/crossplane-runtime/pkg/test" ) func TestBuilder_generateTypeName(t *testing.T) { diff --git a/pkg/types/comments/comment.go b/pkg/types/comments/comment.go index 341b7321..baaec46e 100644 --- a/pkg/types/comments/comment.go +++ b/pkg/types/comments/comment.go @@ -1,10 +1,14 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package comments import ( "strings" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/types/markers" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/types/markers" ) // Option is a comment option diff --git a/pkg/types/comments/comment_test.go b/pkg/types/comments/comment_test.go index b6589d2d..8050d203 100644 --- a/pkg/types/comments/comment_test.go +++ b/pkg/types/comments/comment_test.go @@ -1,15 +1,19 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package comments import ( "reflect" "testing" - "github.com/crossplane/crossplane-runtime/pkg/test" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/types/markers" "github.com/google/go-cmp/cmp" "github.com/pkg/errors" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/types/markers" + "github.com/crossplane/crossplane-runtime/pkg/test" ) func TestComment_Build(t *testing.T) { diff --git a/pkg/types/conversion/tfjson/tfjson.go b/pkg/types/conversion/tfjson/tfjson.go index 91a8bb63..a8b60102 100644 --- a/pkg/types/conversion/tfjson/tfjson.go +++ b/pkg/types/conversion/tfjson/tfjson.go @@ -1,18 +1,6 @@ -/* - Copyright 2022 Upbound Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package tfjson diff --git a/pkg/types/field.go b/pkg/types/field.go index 16dcf4dd..38529772 100644 --- a/pkg/types/field.go +++ b/pkg/types/field.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package types import ( @@ -8,14 +12,13 @@ import ( "sort" "strings" + "github.com/crossplane/upjet/pkg" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/types/comments" + "github.com/crossplane/upjet/pkg/types/name" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/pkg/errors" "k8s.io/utils/pointer" - - "github.com/upbound/upjet/pkg" - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/types/comments" - "github.com/upbound/upjet/pkg/types/name" ) var parentheses = regexp.MustCompile(`\(([^)]+)\)`) @@ -124,11 +127,11 @@ func NewField(g *Builder, cfg *config.Resource, r *resource, sch *schema.Schema, f.TransformedName = f.Name.LowerCamelComputed // Terraform paths, e.g. { "lifecycle_rule", "*", "transition", "*", "days" } for https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#lifecycle_rule - f.TerraformPaths = append(tfPath, f.Name.Snake) // nolint:gocritic + f.TerraformPaths = append(tfPath, f.Name.Snake) //nolint:gocritic // Crossplane paths, e.g. {"lifecycleRule", "*", "transition", "*", "days"} - f.CRDPaths = append(xpPath, f.Name.LowerCamelComputed) // nolint:gocritic + f.CRDPaths = append(xpPath, f.Name.LowerCamelComputed) //nolint:gocritic // Canonical paths, e.g. {"LifecycleRule", "Transition", "Days"} - f.CanonicalPaths = append(names[1:], f.Name.Camel) // nolint:gocritic + f.CanonicalPaths = append(names[1:], f.Name.Camel) //nolint:gocritic for _, ignoreField := range cfg.LateInitializer.IgnoredFields { // Convert configuration input from Terraform path to canonical path diff --git a/pkg/types/markers/crossplane.go b/pkg/types/markers/crossplane.go index fb2e529c..9c1b1143 100644 --- a/pkg/types/markers/crossplane.go +++ b/pkg/types/markers/crossplane.go @@ -1,9 +1,13 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package markers import ( "fmt" - "github.com/upbound/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/config" ) const ( diff --git a/pkg/types/markers/crossplane_test.go b/pkg/types/markers/crossplane_test.go index 4e7bd5b7..58269280 100644 --- a/pkg/types/markers/crossplane_test.go +++ b/pkg/types/markers/crossplane_test.go @@ -1,11 +1,14 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package markers import ( "testing" + "github.com/crossplane/upjet/pkg/config" "github.com/google/go-cmp/cmp" - - "github.com/upbound/upjet/pkg/config" ) func TestCrossplaneOptions_String(t *testing.T) { diff --git a/pkg/types/markers/kubebuilder.go b/pkg/types/markers/kubebuilder.go index e03f0a3d..6b1c6e15 100644 --- a/pkg/types/markers/kubebuilder.go +++ b/pkg/types/markers/kubebuilder.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package markers import "fmt" diff --git a/pkg/types/markers/kubebuilder_test.go b/pkg/types/markers/kubebuilder_test.go index 305db61a..3229e25a 100644 --- a/pkg/types/markers/kubebuilder_test.go +++ b/pkg/types/markers/kubebuilder_test.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package markers import ( diff --git a/pkg/types/markers/options.go b/pkg/types/markers/options.go index b850498a..fb5e06ae 100644 --- a/pkg/types/markers/options.go +++ b/pkg/types/markers/options.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package markers // Options represents marker options that Upjet need to parse or set. diff --git a/pkg/types/markers/terrajet.go b/pkg/types/markers/terrajet.go index 6738a12a..47af24d0 100644 --- a/pkg/types/markers/terrajet.go +++ b/pkg/types/markers/terrajet.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package markers import ( diff --git a/pkg/types/markers/terrajet_test.go b/pkg/types/markers/terrajet_test.go index a8f0decf..88d526e5 100644 --- a/pkg/types/markers/terrajet_test.go +++ b/pkg/types/markers/terrajet_test.go @@ -1,12 +1,17 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package markers import ( "fmt" "testing" - "github.com/crossplane/crossplane-runtime/pkg/test" "github.com/google/go-cmp/cmp" "github.com/pkg/errors" + + "github.com/crossplane/crossplane-runtime/pkg/test" ) func Test_parseAsUpjetOption(t *testing.T) { diff --git a/pkg/types/name/name.go b/pkg/types/name/name.go index 1e40111c..520f234d 100644 --- a/pkg/types/name/name.go +++ b/pkg/types/name/name.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package name diff --git a/pkg/types/name/name_test.go b/pkg/types/name/name_test.go index 19b0cbcf..82af3c4b 100644 --- a/pkg/types/name/name_test.go +++ b/pkg/types/name/name_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2021 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package name diff --git a/pkg/types/name/reference.go b/pkg/types/name/reference.go index 4e63f3d9..6de6ebf0 100644 --- a/pkg/types/name/reference.go +++ b/pkg/types/name/reference.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package name diff --git a/pkg/types/name/reference_test.go b/pkg/types/name/reference_test.go index f4d45448..16fd19bb 100644 --- a/pkg/types/name/reference_test.go +++ b/pkg/types/name/reference_test.go @@ -1,6 +1,6 @@ -/* -Copyright 2022 Upbound Inc. -*/ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 package name diff --git a/pkg/types/reference.go b/pkg/types/reference.go index 7de9d7f1..8f29229c 100644 --- a/pkg/types/reference.go +++ b/pkg/types/reference.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package types import ( @@ -7,11 +11,10 @@ import ( "reflect" "strings" + "github.com/crossplane/upjet/pkg/types/comments" + "github.com/crossplane/upjet/pkg/types/markers" + "github.com/crossplane/upjet/pkg/types/name" "k8s.io/utils/pointer" - - "github.com/upbound/upjet/pkg/types/comments" - "github.com/upbound/upjet/pkg/types/markers" - "github.com/upbound/upjet/pkg/types/name" ) const ( diff --git a/pkg/types/reference_test.go b/pkg/types/reference_test.go index dcb06028..cf012348 100644 --- a/pkg/types/reference_test.go +++ b/pkg/types/reference_test.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + package types import ( @@ -5,15 +9,14 @@ import ( "go/types" "testing" + "github.com/crossplane/upjet/pkg/config" + "github.com/crossplane/upjet/pkg/types/name" "github.com/google/go-cmp/cmp" twtypes "github.com/muvaf/typewriter/pkg/types" - - "github.com/upbound/upjet/pkg/config" - "github.com/upbound/upjet/pkg/types/name" ) func TestBuilder_generateReferenceFields(t *testing.T) { - tp := types.NewPackage("github.com/upbound/upjet/pkg/types", "tjtypes") + tp := types.NewPackage("github.com/crossplane/upjet/pkg/types", "tjtypes") type args struct { t *types.TypeName @@ -48,8 +51,8 @@ func TestBuilder_generateReferenceFields(t *testing.T) { `json:"testFieldSelector,omitempty" tf:"-"`, }, outComments: twtypes.Comments{ - "github.com/upbound/upjet/pkg/types.Params:TestFieldRef": "// Reference to a testObject to populate testField.\n// +kubebuilder:validation:Optional\n", - "github.com/upbound/upjet/pkg/types.Params:TestFieldSelector": "// Selector for a testObject to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:TestFieldRef": "// Reference to a testObject to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:TestFieldSelector": "// Selector for a testObject to populate testField.\n// +kubebuilder:validation:Optional\n", }, }, }, @@ -73,8 +76,8 @@ func TestBuilder_generateReferenceFields(t *testing.T) { `json:"testFieldSelector,omitempty" tf:"-"`, }, outComments: twtypes.Comments{ - "github.com/upbound/upjet/pkg/types.Params:TestFieldRefs": "// References to testObject to populate testField.\n// +kubebuilder:validation:Optional\n", - "github.com/upbound/upjet/pkg/types.Params:TestFieldSelector": "// Selector for a list of testObject to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:TestFieldRefs": "// References to testObject to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:TestFieldSelector": "// Selector for a list of testObject to populate testField.\n// +kubebuilder:validation:Optional\n", }, }, }, @@ -99,8 +102,8 @@ func TestBuilder_generateReferenceFields(t *testing.T) { `json:"testFieldSelector,omitempty" tf:"-"`, }, outComments: twtypes.Comments{ - "github.com/upbound/upjet/pkg/types.Params:CustomRef": "// Reference to a TestObject to populate testField.\n// +kubebuilder:validation:Optional\n", - "github.com/upbound/upjet/pkg/types.Params:TestFieldSelector": "// Selector for a TestObject to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:CustomRef": "// Reference to a TestObject to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:TestFieldSelector": "// Selector for a TestObject to populate testField.\n// +kubebuilder:validation:Optional\n", }, }, }, @@ -125,8 +128,8 @@ func TestBuilder_generateReferenceFields(t *testing.T) { `json:"customSelector,omitempty" tf:"-"`, }, outComments: twtypes.Comments{ - "github.com/upbound/upjet/pkg/types.Params:TestFieldRef": "// Reference to a TestObject to populate testField.\n// +kubebuilder:validation:Optional\n", - "github.com/upbound/upjet/pkg/types.Params:CustomSelector": "// Selector for a TestObject to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:TestFieldRef": "// Reference to a TestObject to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:CustomSelector": "// Selector for a TestObject to populate testField.\n// +kubebuilder:validation:Optional\n", }, }, }, @@ -150,8 +153,8 @@ func TestBuilder_generateReferenceFields(t *testing.T) { `json:"testFieldSelector,omitempty" tf:"-"`, }, outComments: twtypes.Comments{ - "github.com/upbound/upjet/pkg/types.Params:TestFieldRef": "// Reference to a TestObject in somepackage to populate testField.\n// +kubebuilder:validation:Optional\n", - "github.com/upbound/upjet/pkg/types.Params:TestFieldSelector": "// Selector for a TestObject in somepackage to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:TestFieldRef": "// Reference to a TestObject in somepackage to populate testField.\n// +kubebuilder:validation:Optional\n", + "github.com/crossplane/upjet/pkg/types.Params:TestFieldSelector": "// Selector for a TestObject in somepackage to populate testField.\n// +kubebuilder:validation:Optional\n", }, }, }, diff --git a/pkg/version/version.go b/pkg/version/version.go index 2a9e99b9..a0cc8e09 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + // Package version contains the version of upjet repo package version diff --git a/prettier.config.js b/prettier.config.js new file mode 100644 index 00000000..b2b1c029 --- /dev/null +++ b/prettier.config.js @@ -0,0 +1,19 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors + +// SPDX-License-Identifier: CC0-1.0 + +/** @type {import("prettier").Config} */ +const config = { + overrides: [ + { + files: ['*.md'], + options: { + parser: 'markdown', + editorconfig: true, + proseWrap: 'always', + }, + }, + ], +} + +module.exports = config