add clusterauth example with post-assertion check of resulting kubeco…

…nfig

Signed-off-by: Erhan Cagirici <[email protected]>
(cherry picked from commit 2d606db)

examples/eks/v1beta1/cluster.yaml

@@ -23,24 +23,6 @@ spec:
 
 ---
 
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: ClusterAuth
-metadata:
-  name: auth
-  annotations:
-    meta.upbound.io/example-id: eks/v1beta1/cluster
-spec:
-  forProvider:
-    region: us-west-1
-    clusterNameSelector:
-      matchLabels:
-        testing.upbound.io/example-name: example
-  writeConnectionSecretToRef:
-    name: cluster-conn
-    namespace: upbound-system
-
----
-
 apiVersion: iam.aws.upbound.io/v1beta1
 kind: Role
 metadata:

examples/eks/v1beta1/clusterauth.yaml

@@ -0,0 +1,210 @@
+# SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: ClusterAuth
+metadata:
+  name: auth
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+    uptest.upbound.io/post-assert-hook: testhooks/check-clusterauth.sh
+spec:
+  forProvider:
+    region: us-west-1
+    clusterNameSelector:
+      matchLabels:
+        testing.upbound.io/example-name: example-clusterauth
+  writeConnectionSecretToRef:
+    name: sample-eks-cluster-conn
+    namespace: upbound-system
+
+---
+
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: Cluster
+metadata:
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+    uptest.upbound.io/timeout: "2400"
+  name: sample-eks-cluster
+  labels:
+    testing.upbound.io/example-name: example-clusterauth
+spec:
+  forProvider:
+    region: us-west-1
+    roleArnRef:
+      name: sample-eks-cluster
+    vpcConfig:
+      - subnetIdRefs:
+          - name: sample-subnet1
+          - name: sample-subnet2
+
+---
+
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: Role
+metadata:
+  name: sample-eks-cluster
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    assumeRolePolicy: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Principal": {
+              "Service": "eks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+          }
+        ]
+      }
+
+---
+
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+  name: sample-cluster-policy
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
+    roleRef:
+      name: sample-eks-cluster
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+  name: sample-subnet1
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    mapPublicIpOnLaunch: true
+    availabilityZone: us-west-1b
+    vpcIdRef:
+      name: sample-vpc
+    cidrBlock: 172.16.10.0/24
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+  name: sample-subnet2
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    mapPublicIpOnLaunch: true
+    availabilityZone: us-west-1a
+    vpcIdRef:
+      name: sample-vpc
+    cidrBlock: 172.16.11.0/24
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+  name: private-subnet
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    availabilityZone: us-west-1b
+    vpcIdRef:
+      name: sample-vpc
+    cidrBlock: 172.16.12.0/24
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTable
+metadata:
+  name: example
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    tags:
+      Name: example
+    vpcIdRef:
+      name: sample-vpc
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTableAssociation
+metadata:
+  name: example
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    routeTableIdRef:
+      name: example
+    subnetIdRef:
+      name: private-subnet
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: VPC
+metadata:
+  name: sample-vpc
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    enableDnsHostnames: true
+    region: us-west-1
+    cidrBlock: 172.16.0.0/16
+    tags:
+      Name: DemoVpc
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: InternetGateway
+metadata:
+  name: example
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    vpcIdRef:
+      name: sample-vpc
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: DefaultRouteTable
+metadata:
+  name: example
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    defaultRouteTableIdRef:
+      name: sample-vpc
+    region: us-west-1
+    route:
+      - gatewayIdRef:
+          name: example
+        cidrBlock: 0.0.0.0/0

examples/eks/v1beta1/testhooks/check-clusterauth.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -aeuo pipefail
+
+# SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+echo "obtain kubeconfig from ClusterAuth connection secret"
+${KUBECTL} -n upbound-system get secret sample-eks-cluster-conn -o go-template='{{ .data.kubeconfig | base64decode }}' > sampleclusterkube
+echo "checking kubectl version"
+${KUBECTL} --kubeconfig ./sampleclusterkube version
+echo "checking cluster-info"
+${KUBECTL} --kubeconfig ./sampleclusterkube cluster-info
+echo "listing nodes"
+${KUBECTL} --kubeconfig ./sampleclusterkube get nodes
+echo "listing pods"
+${KUBECTL} --kubeconfig ./sampleclusterkube get pods
+