From ceaad3fca7220549c72caa8afa6b6ce624f61dd6 Mon Sep 17 00:00:00 2001 From: svscheg Date: Fri, 7 Jul 2023 17:23:28 +0300 Subject: [PATCH] Fix issue 726: Missing selector in Broker resource for selecting security groups --- apis/mq/v1beta1/zz_broker_types.go | 11 +++ apis/mq/v1beta1/zz_generated.deepcopy.go | 12 ++++ apis/mq/v1beta1/zz_generated.resolvers.go | 16 +++++ config/mq/config.go | 5 ++ examples-generated/mq/broker.yaml | 4 +- examples/mq/broker.yaml | 21 +++++- examples/mq/testhooks/delete-broker.sh | 5 ++ package/crds/mq.aws.upbound.io_brokers.yaml | 77 +++++++++++++++++++++ 8 files changed, 147 insertions(+), 4 deletions(-) create mode 100644 examples/mq/testhooks/delete-broker.sh diff --git a/apis/mq/v1beta1/zz_broker_types.go b/apis/mq/v1beta1/zz_broker_types.go index 5f98b12798..7b30234c9b 100755 --- a/apis/mq/v1beta1/zz_broker_types.go +++ b/apis/mq/v1beta1/zz_broker_types.go @@ -148,7 +148,18 @@ type BrokerParameters struct { // +kubebuilder:validation:Required Region *string `json:"region" tf:"-"` + // References to SecurityGroup in ec2 to populate securityGroups. + // +kubebuilder:validation:Optional + SecurityGroupRefs []v1.Reference `json:"securityGroupRefs,omitempty" tf:"-"` + + // Selector for a list of SecurityGroup in ec2 to populate securityGroups. + // +kubebuilder:validation:Optional + SecurityGroupSelector *v1.Selector `json:"securityGroupSelector,omitempty" tf:"-"` + // List of security group IDs assigned to the broker. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ec2/v1beta1.SecurityGroup + // +crossplane:generate:reference:refFieldName=SecurityGroupRefs + // +crossplane:generate:reference:selectorFieldName=SecurityGroupSelector // +kubebuilder:validation:Optional SecurityGroups []*string `json:"securityGroups,omitempty" tf:"security_groups,omitempty"` diff --git a/apis/mq/v1beta1/zz_generated.deepcopy.go b/apis/mq/v1beta1/zz_generated.deepcopy.go index 04e317cff0..dd5e9c03e9 100644 --- a/apis/mq/v1beta1/zz_generated.deepcopy.go +++ b/apis/mq/v1beta1/zz_generated.deepcopy.go @@ -337,6 +337,18 @@ func (in *BrokerParameters) DeepCopyInto(out *BrokerParameters) { *out = new(string) **out = **in } + if in.SecurityGroupRefs != nil { + in, out := &in.SecurityGroupRefs, &out.SecurityGroupRefs + *out = make([]v1.Reference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SecurityGroupSelector != nil { + in, out := &in.SecurityGroupSelector, &out.SecurityGroupSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.SecurityGroups != nil { in, out := &in.SecurityGroups, &out.SecurityGroups *out = make([]*string, len(*in)) diff --git a/apis/mq/v1beta1/zz_generated.resolvers.go b/apis/mq/v1beta1/zz_generated.resolvers.go index 06eaef1fcf..adc7fc50b9 100644 --- a/apis/mq/v1beta1/zz_generated.resolvers.go +++ b/apis/mq/v1beta1/zz_generated.resolvers.go @@ -40,6 +40,22 @@ func (mg *Broker) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.Configuration[i3].IDRef = rsp.ResolvedReference } + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ + CurrentValues: reference.FromPtrValues(mg.Spec.ForProvider.SecurityGroups), + Extract: reference.ExternalName(), + References: mg.Spec.ForProvider.SecurityGroupRefs, + Selector: mg.Spec.ForProvider.SecurityGroupSelector, + To: reference.To{ + List: &v1beta1.SecurityGroupList{}, + Managed: &v1beta1.SecurityGroup{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SecurityGroups") + } + mg.Spec.ForProvider.SecurityGroups = reference.ToPtrValues(mrsp.ResolvedValues) + mg.Spec.ForProvider.SecurityGroupRefs = mrsp.ResolvedReferences + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ CurrentValues: reference.FromPtrValues(mg.Spec.ForProvider.SubnetIds), Extract: reference.ExternalName(), diff --git a/config/mq/config.go b/config/mq/config.go index 1befc3688d..a7b8f40f6e 100644 --- a/config/mq/config.go +++ b/config/mq/config.go @@ -13,6 +13,11 @@ import ( // Configure adds configurations for rds group. func Configure(p *config.Provider) { p.AddResourceConfigurator("aws_mq_broker", func(r *config.Resource) { + r.References["security_groups"] = config.Reference{ + Type: "github.com/upbound/provider-aws/apis/ec2/v1beta1.SecurityGroup", + RefFieldName: "SecurityGroupRefs", + SelectorFieldName: "SecurityGroupSelector", + } r.UseAsync = true // TODO(aru): looks like currently angryjet cannot handle references // for non-string struct fields. `configuration.revision` is a diff --git a/examples-generated/mq/broker.yaml b/examples-generated/mq/broker.yaml index 41bc7700de..b0a1963630 100644 --- a/examples-generated/mq/broker.yaml +++ b/examples-generated/mq/broker.yaml @@ -18,8 +18,8 @@ spec: engineVersion: 5.15.9 hostInstanceType: mq.t2.micro region: us-west-1 - securityGroups: - - ${aws_security_group.test.id} + securityGroupRefs: + - name: test user: - passwordSecretRef: key: example-key diff --git a/examples/mq/broker.yaml b/examples/mq/broker.yaml index a9eeb40634..c05983043b 100644 --- a/examples/mq/broker.yaml +++ b/examples/mq/broker.yaml @@ -12,6 +12,8 @@ spec: # Details can be found in https://github.com/crossplane/terrajet/issues/280 brokerName: example-broker region: us-west-1 + securityGroupRefs: + - name: example engineType: ActiveMQ engineVersion: 5.15.9 hostInstanceType: mq.t2.micro @@ -21,14 +23,13 @@ spec: name: mq-secret namespace: upbound-system username: admin - --- - apiVersion: v1 kind: Secret metadata: annotations: meta.upbound.io/example-id: mq/v1beta1/broker + uptest.upbound.io/pre-delete-hook: testhooks/delete-broker.sh labels: testing.upbound.io/example-name: mq-secret name: mq-secret @@ -36,3 +37,19 @@ metadata: type: Opaque stringData: password: "Upboundtest!" +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: SecurityGroup +metadata: + annotations: + meta.upbound.io/example-id: ec2/v1beta1/securitygroup + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + region: us-west-1 + description: Allow TLS inbound traffic + name: allow_tls + tags: + Name: allow_tls diff --git a/examples/mq/testhooks/delete-broker.sh b/examples/mq/testhooks/delete-broker.sh new file mode 100644 index 0000000000..b7dfabb11f --- /dev/null +++ b/examples/mq/testhooks/delete-broker.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +set -aeuo pipefail + +# Delete the broker resource before deleting the secret +${KUBECTL} delete broker.mq.aws.upbound.io --all \ No newline at end of file diff --git a/package/crds/mq.aws.upbound.io_brokers.yaml b/package/crds/mq.aws.upbound.io_brokers.yaml index 2c77b22739..5259c94120 100644 --- a/package/crds/mq.aws.upbound.io_brokers.yaml +++ b/package/crds/mq.aws.upbound.io_brokers.yaml @@ -325,6 +325,83 @@ spec: description: Region is the region you'd like your resource to be created in. type: string + securityGroupRefs: + description: References to SecurityGroup in ec2 to populate securityGroups. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution + of this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which + will attempt to resolve the reference only when the + corresponding field is not present. Use 'Always' to + resolve the reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + securityGroupSelector: + description: Selector for a list of SecurityGroup in ec2 to populate + securityGroups. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object securityGroups: description: List of security group IDs assigned to the broker. items: