From 05fc82bb829af61afdb53a759ef6c0d35f645b17 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Fri, 8 Dec 2023 10:56:31 -0800 Subject: [PATCH] Use testhook to enforce ordered deletion --- config/iot/config.go | 4 ++-- examples/iot/testhooks/delete-topicruledestination.sh | 11 +++++++++++ examples/iot/topicruledestination.yaml | 7 +------ 3 files changed, 14 insertions(+), 8 deletions(-) create mode 100755 examples/iot/testhooks/delete-topicruledestination.sh diff --git a/config/iot/config.go b/config/iot/config.go index 44d8595cca..f21250b36d 100644 --- a/config/iot/config.go +++ b/config/iot/config.go @@ -8,12 +8,12 @@ import ( func Configure(p *config.Provider) { p.AddResourceConfigurator("aws_iot_topic_rule_destination", func(r *config.Resource) { r.References["vpc_configuration.security_groups"] = config.Reference{ - Type: "github.com/upbound/provider-aws/apis/ec2/v1beta1.SecurityGroup", + TerraformName: "aws_security_group", RefFieldName: "SecurityGroupRefs", SelectorFieldName: "SecurityGroupSelector", } r.References["vpc_configuration.subnet_ids"] = config.Reference{ - Type: "github.com/upbound/provider-aws/apis/ec2/v1beta1.Subnet", + TerraformName: "aws_subnet", RefFieldName: "SubnetIDRefs", SelectorFieldName: "SubnetIDSelector", } diff --git a/examples/iot/testhooks/delete-topicruledestination.sh b/examples/iot/testhooks/delete-topicruledestination.sh new file mode 100755 index 0000000000..6ce13e2534 --- /dev/null +++ b/examples/iot/testhooks/delete-topicruledestination.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash +set -aeuo pipefail + +# Note(mbbush): AWS IoT uses the IAM role assigned to the TopicRuleDestination during deletion +# of the TopicRuleDestination to remove the ENIs and other resources it created in the VPC. +# Deletion of the TopicRuleDestination takes several minutes, and if the role is deleted before +# it finishes, then it doesn't have permission to remove the ENIs, so the VPC deletion fails +# because there are still resources left in it. This ordered deletion requirement could be +# encoded in a crossplane Usage resource, but that's still alpha and not readily available +# in the current uptest config. This also solves the problem. +${KUBECTL} delete topicruledestination.iot.aws.upbound.io/iot-topic-rule-destination-example diff --git a/examples/iot/topicruledestination.yaml b/examples/iot/topicruledestination.yaml index a7162f0e2e..119378ca31 100644 --- a/examples/iot/topicruledestination.yaml +++ b/examples/iot/topicruledestination.yaml @@ -29,16 +29,11 @@ kind: Role metadata: annotations: meta.upbound.io/example-id: iot/v1beta1/topicruledestination + uptest.upbound.io/pre-delete-hook: testhooks/delete-topicruledestination.sh labels: testing.upbound.io/example-name: iot-topic-rule-destination name: iot-topic-rule-destination-example spec: - managementPolicies: - - Create - - Update - - Observe - - LateInitialize - # It is necessary to orphan-delete the role so that the TopicRuleDestination has permission to clean up after itself during deletion. forProvider: assumeRolePolicy: | {