From c533abfdde2ef75ae319a64b212bae9612009edb Mon Sep 17 00:00:00 2001 From: Erhan Cagirici Date: Fri, 1 Nov 2024 14:40:56 +0300 Subject: [PATCH] add PodIdentity auth e2e test Signed-off-by: Erhan Cagirici --- Makefile | 8 +- e2e/providerconfig-aws-e2e-test/Makefile | 4 +- e2e/providerconfig-aws-e2e-test/README.md | 21 +- .../apis/e2etestcluster/composition.yaml | 566 ++++++++++++++++++ .../apis/e2etestcluster/definition.yaml | 14 +- .../examples/e2etestcluster-claim.yaml | 3 + 6 files changed, 602 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 72e7e63b35..61b2698f73 100644 --- a/Makefile +++ b/Makefile @@ -259,18 +259,20 @@ uptest: $(UPTEST_LOCAL) $(KUBECTL) $(KUTTL) # to be set. This is used for provisioning the target E2E test environment, # including the EKS cluster and necessary environments. providerconfig-e2e: - $(MAKE) SUBPACKAGES="ec2 rds config" build.all publish + $(MAKE) SUBPACKAGES="ec2 rds kafka config" build.all publish AWS_FAMILY_PACKAGE_IMAGE="$(XPKG_REG_ORGS)/provider-family-aws:$(VERSION)" \ AWS_EC2_PACKAGE_IMAGE="$(XPKG_REG_ORGS)/provider-aws-ec2:$(VERSION)" \ AWS_RDS_PACKAGE_IMAGE="$(XPKG_REG_ORGS)/provider-aws-rds:$(VERSION)" \ - TARGET_CROSSPLANE_VERSION="1.15.2" \ + AWS_KAFKA_PACKAGE_IMAGE="$(XPKG_REG_ORGS)/provider-aws-kafka:$(VERSION)" \ + TARGET_CROSSPLANE_VERSION="1.17.2" \ $(MAKE) -C e2e/providerconfig-aws-e2e-test e2e providerconfig-e2e-nopublish: AWS_FAMILY_PACKAGE_IMAGE="$(XPKG_REG_ORGS)/provider-family-aws:$(VERSION)" \ AWS_EC2_PACKAGE_IMAGE="$(XPKG_REG_ORGS)/provider-aws-ec2:$(VERSION)" \ AWS_RDS_PACKAGE_IMAGE="$(XPKG_REG_ORGS)/provider-aws-rds:$(VERSION)" \ - TARGET_CROSSPLANE_VERSION="1.15.2" \ + AWS_KAFKA_PACKAGE_IMAGE="$(XPKG_REG_ORGS)/provider-aws-kafka:$(VERSION)" \ + TARGET_CROSSPLANE_VERSION="1.17.2" \ $(MAKE) -C e2e/providerconfig-aws-e2e-test e2e uptest-local: diff --git a/e2e/providerconfig-aws-e2e-test/Makefile b/e2e/providerconfig-aws-e2e-test/Makefile index 4f43eb07bc..c55f92751a 100644 --- a/e2e/providerconfig-aws-e2e-test/Makefile +++ b/e2e/providerconfig-aws-e2e-test/Makefile @@ -14,7 +14,7 @@ PLATFORMS ?= linux_amd64 KIND_VERSION = v0.22.0 UP_VERSION = v0.28.0 UP_CHANNEL = stable -UPTEST_VERSION = v0.11.1 +UPTEST_VERSION = v0.13.0 YQ_VERSION = v4.40.5 -include ../../build/makelib/k8s_tools.mk @@ -30,6 +30,7 @@ XPKGS = $(PROJECT_NAME) -include ../../build/makelib/xpkg.mk CROSSPLANE_NAMESPACE = upbound-system +CROSSPLANE_VERSION = 1.17.2 CROSSPLANE_ARGS = "--enable-usages,--debug" -include ../../build/makelib/local.xpkg.mk -include ../../build/makelib/controlplane.mk @@ -83,6 +84,7 @@ uptest-e2e: $(UPTEST) $(KUBECTL) $(KUTTL) $(YQ) @$(YQ) '(.spec.parameters.targetClusterParameters.provider.familyPackage = env(AWS_FAMILY_PACKAGE_IMAGE)) | \ (.spec.parameters.targetClusterParameters.provider.ec2Package = env(AWS_EC2_PACKAGE_IMAGE)) | \ (.spec.parameters.targetClusterParameters.provider.rdsPackage = env(AWS_RDS_PACKAGE_IMAGE)) | \ + (.spec.parameters.targetClusterParameters.provider.kafkaPackage = env(AWS_KAFKA_PACKAGE_IMAGE)) | \ (.spec.parameters.targetClusterParameters.crossplaneVersion = env(TARGET_CROSSPLANE_VERSION)) ' \ package/examples/e2etestcluster-claim.yaml > '_output/e2etestcluster-claim.yaml' if [ -n "${AWS_EKS_IAM_DEFAULT_ADMIN_ROLE}" ]; \ diff --git a/e2e/providerconfig-aws-e2e-test/README.md b/e2e/providerconfig-aws-e2e-test/README.md index 042d1af0a0..61a39e7e4e 100644 --- a/e2e/providerconfig-aws-e2e-test/README.md +++ b/e2e/providerconfig-aws-e2e-test/README.md @@ -54,7 +54,7 @@ spec: parameters: id: aws-pc-e2e-test region: us-west-2 # EKS cluster region - version: "1.28" # EKS cluster k8s version + version: "1.29" # EKS cluster k8s version iam: # replace with your custom roleArn that will administer the EKS cluster: roleArn: "arn:aws:iam::123456789012:role/mydefaulteksadminrole" @@ -82,10 +82,11 @@ spec: namespace: upbound-system targetClusterParameters: # the parameters for the target EKS control plane cluster provider: # provider package urls to be used in testing - familyPackage: "xpkg.upbound.io/upbound/provider-family-aws:v1.3.0" - ec2Package: "xpkg.upbound.io/upbound/provider-aws-ec2:v1.3.0" - rdsPackage: "xpkg.upbound.io/upbound/provider-aws-rds:v1.3.0" - crossplaneVersion: 1.15.2 # the crossplane version to be installed in the testing control plane + familyPackage: "xpkg.upbound.io/upbound/provider-family-aws:v1.16.0" + ec2Package: "xpkg.upbound.io/upbound/provider-aws-ec2:v1.16.0" + rdsPackage: "xpkg.upbound.io/upbound/provider-aws-rds:v1.16.0" + kafkaPackage: "xpkg.upbound.io/upbound/provider-aws-kafka:v1.16.0" + crossplaneVersion: 1.17.2 # the crossplane version to be installed in the testing control plane writeConnectionSecretToRef: name: aws-pc-e2e-test-kubeconfig status: @@ -127,6 +128,7 @@ The make target expects the following environment variables to be set: - `AWS_FAMILY_PACKAGE_IMAGE`: The package URL for `provider-family-aws` - `AWS_EC2_PACKAGE_IMAGE`: The package URL for `provider-aws-ec2` - `AWS_RDS_PACKAGE_IMAGE`: The package URL for `provider-aws-rds` +- `AWS_KAFKA_PACKAGE_IMAGE`: The package URL for `provider-aws-kafka` - `AWS_EKS_IAM_DEFAULT_ADMIN_ROLE`: the ARN of an existing IAM role. This will be assigned as the E2E test EKS cluster default admin - `TARGET_CROSSPLANE_VERSION`: The target crossplane version to be deployed into the testing cluster - `UPTEST_CLOUD_CREDENTIALS`: The AWS credentials for the AWS account that the e2e tests will run on. Should be in the format of AWS CLI INI config. @@ -141,11 +143,12 @@ aws_secret_access_key = your-aws-secret-access-key ``` ```shell -export AWS_FAMILY_PACKAGE_IMAGE="xpkg.upbound.io/upbound/provider-family-aws:1.4.0" -export AWS_EC2_PACKAGE_IMAGE="xpkg.upbound.io/upbound/provider-aws-ec2:1.4.0" -export AWS_RDS_PACKAGE_IMAGE="xpkg.upbound.io/upbound/provider-aws-rds:1.4.0" +export AWS_FAMILY_PACKAGE_IMAGE="xpkg.upbound.io/upbound/provider-family-aws:1.16.0" +export AWS_EC2_PACKAGE_IMAGE="xpkg.upbound.io/upbound/provider-aws-ec2:1.16.0" +export AWS_RDS_PACKAGE_IMAGE="xpkg.upbound.io/upbound/provider-aws-rds:1.16.0" +export AWS_KAFKA_PACKAGE_IMAGE="xpkg.upbound.io/upbound/provider-aws-kafka:1.16.0" export AWS_EKS_IAM_DEFAULT_ADMIN_ROLE="arn:aws:iam::123456789012:role/mydefaulteksadminrole" -export TARGET_CROSSPLANE_VERSION="1.15.2" +export TARGET_CROSSPLANE_VERSION="1.17.2" export UPTEST_CLOUD_CREDENTIALS="$(cat my-aws-creds.txt)" # from repo root make -C e2e/providerconfig-aws-e2e-test e2e diff --git a/e2e/providerconfig-aws-e2e-test/package/apis/e2etestcluster/composition.yaml b/e2e/providerconfig-aws-e2e-test/package/apis/e2etestcluster/composition.yaml index 3b54409f57..fcdf3f6aac 100644 --- a/e2e/providerconfig-aws-e2e-test/package/apis/e2etestcluster/composition.yaml +++ b/e2e/providerconfig-aws-e2e-test/package/apis/e2etestcluster/composition.yaml @@ -97,6 +97,9 @@ spec: - type: FromCompositeFieldPath fromFieldPath: spec.parameters.iam.userArn toFieldPath: spec.parameters.iam.userArn + - type: ToCompositeFieldPath + fromFieldPath: status.eks + toFieldPath: status.eks ### Role and policies for EKS IRSA testing # XIRSA for IRSA-related role configuration @@ -333,6 +336,133 @@ spec: fromFieldPath: Required type: CombineFromComposite + ### PodIdentity testing setup + # EKS pod identity addon + - name: eksPodIdentityAddon + base: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: Addon + metadata: + labels: + component: eks-podidentity-addon + spec: + forProvider: + addonName: eks-pod-identity-agent + clusterName: "to-be-patched" + patches: + - type: FromCompositeFieldPath + fromFieldPath: status.eks.clusterName + toFieldPath: spec.forProvider.clusterName + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.region + toFieldPath: spec.forProvider.region + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + policy: + fromFieldPath: Required + toFieldPath: metadata.name + transforms: + - string: + fmt: '%s-eks-podidentity-addon' + type: Format + type: string + + # IAM role for PodIdentity + - name: podIdentityRole + base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: Role + metadata: + labels: + resource: PodIdentityRole + spec: + forProvider: + assumeRolePolicy: | + { + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Principal":{ + "Service":"pods.eks.amazonaws.com" + }, + "Action":[ + "sts:AssumeRole", + "sts:TagSession" + ] + } + ] + } + inlinePolicy: + - name: kafka-access-test + policy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "kafka:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ] + } + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.deletionPolicy + toFieldPath: spec.deletionPolicy + - fromFieldPath: spec.parameters.id + policy: + fromFieldPath: Required + toFieldPath: metadata.name + type: ToCompositeFieldPath + transforms: + - string: + fmt: '%s-podidentity' + type: Format + type: string + - type: ToCompositeFieldPath + fromFieldPath: status.atProvider.arn + policy: + fromFieldPath: Required + toFieldPath: status.podIdentity.roleArn + + # EKS pod identity association + - name: podIdentityAssociationForEks + base: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: PodIdentityAssociation + metadata: + labels: + component: eks-pod-identity-association + spec: + forProvider: + clusterName: "to-be-patched" + namespace: upbound-system + serviceAccount: my-podidentity-xpsa + roleArnSelector: + matchControllerRef: true + matchLabels: + resource: PodIdentityRole + patches: + - type: FromCompositeFieldPath + fromFieldPath: status.eks.clusterName + toFieldPath: spec.forProvider.clusterName + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + policy: + fromFieldPath: Required + toFieldPath: spec.forProvider.serviceAccount + transforms: + - string: + fmt: '%s-podidentity-xpsa' + type: Format + type: string + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.region + toFieldPath: spec.forProvider.region + ### # Crossplane Helm Deployment - name: CrossplaneDeploy @@ -504,6 +634,67 @@ spec: type: Format type: string + # Deployment Runtime Config with dedicated AWS PodIdentity-configured k8s service account + - name: PodIdentityRuntimeConfig + base: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + metadata: + name: podidentity-runtime-config + labels: + component: podidentity-runtime-config + spec: + deletionPolicy: Delete + forProvider: + manifest: + apiVersion: pkg.crossplane.io/v1beta1 + kind: DeploymentRuntimeConfig + metadata: + name: podidentity-runtime-config + namespace: upbound-system + spec: + serviceAccountTemplate: + metadata: + name: my-podidentity-xpsa + deploymentTemplate: {} + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.deletionPolicy + toFieldPath: spec.deletionPolicy + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.providerConfigRef.name + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + policy: + fromFieldPath: Required + toFieldPath: spec.forProvider.manifest.spec.serviceAccountTemplate.metadata.name + transforms: + - string: + fmt: '%s-podidentity-xpsa' + type: Format + type: string + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.forProvider.manifest.metadata.name + policy: + fromFieldPath: Required + transforms: + - string: + fmt: '%s-podidentity-runtime-config' + type: Format + type: string + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: metadata.name + policy: + fromFieldPath: Required + transforms: + - string: + fmt: '%s-podidentity-runtime-config' + type: Format + type: string + ### PROVIDER DEPLOYMENTS ### # AWS Family provider - name: AWSFamilyProvider @@ -686,6 +877,66 @@ spec: type: Format type: string + # AWS RDS provider - for non-IRSA provider config testing + - name: ProviderAWSKafka + base: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + metadata: + name: aws-provider-kafka + labels: + component: aws-provider-kafka + spec: + readiness: + policy: AllTrue + forProvider: + manifest: + apiVersion: pkg.crossplane.io/v1 + kind: Provider + metadata: + name: provider-aws-kafka + spec: + ignoreCrossplaneConstraints: false + # package: xpkg.upbound.io/upbound/provider-aws-kafka:v1.3.1 + packagePullPolicy: IfNotPresent + revisionActivationPolicy: Automatic + revisionHistoryLimit: 1 + skipDependencyResolution: true + runtimeConfigRef: + name: my-podidentity-runtime-config + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.deletionPolicy + toFieldPath: spec.deletionPolicy + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.providerConfigRef.name + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.targetClusterParameters.provider.kafkaPackage + toFieldPath: spec.forProvider.manifest.spec.package + policy: + fromFieldPath: Required + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: metadata.name + policy: + fromFieldPath: Required + transforms: + - string: + fmt: '%s-provider-aws-kafka' + type: Format + type: string + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.forProvider.manifest.spec.runtimeConfigRef.name + policy: + fromFieldPath: Required + transforms: + - string: + fmt: '%s-podidentity-runtime-config' + type: Format + type: string + ### PROVIDER CONFIGS ### # IRSA-enabled Provider Config - name: IRSAProviderConfig @@ -908,6 +1159,34 @@ spec: fromFieldPath: Required toFieldPath: spec.forProvider.manifest.spec.assumeRoleChain[0].roleARN + # PodIdentity provider config + - name: PodIdentityProviderConfig + base: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + metadata: + name: podidentity-provider-config + labels: + component: aws-podidentity-provider-config + component-type: aws-provider-config + spec: + forProvider: + manifest: + apiVersion: aws.upbound.io/v1beta1 + kind: ProviderConfig + metadata: + name: podidentity-config + spec: + credentials: + source: PodIdentity + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.deletionPolicy + toFieldPath: spec.deletionPolicy + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.providerConfigRef.name + ### DEMO MRs FOR TESTING ### # Demo VPC MR for testing IRSA - name: DemoVPC @@ -1155,6 +1434,57 @@ spec: type: Format type: string + # Demo Kafka Configuration MR for testing PodIdentity + - name: DemoKafkaConfigurationPodIdentity + base: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + metadata: + name: demo-kafkacfg-podidentity-mr + labels: + resource-provider: aws-provider-kafka + component: demo-kafkaconfiguration-podidentity + spec: + readiness: + policy: AllTrue + forProvider: + manifest: + apiVersion: kafka.aws.upbound.io/v1beta1 + kind: Configuration + metadata: + name: sample-kafka-configuration-podidentity + labels: + testing.upbound.io/example-name: example + spec: + providerConfigRef: + name: podidentity-config + forProvider: + region: us-west-2 + name: example-kafkaconfig + kafkaVersions: + - 2.6.0 + serverProperties: | + auto.create.topics.enable = true + delete.topic.enable = true + + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.deletionPolicy + toFieldPath: spec.deletionPolicy + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.providerConfigRef.name + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: metadata.name + policy: + fromFieldPath: Required + transforms: + - string: + fmt: '%s-demo-kafkacfg-podidentity-mr' + type: Format + type: string + #################### ### USAGES ### #################### @@ -1244,6 +1574,50 @@ spec: readinessChecks: - type: None + # PodIdentityAddon uses XEKS + - name: usageXEksByPodIdentityAddon + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: Addon + resourceSelector: + matchControllerRef: true + matchLabels: + component: eks-podidentity-addon + of: + apiVersion: aws.platform.upbound.io/v1alpha1 + kind: XEKS + resourceSelector: + matchControllerRef: true + readinessChecks: + - type: None + + # PodIdentityAssociation uses XEKS + - name: usageXEksByPodIdentityAddon + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: PodIdentityAssociation + resourceSelector: + matchControllerRef: true + matchLabels: + component: eks-pod-identity-association + of: + apiVersion: aws.platform.upbound.io/v1alpha1 + kind: XEKS + resourceSelector: + matchControllerRef: true + readinessChecks: + - type: None + # IRSA Deployment Runtime Config depends on XIRSA - name: usageXIRSAByIRSADeploymentRuntime base: @@ -1292,6 +1666,54 @@ spec: readinessChecks: - type: None + # PodIdentity Deployment Runtime config depends on EKS PodIdentityAssociation + - name: usageCrossplaneByPodIDDeploymentRuntime + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: podidentity-runtime-config + of: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: PodIdentityAssociation + resourceSelector: + matchControllerRef: true + matchLabels: + component: eks-pod-identity-association + readinessChecks: + - type: None + + # PodIdentity Deployment Runtime config depends on EKS PodIdentity Addon + - name: usageCrossplaneByPodIDDeploymentRuntime + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: podidentity-runtime-config + of: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: Addon + resourceSelector: + matchControllerRef: true + matchLabels: + component: eks-podidentity-addon + readinessChecks: + - type: None + # IRSA Deployment Runtime Config depends on Crossplane Deployment - name: usageCrossplaneByDeploymentRuntime base: @@ -1340,6 +1762,30 @@ spec: readinessChecks: - type: None + # PodIdentity Deployment Runtime config depends on Crossplane Deployment + - name: usageCrossplaneByPodIDDeploymentRuntime + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: podidentity-runtime-config + of: + apiVersion: helm.crossplane.io/v1alpha1 + kind: Release + resourceSelector: + matchLabels: + component: crossplane-deployment + matchControllerRef: true + readinessChecks: + - type: None + # AWS Family Provider uses Crossplane Deployment - name: usageCrossplaneByFamilyProvider base: @@ -1440,6 +1886,31 @@ spec: readinessChecks: - type: None + # AWS Kafka Provider depends on PodIdentity Deployment Runtime Config + - name: usageRuntimeConfigByKafkaProvider + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: aws-provider-kafka + of: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: podidentity-runtime-config + + readinessChecks: + - type: None + ### AWS Providers depend on AWS Family Provider # AWS EC2 Provider depends on AWS Family Provider - name: usageFamilyProviderByEC2Provider @@ -1491,6 +1962,31 @@ spec: readinessChecks: - type: None + # AWS Kafka Provider depends on AWS Family Provider + - name: usageFamilyProviderByKafkaProvider + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: aws-provider-kafka + of: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: aws-family-provider + + readinessChecks: + - type: None + #################################################### ### Provider configs depend on AWS Family Provider # #################################################### @@ -1638,6 +2134,30 @@ spec: readinessChecks: - type: None + # PodIdentity provider config depend on Family Provider + - name: usageFamilyProviderByPodIdProviderConfig + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: aws-podidentity-provider-config + of: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: aws-family-provider + readinessChecks: + - type: None + ################# ### MR Usages of Providers ### ################# @@ -1757,6 +2277,29 @@ spec: readinessChecks: - type: None + - name: usageKafkaProviderByKafkaCfgPodIdentityMR + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: demo-kafkaconfiguration-podidentity + of: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: aws-provider-kafka + readinessChecks: + - type: None + ################# ### MR Usages of ProviderConfigs ### ################# @@ -1875,3 +2418,26 @@ spec: component: aws-webidentity-fs-chain-config readinessChecks: - type: None + + - name: usagePodIdentityProviderConfigByKafkaConfigMR + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + replayDeletion: true + by: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: demo-kafkaconfiguration-podidentity + of: + apiVersion: kubernetes.crossplane.io/v1alpha2 + kind: Object + resourceSelector: + matchControllerRef: true + matchLabels: + component: aws-podidentity-provider-config + readinessChecks: + - type: None \ No newline at end of file diff --git a/e2e/providerconfig-aws-e2e-test/package/apis/e2etestcluster/definition.yaml b/e2e/providerconfig-aws-e2e-test/package/apis/e2etestcluster/definition.yaml index 40ab4ad77c..2c0eb56808 100644 --- a/e2e/providerconfig-aws-e2e-test/package/apis/e2etestcluster/definition.yaml +++ b/e2e/providerconfig-aws-e2e-test/package/apis/e2etestcluster/definition.yaml @@ -132,10 +132,14 @@ spec: rdsPackage: type: string description: provider-aws-iam package url to be used + kafkaPackage: + type: string + description: provider-aws-kafka package url to be used required: - familyPackage - ec2Package - rdsPackage + - kafkaPackage crossplaneVersion: type: string description: crossplane version to be deployed on the cluster @@ -160,6 +164,9 @@ spec: type: array items: type: string + eks: + x-kubernetes-preserve-unknown-fields: true + type: object irsa: type: object properties: @@ -181,4 +188,9 @@ spec: chainedRoleARNs: type: array items: - type: string \ No newline at end of file + type: string + podIdentity: + type: object + properties: + roleArn: + type: string diff --git a/e2e/providerconfig-aws-e2e-test/package/examples/e2etestcluster-claim.yaml b/e2e/providerconfig-aws-e2e-test/package/examples/e2etestcluster-claim.yaml index 2cac97cfaa..43d5740c6b 100644 --- a/e2e/providerconfig-aws-e2e-test/package/examples/e2etestcluster-claim.yaml +++ b/e2e/providerconfig-aws-e2e-test/package/examples/e2etestcluster-claim.yaml @@ -39,6 +39,7 @@ spec: familyPackage: "xpkg.upbound.io/upbound/provider-family-aws:v1.3.0" ec2Package: "xpkg.upbound.io/upbound/provider-aws-ec2:v1.3.0" rdsPackage: "xpkg.upbound.io/upbound/provider-aws-rds:v1.3.0" + kafkaPackage: "xpkg.upbound.io/upbound/provider-aws-kafka:v1.3.0" crossplaneVersion: 1.15.2 writeConnectionSecretToRef: name: aws-pc-e2e-test-kubeconfig @@ -51,3 +52,5 @@ status: roleArn: webid-role-arn chainedRoleARNs: - "chained-role-arn" + podIdentity: + roleArn: podidentity-role-arn