Merge pull request #779 from svscheg/issue726

Fix issue 726: Missing selector in Broker resource for selecting security groups
crossplane-contrib · Jul 11, 2023 · c00ecd8 · c00ecd8
2 parents f296aa5 + ceaad3f
commit c00ecd8
Show file tree

Hide file tree

Showing 8 changed files with 147 additions and 4 deletions.
diff --git a/apis/mq/v1beta1/zz_broker_types.go b/apis/mq/v1beta1/zz_broker_types.go
diff --git a/apis/mq/v1beta1/zz_generated.deepcopy.go b/apis/mq/v1beta1/zz_generated.deepcopy.go
diff --git a/apis/mq/v1beta1/zz_generated.resolvers.go b/apis/mq/v1beta1/zz_generated.resolvers.go
diff --git a/config/mq/config.go b/config/mq/config.go
@@ -13,6 +13,11 @@ import (
 // Configure adds configurations for rds group.
 func Configure(p *config.Provider) {
 	p.AddResourceConfigurator("aws_mq_broker", func(r *config.Resource) {
+		r.References["security_groups"] = config.Reference{
+			Type:              "github.com/upbound/provider-aws/apis/ec2/v1beta1.SecurityGroup",
+			RefFieldName:      "SecurityGroupRefs",
+			SelectorFieldName: "SecurityGroupSelector",
+		}
 		r.UseAsync = true
 		// TODO(aru): looks like currently angryjet cannot handle references
 		//  for non-string struct fields. `configuration.revision` is a

diff --git a/examples-generated/mq/broker.yaml b/examples-generated/mq/broker.yaml
@@ -18,8 +18,8 @@ spec:
     engineVersion: 5.15.9
     hostInstanceType: mq.t2.micro
     region: us-west-1
-    securityGroups:
-    - ${aws_security_group.test.id}
+    securityGroupRefs:
+    - name: test
     user:
     - passwordSecretRef:
         key: example-key

diff --git a/examples/mq/broker.yaml b/examples/mq/broker.yaml
@@ -12,6 +12,8 @@ spec:
     # Details can be found in https://github.com/crossplane/terrajet/issues/280
     brokerName: example-broker
     region: us-west-1
+    securityGroupRefs:
+    - name: example
     engineType: ActiveMQ
     engineVersion: 5.15.9
     hostInstanceType: mq.t2.micro
@@ -21,18 +23,33 @@ spec:
         name: mq-secret
         namespace: upbound-system
       username: admin
-
 ---
-
 apiVersion: v1
 kind: Secret
 metadata:
   annotations:
     meta.upbound.io/example-id: mq/v1beta1/broker
+    uptest.upbound.io/pre-delete-hook: testhooks/delete-broker.sh
   labels:
     testing.upbound.io/example-name: mq-secret
   name: mq-secret
   namespace: upbound-system
 type: Opaque
 stringData:
   password: "Upboundtest!"
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroup
+metadata:
+  annotations:
+    meta.upbound.io/example-id: ec2/v1beta1/securitygroup
+  labels:
+    testing.upbound.io/example-name: example
+  name: example
+spec:
+  forProvider:
+    region: us-west-1
+    description: Allow TLS inbound traffic
+    name: allow_tls
+    tags:
+      Name: allow_tls
diff --git a/examples/mq/testhooks/delete-broker.sh b/examples/mq/testhooks/delete-broker.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -aeuo pipefail
+
+# Delete the broker resource before deleting the secret
+${KUBECTL} delete broker.mq.aws.upbound.io --all
diff --git a/package/crds/mq.aws.upbound.io_brokers.yaml b/package/crds/mq.aws.upbound.io_brokers.yaml
@@ -325,6 +325,83 @@ spec:
                     description: Region is the region you'd like your resource to
                       be created in.
                     type: string
+                  securityGroupRefs:
+                    description: References to SecurityGroup in ec2 to populate securityGroups.
+                    items:
+                      description: A Reference to a named object.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: Resolution specifies whether resolution
+                                of this reference is required. The default is 'Required',
+                                which means the reconcile will fail if the reference
+                                cannot be resolved. 'Optional' means this reference
+                                will be a no-op if it cannot be resolved.
+                              enum:
+                              - Required
+                              - Optional
+                              type: string
+                            resolve:
+                              description: Resolve specifies when this reference should
+                                be resolved. The default is 'IfNotPresent', which
+                                will attempt to resolve the reference only when the
+                                corresponding field is not present. Use 'Always' to
+                                resolve the reference on every reconcile.
+                              enum:
+                              - Always
+                              - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  securityGroupSelector:
+                    description: Selector for a list of SecurityGroup in ec2 to populate
+                      securityGroups.
+                    properties:
+                      matchControllerRef:
+                        description: MatchControllerRef ensures an object with the
+                          same controller reference as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: Resolution specifies whether resolution of
+                              this reference is required. The default is 'Required',
+                              which means the reconcile will fail if the reference
+                              cannot be resolved. 'Optional' means this reference
+                              will be a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: Resolve specifies when this reference should
+                              be resolved. The default is 'IfNotPresent', which will
+                              attempt to resolve the reference only when the corresponding
+                              field is not present. Use 'Always' to resolve the reference
+                              on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
                   securityGroups:
                     description: List of security group IDs assigned to the broker.
                     items: