From ecf7ae9ad372b96dad94e52f6e7aae9b6db44063 Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Thu, 15 Feb 2024 15:05:13 +0300 Subject: [PATCH] Also honour the WEBHOOK_TLS_CERT_DIR env. variable for finding the Webhook TLS certificate - Crosslane versions before v1.14 mount the Webhook TLS certificate and key at a path other than the current default /tls/certs and make the location available via the environment variable WEBHOOK_TLS_CERT_DIR. Signed-off-by: Alper Rifat Ulucinar --- cmd/provider/accessanalyzer/zz_main.go | 35 ++++++++++++++++++- cmd/provider/account/zz_main.go | 35 ++++++++++++++++++- cmd/provider/acm/zz_main.go | 35 ++++++++++++++++++- cmd/provider/acmpca/zz_main.go | 35 ++++++++++++++++++- cmd/provider/amp/zz_main.go | 35 ++++++++++++++++++- cmd/provider/amplify/zz_main.go | 35 ++++++++++++++++++- cmd/provider/apigateway/zz_main.go | 35 ++++++++++++++++++- cmd/provider/apigatewayv2/zz_main.go | 35 ++++++++++++++++++- cmd/provider/appautoscaling/zz_main.go | 35 ++++++++++++++++++- cmd/provider/appconfig/zz_main.go | 35 ++++++++++++++++++- cmd/provider/appflow/zz_main.go | 35 ++++++++++++++++++- cmd/provider/appintegrations/zz_main.go | 35 ++++++++++++++++++- cmd/provider/applicationinsights/zz_main.go | 35 ++++++++++++++++++- cmd/provider/appmesh/zz_main.go | 35 ++++++++++++++++++- cmd/provider/apprunner/zz_main.go | 35 ++++++++++++++++++- cmd/provider/appstream/zz_main.go | 35 ++++++++++++++++++- cmd/provider/appsync/zz_main.go | 35 ++++++++++++++++++- cmd/provider/athena/zz_main.go | 35 ++++++++++++++++++- cmd/provider/autoscaling/zz_main.go | 35 ++++++++++++++++++- cmd/provider/autoscalingplans/zz_main.go | 35 ++++++++++++++++++- cmd/provider/backup/zz_main.go | 35 ++++++++++++++++++- cmd/provider/batch/zz_main.go | 35 ++++++++++++++++++- cmd/provider/budgets/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ce/zz_main.go | 35 ++++++++++++++++++- cmd/provider/chime/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cloud9/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cloudcontrol/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cloudformation/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cloudfront/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cloudsearch/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cloudtrail/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cloudwatch/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cloudwatchevents/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cloudwatchlogs/zz_main.go | 35 ++++++++++++++++++- cmd/provider/codecommit/zz_main.go | 35 ++++++++++++++++++- cmd/provider/codepipeline/zz_main.go | 35 ++++++++++++++++++- cmd/provider/codestarconnections/zz_main.go | 35 ++++++++++++++++++- cmd/provider/codestarnotifications/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cognitoidentity/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cognitoidp/zz_main.go | 35 ++++++++++++++++++- cmd/provider/config/zz_main.go | 35 ++++++++++++++++++- cmd/provider/configservice/zz_main.go | 35 ++++++++++++++++++- cmd/provider/connect/zz_main.go | 35 ++++++++++++++++++- cmd/provider/cur/zz_main.go | 35 ++++++++++++++++++- cmd/provider/dataexchange/zz_main.go | 35 ++++++++++++++++++- cmd/provider/datapipeline/zz_main.go | 35 ++++++++++++++++++- cmd/provider/datasync/zz_main.go | 35 ++++++++++++++++++- cmd/provider/dax/zz_main.go | 35 ++++++++++++++++++- cmd/provider/deploy/zz_main.go | 35 ++++++++++++++++++- cmd/provider/detective/zz_main.go | 35 ++++++++++++++++++- cmd/provider/devicefarm/zz_main.go | 35 ++++++++++++++++++- cmd/provider/directconnect/zz_main.go | 35 ++++++++++++++++++- cmd/provider/dlm/zz_main.go | 35 ++++++++++++++++++- cmd/provider/dms/zz_main.go | 35 ++++++++++++++++++- cmd/provider/docdb/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ds/zz_main.go | 35 ++++++++++++++++++- cmd/provider/dynamodb/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ec2/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ecr/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ecrpublic/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ecs/zz_main.go | 35 ++++++++++++++++++- cmd/provider/efs/zz_main.go | 35 ++++++++++++++++++- cmd/provider/eks/zz_main.go | 35 ++++++++++++++++++- cmd/provider/elasticache/zz_main.go | 35 ++++++++++++++++++- cmd/provider/elasticbeanstalk/zz_main.go | 35 ++++++++++++++++++- cmd/provider/elasticsearch/zz_main.go | 35 ++++++++++++++++++- cmd/provider/elastictranscoder/zz_main.go | 35 ++++++++++++++++++- cmd/provider/elb/zz_main.go | 35 ++++++++++++++++++- cmd/provider/elbv2/zz_main.go | 35 ++++++++++++++++++- cmd/provider/emr/zz_main.go | 35 ++++++++++++++++++- cmd/provider/emrserverless/zz_main.go | 35 ++++++++++++++++++- cmd/provider/evidently/zz_main.go | 35 ++++++++++++++++++- cmd/provider/firehose/zz_main.go | 35 ++++++++++++++++++- cmd/provider/fis/zz_main.go | 35 ++++++++++++++++++- cmd/provider/fsx/zz_main.go | 35 ++++++++++++++++++- cmd/provider/gamelift/zz_main.go | 35 ++++++++++++++++++- cmd/provider/glacier/zz_main.go | 35 ++++++++++++++++++- cmd/provider/globalaccelerator/zz_main.go | 35 ++++++++++++++++++- cmd/provider/glue/zz_main.go | 35 ++++++++++++++++++- cmd/provider/grafana/zz_main.go | 35 ++++++++++++++++++- cmd/provider/guardduty/zz_main.go | 35 ++++++++++++++++++- cmd/provider/iam/zz_main.go | 35 ++++++++++++++++++- cmd/provider/identitystore/zz_main.go | 35 ++++++++++++++++++- cmd/provider/imagebuilder/zz_main.go | 35 ++++++++++++++++++- cmd/provider/inspector/zz_main.go | 35 ++++++++++++++++++- cmd/provider/inspector2/zz_main.go | 35 ++++++++++++++++++- cmd/provider/iot/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ivs/zz_main.go | 35 ++++++++++++++++++- cmd/provider/kafka/zz_main.go | 35 ++++++++++++++++++- cmd/provider/kendra/zz_main.go | 35 ++++++++++++++++++- cmd/provider/keyspaces/zz_main.go | 35 ++++++++++++++++++- cmd/provider/kinesis/zz_main.go | 35 ++++++++++++++++++- cmd/provider/kinesisanalytics/zz_main.go | 35 ++++++++++++++++++- cmd/provider/kinesisanalyticsv2/zz_main.go | 35 ++++++++++++++++++- cmd/provider/kinesisvideo/zz_main.go | 35 ++++++++++++++++++- cmd/provider/kms/zz_main.go | 35 ++++++++++++++++++- cmd/provider/lakeformation/zz_main.go | 35 ++++++++++++++++++- cmd/provider/lambda/zz_main.go | 35 ++++++++++++++++++- cmd/provider/lexmodels/zz_main.go | 35 ++++++++++++++++++- cmd/provider/licensemanager/zz_main.go | 35 ++++++++++++++++++- cmd/provider/lightsail/zz_main.go | 35 ++++++++++++++++++- cmd/provider/location/zz_main.go | 35 ++++++++++++++++++- cmd/provider/macie2/zz_main.go | 35 ++++++++++++++++++- cmd/provider/mediaconvert/zz_main.go | 35 ++++++++++++++++++- cmd/provider/medialive/zz_main.go | 35 ++++++++++++++++++- cmd/provider/mediapackage/zz_main.go | 35 ++++++++++++++++++- cmd/provider/mediastore/zz_main.go | 35 ++++++++++++++++++- cmd/provider/memorydb/zz_main.go | 35 ++++++++++++++++++- cmd/provider/monolith/zz_main.go | 35 ++++++++++++++++++- cmd/provider/mq/zz_main.go | 35 ++++++++++++++++++- cmd/provider/neptune/zz_main.go | 35 ++++++++++++++++++- cmd/provider/networkfirewall/zz_main.go | 35 ++++++++++++++++++- cmd/provider/networkmanager/zz_main.go | 35 ++++++++++++++++++- cmd/provider/opensearch/zz_main.go | 35 ++++++++++++++++++- cmd/provider/opsworks/zz_main.go | 35 ++++++++++++++++++- cmd/provider/organizations/zz_main.go | 35 ++++++++++++++++++- cmd/provider/pinpoint/zz_main.go | 35 ++++++++++++++++++- cmd/provider/qldb/zz_main.go | 35 ++++++++++++++++++- cmd/provider/quicksight/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ram/zz_main.go | 35 ++++++++++++++++++- cmd/provider/rds/zz_main.go | 35 ++++++++++++++++++- cmd/provider/redshift/zz_main.go | 35 ++++++++++++++++++- cmd/provider/redshiftserverless/zz_main.go | 35 ++++++++++++++++++- cmd/provider/resourcegroups/zz_main.go | 35 ++++++++++++++++++- cmd/provider/rolesanywhere/zz_main.go | 35 ++++++++++++++++++- cmd/provider/route53/zz_main.go | 35 ++++++++++++++++++- .../route53recoverycontrolconfig/zz_main.go | 35 ++++++++++++++++++- .../route53recoveryreadiness/zz_main.go | 35 ++++++++++++++++++- cmd/provider/route53resolver/zz_main.go | 35 ++++++++++++++++++- cmd/provider/rum/zz_main.go | 35 ++++++++++++++++++- cmd/provider/s3/zz_main.go | 35 ++++++++++++++++++- cmd/provider/s3control/zz_main.go | 35 ++++++++++++++++++- cmd/provider/sagemaker/zz_main.go | 35 ++++++++++++++++++- cmd/provider/scheduler/zz_main.go | 35 ++++++++++++++++++- cmd/provider/schemas/zz_main.go | 35 ++++++++++++++++++- cmd/provider/secretsmanager/zz_main.go | 35 ++++++++++++++++++- cmd/provider/securityhub/zz_main.go | 35 ++++++++++++++++++- cmd/provider/serverlessrepo/zz_main.go | 35 ++++++++++++++++++- cmd/provider/servicecatalog/zz_main.go | 35 ++++++++++++++++++- cmd/provider/servicediscovery/zz_main.go | 35 ++++++++++++++++++- cmd/provider/servicequotas/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ses/zz_main.go | 35 ++++++++++++++++++- cmd/provider/sesv2/zz_main.go | 35 ++++++++++++++++++- cmd/provider/sfn/zz_main.go | 35 ++++++++++++++++++- cmd/provider/signer/zz_main.go | 35 ++++++++++++++++++- cmd/provider/simpledb/zz_main.go | 35 ++++++++++++++++++- cmd/provider/sns/zz_main.go | 35 ++++++++++++++++++- cmd/provider/sqs/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ssm/zz_main.go | 35 ++++++++++++++++++- cmd/provider/ssoadmin/zz_main.go | 35 ++++++++++++++++++- cmd/provider/swf/zz_main.go | 35 ++++++++++++++++++- cmd/provider/timestreamwrite/zz_main.go | 35 ++++++++++++++++++- cmd/provider/transcribe/zz_main.go | 35 ++++++++++++++++++- cmd/provider/transfer/zz_main.go | 35 ++++++++++++++++++- cmd/provider/vpc/zz_main.go | 35 ++++++++++++++++++- cmd/provider/waf/zz_main.go | 35 ++++++++++++++++++- cmd/provider/wafregional/zz_main.go | 35 ++++++++++++++++++- cmd/provider/wafv2/zz_main.go | 35 ++++++++++++++++++- cmd/provider/workspaces/zz_main.go | 35 ++++++++++++++++++- cmd/provider/xray/zz_main.go | 35 ++++++++++++++++++- hack/main.go.tmpl | 35 ++++++++++++++++++- 161 files changed, 5474 insertions(+), 161 deletions(-) diff --git a/cmd/provider/accessanalyzer/zz_main.go b/cmd/provider/accessanalyzer/zz_main.go index 72620e8d95..7826c372ba 100644 --- a/cmd/provider/accessanalyzer/zz_main.go +++ b/cmd/provider/accessanalyzer/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-accessanalyzer", diff --git a/cmd/provider/account/zz_main.go b/cmd/provider/account/zz_main.go index e9a54097fd..c2cece68bd 100644 --- a/cmd/provider/account/zz_main.go +++ b/cmd/provider/account/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-account", diff --git a/cmd/provider/acm/zz_main.go b/cmd/provider/acm/zz_main.go index 2c82dfd083..1650af3e6b 100644 --- a/cmd/provider/acm/zz_main.go +++ b/cmd/provider/acm/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-acm", diff --git a/cmd/provider/acmpca/zz_main.go b/cmd/provider/acmpca/zz_main.go index f888afa5b0..55b20109ff 100644 --- a/cmd/provider/acmpca/zz_main.go +++ b/cmd/provider/acmpca/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-acmpca", diff --git a/cmd/provider/amp/zz_main.go b/cmd/provider/amp/zz_main.go index 23905325d8..62e018b1cd 100644 --- a/cmd/provider/amp/zz_main.go +++ b/cmd/provider/amp/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-amp", diff --git a/cmd/provider/amplify/zz_main.go b/cmd/provider/amplify/zz_main.go index 5a8ea150e9..a710bf8703 100644 --- a/cmd/provider/amplify/zz_main.go +++ b/cmd/provider/amplify/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-amplify", diff --git a/cmd/provider/apigateway/zz_main.go b/cmd/provider/apigateway/zz_main.go index cf43bcf3f9..69c5d9b0b6 100644 --- a/cmd/provider/apigateway/zz_main.go +++ b/cmd/provider/apigateway/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-apigateway", diff --git a/cmd/provider/apigatewayv2/zz_main.go b/cmd/provider/apigatewayv2/zz_main.go index c9cc48d75e..2ce38667e9 100644 --- a/cmd/provider/apigatewayv2/zz_main.go +++ b/cmd/provider/apigatewayv2/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-apigatewayv2", diff --git a/cmd/provider/appautoscaling/zz_main.go b/cmd/provider/appautoscaling/zz_main.go index 643cc45360..017afca7c5 100644 --- a/cmd/provider/appautoscaling/zz_main.go +++ b/cmd/provider/appautoscaling/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-appautoscaling", diff --git a/cmd/provider/appconfig/zz_main.go b/cmd/provider/appconfig/zz_main.go index 486a93301a..cde047a3d9 100644 --- a/cmd/provider/appconfig/zz_main.go +++ b/cmd/provider/appconfig/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-appconfig", diff --git a/cmd/provider/appflow/zz_main.go b/cmd/provider/appflow/zz_main.go index 83a69c419c..d3f9cbf814 100644 --- a/cmd/provider/appflow/zz_main.go +++ b/cmd/provider/appflow/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-appflow", diff --git a/cmd/provider/appintegrations/zz_main.go b/cmd/provider/appintegrations/zz_main.go index 0a8d424784..5570dabc83 100644 --- a/cmd/provider/appintegrations/zz_main.go +++ b/cmd/provider/appintegrations/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-appintegrations", diff --git a/cmd/provider/applicationinsights/zz_main.go b/cmd/provider/applicationinsights/zz_main.go index b1cbab5664..9e53e19933 100644 --- a/cmd/provider/applicationinsights/zz_main.go +++ b/cmd/provider/applicationinsights/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-applicationinsights", diff --git a/cmd/provider/appmesh/zz_main.go b/cmd/provider/appmesh/zz_main.go index c0cdfb306c..8e369b6033 100644 --- a/cmd/provider/appmesh/zz_main.go +++ b/cmd/provider/appmesh/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-appmesh", diff --git a/cmd/provider/apprunner/zz_main.go b/cmd/provider/apprunner/zz_main.go index 4bee6cf16a..c0d4857593 100644 --- a/cmd/provider/apprunner/zz_main.go +++ b/cmd/provider/apprunner/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-apprunner", diff --git a/cmd/provider/appstream/zz_main.go b/cmd/provider/appstream/zz_main.go index 17e427c0bc..2271ceaeba 100644 --- a/cmd/provider/appstream/zz_main.go +++ b/cmd/provider/appstream/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-appstream", diff --git a/cmd/provider/appsync/zz_main.go b/cmd/provider/appsync/zz_main.go index d3f7181692..082b72bbb6 100644 --- a/cmd/provider/appsync/zz_main.go +++ b/cmd/provider/appsync/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-appsync", diff --git a/cmd/provider/athena/zz_main.go b/cmd/provider/athena/zz_main.go index 90295976f8..b9905357cb 100644 --- a/cmd/provider/athena/zz_main.go +++ b/cmd/provider/athena/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-athena", diff --git a/cmd/provider/autoscaling/zz_main.go b/cmd/provider/autoscaling/zz_main.go index da969dbb30..b76a63efbf 100644 --- a/cmd/provider/autoscaling/zz_main.go +++ b/cmd/provider/autoscaling/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-autoscaling", diff --git a/cmd/provider/autoscalingplans/zz_main.go b/cmd/provider/autoscalingplans/zz_main.go index e70b7abcae..1d3a67de6e 100644 --- a/cmd/provider/autoscalingplans/zz_main.go +++ b/cmd/provider/autoscalingplans/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-autoscalingplans", diff --git a/cmd/provider/backup/zz_main.go b/cmd/provider/backup/zz_main.go index c81750bd93..5ba336e0d1 100644 --- a/cmd/provider/backup/zz_main.go +++ b/cmd/provider/backup/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-backup", diff --git a/cmd/provider/batch/zz_main.go b/cmd/provider/batch/zz_main.go index ab630f8f7b..5152f47d50 100644 --- a/cmd/provider/batch/zz_main.go +++ b/cmd/provider/batch/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-batch", diff --git a/cmd/provider/budgets/zz_main.go b/cmd/provider/budgets/zz_main.go index f55759f967..b89df3f7a0 100644 --- a/cmd/provider/budgets/zz_main.go +++ b/cmd/provider/budgets/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-budgets", diff --git a/cmd/provider/ce/zz_main.go b/cmd/provider/ce/zz_main.go index 42e503a168..99b7374a8b 100644 --- a/cmd/provider/ce/zz_main.go +++ b/cmd/provider/ce/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ce", diff --git a/cmd/provider/chime/zz_main.go b/cmd/provider/chime/zz_main.go index d406126425..0b81357385 100644 --- a/cmd/provider/chime/zz_main.go +++ b/cmd/provider/chime/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-chime", diff --git a/cmd/provider/cloud9/zz_main.go b/cmd/provider/cloud9/zz_main.go index 9589dfc903..73a3c11062 100644 --- a/cmd/provider/cloud9/zz_main.go +++ b/cmd/provider/cloud9/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cloud9", diff --git a/cmd/provider/cloudcontrol/zz_main.go b/cmd/provider/cloudcontrol/zz_main.go index 26390c3f48..21f18a42a7 100644 --- a/cmd/provider/cloudcontrol/zz_main.go +++ b/cmd/provider/cloudcontrol/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cloudcontrol", diff --git a/cmd/provider/cloudformation/zz_main.go b/cmd/provider/cloudformation/zz_main.go index 94921329d6..3d6c8f4f61 100644 --- a/cmd/provider/cloudformation/zz_main.go +++ b/cmd/provider/cloudformation/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cloudformation", diff --git a/cmd/provider/cloudfront/zz_main.go b/cmd/provider/cloudfront/zz_main.go index ed3f121ce5..1145a35891 100644 --- a/cmd/provider/cloudfront/zz_main.go +++ b/cmd/provider/cloudfront/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cloudfront", diff --git a/cmd/provider/cloudsearch/zz_main.go b/cmd/provider/cloudsearch/zz_main.go index e5813beabe..642215dc71 100644 --- a/cmd/provider/cloudsearch/zz_main.go +++ b/cmd/provider/cloudsearch/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cloudsearch", diff --git a/cmd/provider/cloudtrail/zz_main.go b/cmd/provider/cloudtrail/zz_main.go index 264008a53f..e59b9cb50d 100644 --- a/cmd/provider/cloudtrail/zz_main.go +++ b/cmd/provider/cloudtrail/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cloudtrail", diff --git a/cmd/provider/cloudwatch/zz_main.go b/cmd/provider/cloudwatch/zz_main.go index c118e1939d..fde0cd9edb 100644 --- a/cmd/provider/cloudwatch/zz_main.go +++ b/cmd/provider/cloudwatch/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cloudwatch", diff --git a/cmd/provider/cloudwatchevents/zz_main.go b/cmd/provider/cloudwatchevents/zz_main.go index fc7da32183..c59b138a8a 100644 --- a/cmd/provider/cloudwatchevents/zz_main.go +++ b/cmd/provider/cloudwatchevents/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cloudwatchevents", diff --git a/cmd/provider/cloudwatchlogs/zz_main.go b/cmd/provider/cloudwatchlogs/zz_main.go index f50fdb94a8..a9c7d2ce81 100644 --- a/cmd/provider/cloudwatchlogs/zz_main.go +++ b/cmd/provider/cloudwatchlogs/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cloudwatchlogs", diff --git a/cmd/provider/codecommit/zz_main.go b/cmd/provider/codecommit/zz_main.go index 72fd0e3368..ee3759de77 100644 --- a/cmd/provider/codecommit/zz_main.go +++ b/cmd/provider/codecommit/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-codecommit", diff --git a/cmd/provider/codepipeline/zz_main.go b/cmd/provider/codepipeline/zz_main.go index 916a020539..9e1fa991c2 100644 --- a/cmd/provider/codepipeline/zz_main.go +++ b/cmd/provider/codepipeline/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-codepipeline", diff --git a/cmd/provider/codestarconnections/zz_main.go b/cmd/provider/codestarconnections/zz_main.go index b80c8fd5c9..dbf59b6168 100644 --- a/cmd/provider/codestarconnections/zz_main.go +++ b/cmd/provider/codestarconnections/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-codestarconnections", diff --git a/cmd/provider/codestarnotifications/zz_main.go b/cmd/provider/codestarnotifications/zz_main.go index 5458efe7b7..eff3d11c7b 100644 --- a/cmd/provider/codestarnotifications/zz_main.go +++ b/cmd/provider/codestarnotifications/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-codestarnotifications", diff --git a/cmd/provider/cognitoidentity/zz_main.go b/cmd/provider/cognitoidentity/zz_main.go index 9fccc6b906..6f0b30612c 100644 --- a/cmd/provider/cognitoidentity/zz_main.go +++ b/cmd/provider/cognitoidentity/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cognitoidentity", diff --git a/cmd/provider/cognitoidp/zz_main.go b/cmd/provider/cognitoidp/zz_main.go index c4ed2c0d5a..b3610f33ef 100644 --- a/cmd/provider/cognitoidp/zz_main.go +++ b/cmd/provider/cognitoidp/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cognitoidp", diff --git a/cmd/provider/config/zz_main.go b/cmd/provider/config/zz_main.go index 4aa91aac9d..0739ee3506 100644 --- a/cmd/provider/config/zz_main.go +++ b/cmd/provider/config/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-config", diff --git a/cmd/provider/configservice/zz_main.go b/cmd/provider/configservice/zz_main.go index b7d2ddb9de..fac20d22de 100644 --- a/cmd/provider/configservice/zz_main.go +++ b/cmd/provider/configservice/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-configservice", diff --git a/cmd/provider/connect/zz_main.go b/cmd/provider/connect/zz_main.go index 40c400ed4f..57a533005f 100644 --- a/cmd/provider/connect/zz_main.go +++ b/cmd/provider/connect/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-connect", diff --git a/cmd/provider/cur/zz_main.go b/cmd/provider/cur/zz_main.go index 2d381f40ef..229e4729aa 100644 --- a/cmd/provider/cur/zz_main.go +++ b/cmd/provider/cur/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-cur", diff --git a/cmd/provider/dataexchange/zz_main.go b/cmd/provider/dataexchange/zz_main.go index f31bdc444b..2799ec196c 100644 --- a/cmd/provider/dataexchange/zz_main.go +++ b/cmd/provider/dataexchange/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-dataexchange", diff --git a/cmd/provider/datapipeline/zz_main.go b/cmd/provider/datapipeline/zz_main.go index 51e21eeb07..a52b5ee3ec 100644 --- a/cmd/provider/datapipeline/zz_main.go +++ b/cmd/provider/datapipeline/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-datapipeline", diff --git a/cmd/provider/datasync/zz_main.go b/cmd/provider/datasync/zz_main.go index dcc6f511cc..5d4fff53aa 100644 --- a/cmd/provider/datasync/zz_main.go +++ b/cmd/provider/datasync/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-datasync", diff --git a/cmd/provider/dax/zz_main.go b/cmd/provider/dax/zz_main.go index 7c8fe9ad38..7ef3b534d4 100644 --- a/cmd/provider/dax/zz_main.go +++ b/cmd/provider/dax/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-dax", diff --git a/cmd/provider/deploy/zz_main.go b/cmd/provider/deploy/zz_main.go index 3fcb7ed99c..d6fa93d92b 100644 --- a/cmd/provider/deploy/zz_main.go +++ b/cmd/provider/deploy/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-deploy", diff --git a/cmd/provider/detective/zz_main.go b/cmd/provider/detective/zz_main.go index 52026fefa3..a4d613001d 100644 --- a/cmd/provider/detective/zz_main.go +++ b/cmd/provider/detective/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-detective", diff --git a/cmd/provider/devicefarm/zz_main.go b/cmd/provider/devicefarm/zz_main.go index 24c1361769..3b75431205 100644 --- a/cmd/provider/devicefarm/zz_main.go +++ b/cmd/provider/devicefarm/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-devicefarm", diff --git a/cmd/provider/directconnect/zz_main.go b/cmd/provider/directconnect/zz_main.go index b1c9976d13..b5952363b1 100644 --- a/cmd/provider/directconnect/zz_main.go +++ b/cmd/provider/directconnect/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-directconnect", diff --git a/cmd/provider/dlm/zz_main.go b/cmd/provider/dlm/zz_main.go index d8e08d0484..95c3b7fdf2 100644 --- a/cmd/provider/dlm/zz_main.go +++ b/cmd/provider/dlm/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-dlm", diff --git a/cmd/provider/dms/zz_main.go b/cmd/provider/dms/zz_main.go index 85565fc1df..2b8fba24ba 100644 --- a/cmd/provider/dms/zz_main.go +++ b/cmd/provider/dms/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-dms", diff --git a/cmd/provider/docdb/zz_main.go b/cmd/provider/docdb/zz_main.go index d39265fa56..ee90c4fde7 100644 --- a/cmd/provider/docdb/zz_main.go +++ b/cmd/provider/docdb/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-docdb", diff --git a/cmd/provider/ds/zz_main.go b/cmd/provider/ds/zz_main.go index 0eec10491a..ef775fa90d 100644 --- a/cmd/provider/ds/zz_main.go +++ b/cmd/provider/ds/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ds", diff --git a/cmd/provider/dynamodb/zz_main.go b/cmd/provider/dynamodb/zz_main.go index 85b35b44e6..48bbac37ad 100644 --- a/cmd/provider/dynamodb/zz_main.go +++ b/cmd/provider/dynamodb/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-dynamodb", diff --git a/cmd/provider/ec2/zz_main.go b/cmd/provider/ec2/zz_main.go index b8c189c63a..0ff7c9a6d0 100644 --- a/cmd/provider/ec2/zz_main.go +++ b/cmd/provider/ec2/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ec2", diff --git a/cmd/provider/ecr/zz_main.go b/cmd/provider/ecr/zz_main.go index 43f6ea91d0..20295fef05 100644 --- a/cmd/provider/ecr/zz_main.go +++ b/cmd/provider/ecr/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ecr", diff --git a/cmd/provider/ecrpublic/zz_main.go b/cmd/provider/ecrpublic/zz_main.go index b576d30f6e..da5dd0442c 100644 --- a/cmd/provider/ecrpublic/zz_main.go +++ b/cmd/provider/ecrpublic/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ecrpublic", diff --git a/cmd/provider/ecs/zz_main.go b/cmd/provider/ecs/zz_main.go index 86c41d09ab..6b47178d44 100644 --- a/cmd/provider/ecs/zz_main.go +++ b/cmd/provider/ecs/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ecs", diff --git a/cmd/provider/efs/zz_main.go b/cmd/provider/efs/zz_main.go index 6b537727bb..c571e22378 100644 --- a/cmd/provider/efs/zz_main.go +++ b/cmd/provider/efs/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-efs", diff --git a/cmd/provider/eks/zz_main.go b/cmd/provider/eks/zz_main.go index c06fb1103e..0d809531fc 100644 --- a/cmd/provider/eks/zz_main.go +++ b/cmd/provider/eks/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-eks", diff --git a/cmd/provider/elasticache/zz_main.go b/cmd/provider/elasticache/zz_main.go index 3e1e8ed433..3272ac947f 100644 --- a/cmd/provider/elasticache/zz_main.go +++ b/cmd/provider/elasticache/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-elasticache", diff --git a/cmd/provider/elasticbeanstalk/zz_main.go b/cmd/provider/elasticbeanstalk/zz_main.go index 018e4694a2..88b57b66f6 100644 --- a/cmd/provider/elasticbeanstalk/zz_main.go +++ b/cmd/provider/elasticbeanstalk/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-elasticbeanstalk", diff --git a/cmd/provider/elasticsearch/zz_main.go b/cmd/provider/elasticsearch/zz_main.go index 96cfcf7e93..545cb81788 100644 --- a/cmd/provider/elasticsearch/zz_main.go +++ b/cmd/provider/elasticsearch/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-elasticsearch", diff --git a/cmd/provider/elastictranscoder/zz_main.go b/cmd/provider/elastictranscoder/zz_main.go index 1b29eee6fd..08b56cd0db 100644 --- a/cmd/provider/elastictranscoder/zz_main.go +++ b/cmd/provider/elastictranscoder/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-elastictranscoder", diff --git a/cmd/provider/elb/zz_main.go b/cmd/provider/elb/zz_main.go index 882895713e..0303a75780 100644 --- a/cmd/provider/elb/zz_main.go +++ b/cmd/provider/elb/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-elb", diff --git a/cmd/provider/elbv2/zz_main.go b/cmd/provider/elbv2/zz_main.go index 520208e93d..62c74b6268 100644 --- a/cmd/provider/elbv2/zz_main.go +++ b/cmd/provider/elbv2/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-elbv2", diff --git a/cmd/provider/emr/zz_main.go b/cmd/provider/emr/zz_main.go index cdccda3804..3abfd55e5c 100644 --- a/cmd/provider/emr/zz_main.go +++ b/cmd/provider/emr/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-emr", diff --git a/cmd/provider/emrserverless/zz_main.go b/cmd/provider/emrserverless/zz_main.go index fb3bdaddc3..c27e230ccf 100644 --- a/cmd/provider/emrserverless/zz_main.go +++ b/cmd/provider/emrserverless/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-emrserverless", diff --git a/cmd/provider/evidently/zz_main.go b/cmd/provider/evidently/zz_main.go index 60f60e088e..ad94575b37 100644 --- a/cmd/provider/evidently/zz_main.go +++ b/cmd/provider/evidently/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-evidently", diff --git a/cmd/provider/firehose/zz_main.go b/cmd/provider/firehose/zz_main.go index 42499fed16..9f72f3aacc 100644 --- a/cmd/provider/firehose/zz_main.go +++ b/cmd/provider/firehose/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-firehose", diff --git a/cmd/provider/fis/zz_main.go b/cmd/provider/fis/zz_main.go index d4330a251b..f6fd7c2c8f 100644 --- a/cmd/provider/fis/zz_main.go +++ b/cmd/provider/fis/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-fis", diff --git a/cmd/provider/fsx/zz_main.go b/cmd/provider/fsx/zz_main.go index 9ff5a929d6..a234cda4c9 100644 --- a/cmd/provider/fsx/zz_main.go +++ b/cmd/provider/fsx/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-fsx", diff --git a/cmd/provider/gamelift/zz_main.go b/cmd/provider/gamelift/zz_main.go index 7bc6a4d16d..15be4b1dbb 100644 --- a/cmd/provider/gamelift/zz_main.go +++ b/cmd/provider/gamelift/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-gamelift", diff --git a/cmd/provider/glacier/zz_main.go b/cmd/provider/glacier/zz_main.go index 909aefc134..4e5b46547f 100644 --- a/cmd/provider/glacier/zz_main.go +++ b/cmd/provider/glacier/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-glacier", diff --git a/cmd/provider/globalaccelerator/zz_main.go b/cmd/provider/globalaccelerator/zz_main.go index dd9d534a39..b37c16e41d 100644 --- a/cmd/provider/globalaccelerator/zz_main.go +++ b/cmd/provider/globalaccelerator/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-globalaccelerator", diff --git a/cmd/provider/glue/zz_main.go b/cmd/provider/glue/zz_main.go index b8166eedd2..d839e190dc 100644 --- a/cmd/provider/glue/zz_main.go +++ b/cmd/provider/glue/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-glue", diff --git a/cmd/provider/grafana/zz_main.go b/cmd/provider/grafana/zz_main.go index 368f8b46dc..4802553ea2 100644 --- a/cmd/provider/grafana/zz_main.go +++ b/cmd/provider/grafana/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-grafana", diff --git a/cmd/provider/guardduty/zz_main.go b/cmd/provider/guardduty/zz_main.go index 69f99de07e..637c966864 100644 --- a/cmd/provider/guardduty/zz_main.go +++ b/cmd/provider/guardduty/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-guardduty", diff --git a/cmd/provider/iam/zz_main.go b/cmd/provider/iam/zz_main.go index 7a27054130..041d0a67c4 100644 --- a/cmd/provider/iam/zz_main.go +++ b/cmd/provider/iam/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-iam", diff --git a/cmd/provider/identitystore/zz_main.go b/cmd/provider/identitystore/zz_main.go index aedcaad0aa..6ffef9c75e 100644 --- a/cmd/provider/identitystore/zz_main.go +++ b/cmd/provider/identitystore/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-identitystore", diff --git a/cmd/provider/imagebuilder/zz_main.go b/cmd/provider/imagebuilder/zz_main.go index 1d2d2f8bb4..1666d59703 100644 --- a/cmd/provider/imagebuilder/zz_main.go +++ b/cmd/provider/imagebuilder/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-imagebuilder", diff --git a/cmd/provider/inspector/zz_main.go b/cmd/provider/inspector/zz_main.go index f33bb52205..b61d5dad84 100644 --- a/cmd/provider/inspector/zz_main.go +++ b/cmd/provider/inspector/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-inspector", diff --git a/cmd/provider/inspector2/zz_main.go b/cmd/provider/inspector2/zz_main.go index e01132a840..50eb920b3f 100644 --- a/cmd/provider/inspector2/zz_main.go +++ b/cmd/provider/inspector2/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-inspector2", diff --git a/cmd/provider/iot/zz_main.go b/cmd/provider/iot/zz_main.go index a38d628dc1..539b4ee00a 100644 --- a/cmd/provider/iot/zz_main.go +++ b/cmd/provider/iot/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-iot", diff --git a/cmd/provider/ivs/zz_main.go b/cmd/provider/ivs/zz_main.go index adb0c25eeb..9da0dae4e8 100644 --- a/cmd/provider/ivs/zz_main.go +++ b/cmd/provider/ivs/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ivs", diff --git a/cmd/provider/kafka/zz_main.go b/cmd/provider/kafka/zz_main.go index 0b6e6f63b6..f1b269ba25 100644 --- a/cmd/provider/kafka/zz_main.go +++ b/cmd/provider/kafka/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-kafka", diff --git a/cmd/provider/kendra/zz_main.go b/cmd/provider/kendra/zz_main.go index 7a21e91a89..bcae21cc36 100644 --- a/cmd/provider/kendra/zz_main.go +++ b/cmd/provider/kendra/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-kendra", diff --git a/cmd/provider/keyspaces/zz_main.go b/cmd/provider/keyspaces/zz_main.go index b3b8a8dc93..116902a037 100644 --- a/cmd/provider/keyspaces/zz_main.go +++ b/cmd/provider/keyspaces/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-keyspaces", diff --git a/cmd/provider/kinesis/zz_main.go b/cmd/provider/kinesis/zz_main.go index c91300f487..b65cd009bf 100644 --- a/cmd/provider/kinesis/zz_main.go +++ b/cmd/provider/kinesis/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-kinesis", diff --git a/cmd/provider/kinesisanalytics/zz_main.go b/cmd/provider/kinesisanalytics/zz_main.go index da24c03663..06ee9fe5c1 100644 --- a/cmd/provider/kinesisanalytics/zz_main.go +++ b/cmd/provider/kinesisanalytics/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-kinesisanalytics", diff --git a/cmd/provider/kinesisanalyticsv2/zz_main.go b/cmd/provider/kinesisanalyticsv2/zz_main.go index defabe48ef..b271070bc4 100644 --- a/cmd/provider/kinesisanalyticsv2/zz_main.go +++ b/cmd/provider/kinesisanalyticsv2/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-kinesisanalyticsv2", diff --git a/cmd/provider/kinesisvideo/zz_main.go b/cmd/provider/kinesisvideo/zz_main.go index 7a99fbd90b..5a5a5336d5 100644 --- a/cmd/provider/kinesisvideo/zz_main.go +++ b/cmd/provider/kinesisvideo/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-kinesisvideo", diff --git a/cmd/provider/kms/zz_main.go b/cmd/provider/kms/zz_main.go index 01d3c5eb48..3217892c0d 100644 --- a/cmd/provider/kms/zz_main.go +++ b/cmd/provider/kms/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-kms", diff --git a/cmd/provider/lakeformation/zz_main.go b/cmd/provider/lakeformation/zz_main.go index f7fbc36e94..9f0cfa379f 100644 --- a/cmd/provider/lakeformation/zz_main.go +++ b/cmd/provider/lakeformation/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-lakeformation", diff --git a/cmd/provider/lambda/zz_main.go b/cmd/provider/lambda/zz_main.go index 53473e94b3..4f3661b58b 100644 --- a/cmd/provider/lambda/zz_main.go +++ b/cmd/provider/lambda/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-lambda", diff --git a/cmd/provider/lexmodels/zz_main.go b/cmd/provider/lexmodels/zz_main.go index 5eb4b353c0..66ee9e88ca 100644 --- a/cmd/provider/lexmodels/zz_main.go +++ b/cmd/provider/lexmodels/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-lexmodels", diff --git a/cmd/provider/licensemanager/zz_main.go b/cmd/provider/licensemanager/zz_main.go index 4f266a4ab8..69baaf8a29 100644 --- a/cmd/provider/licensemanager/zz_main.go +++ b/cmd/provider/licensemanager/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-licensemanager", diff --git a/cmd/provider/lightsail/zz_main.go b/cmd/provider/lightsail/zz_main.go index 839a0b4ae7..9bb517a2cb 100644 --- a/cmd/provider/lightsail/zz_main.go +++ b/cmd/provider/lightsail/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-lightsail", diff --git a/cmd/provider/location/zz_main.go b/cmd/provider/location/zz_main.go index 4154719923..91cc91e0e9 100644 --- a/cmd/provider/location/zz_main.go +++ b/cmd/provider/location/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-location", diff --git a/cmd/provider/macie2/zz_main.go b/cmd/provider/macie2/zz_main.go index c9935909ae..9e919e317e 100644 --- a/cmd/provider/macie2/zz_main.go +++ b/cmd/provider/macie2/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-macie2", diff --git a/cmd/provider/mediaconvert/zz_main.go b/cmd/provider/mediaconvert/zz_main.go index a3c47074ed..320aeea7e2 100644 --- a/cmd/provider/mediaconvert/zz_main.go +++ b/cmd/provider/mediaconvert/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-mediaconvert", diff --git a/cmd/provider/medialive/zz_main.go b/cmd/provider/medialive/zz_main.go index 3bf7895f0b..7bc2ac1153 100644 --- a/cmd/provider/medialive/zz_main.go +++ b/cmd/provider/medialive/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-medialive", diff --git a/cmd/provider/mediapackage/zz_main.go b/cmd/provider/mediapackage/zz_main.go index 198c295105..3695cdf6d5 100644 --- a/cmd/provider/mediapackage/zz_main.go +++ b/cmd/provider/mediapackage/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-mediapackage", diff --git a/cmd/provider/mediastore/zz_main.go b/cmd/provider/mediastore/zz_main.go index 13cc306b56..29b19828d8 100644 --- a/cmd/provider/mediastore/zz_main.go +++ b/cmd/provider/mediastore/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-mediastore", diff --git a/cmd/provider/memorydb/zz_main.go b/cmd/provider/memorydb/zz_main.go index 3faacf6e6e..d9fdcbd9ff 100644 --- a/cmd/provider/memorydb/zz_main.go +++ b/cmd/provider/memorydb/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-memorydb", diff --git a/cmd/provider/monolith/zz_main.go b/cmd/provider/monolith/zz_main.go index c43485a478..b918ae5aa3 100644 --- a/cmd/provider/monolith/zz_main.go +++ b/cmd/provider/monolith/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws", diff --git a/cmd/provider/mq/zz_main.go b/cmd/provider/mq/zz_main.go index 257f408e88..e0f3a73f46 100644 --- a/cmd/provider/mq/zz_main.go +++ b/cmd/provider/mq/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-mq", diff --git a/cmd/provider/neptune/zz_main.go b/cmd/provider/neptune/zz_main.go index e347bf0220..88acb4eaaf 100644 --- a/cmd/provider/neptune/zz_main.go +++ b/cmd/provider/neptune/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-neptune", diff --git a/cmd/provider/networkfirewall/zz_main.go b/cmd/provider/networkfirewall/zz_main.go index 0aeb0e9bef..986d94bc1a 100644 --- a/cmd/provider/networkfirewall/zz_main.go +++ b/cmd/provider/networkfirewall/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-networkfirewall", diff --git a/cmd/provider/networkmanager/zz_main.go b/cmd/provider/networkmanager/zz_main.go index 9c472bf952..fda2b39ecc 100644 --- a/cmd/provider/networkmanager/zz_main.go +++ b/cmd/provider/networkmanager/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-networkmanager", diff --git a/cmd/provider/opensearch/zz_main.go b/cmd/provider/opensearch/zz_main.go index d91be04b03..2d99b7e88c 100644 --- a/cmd/provider/opensearch/zz_main.go +++ b/cmd/provider/opensearch/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-opensearch", diff --git a/cmd/provider/opsworks/zz_main.go b/cmd/provider/opsworks/zz_main.go index e31209d706..db2de86c1f 100644 --- a/cmd/provider/opsworks/zz_main.go +++ b/cmd/provider/opsworks/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-opsworks", diff --git a/cmd/provider/organizations/zz_main.go b/cmd/provider/organizations/zz_main.go index 33b0b3bd7b..7f71815107 100644 --- a/cmd/provider/organizations/zz_main.go +++ b/cmd/provider/organizations/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-organizations", diff --git a/cmd/provider/pinpoint/zz_main.go b/cmd/provider/pinpoint/zz_main.go index 00ce94306d..7cb62a7faa 100644 --- a/cmd/provider/pinpoint/zz_main.go +++ b/cmd/provider/pinpoint/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-pinpoint", diff --git a/cmd/provider/qldb/zz_main.go b/cmd/provider/qldb/zz_main.go index f739918b33..eb794ee4e6 100644 --- a/cmd/provider/qldb/zz_main.go +++ b/cmd/provider/qldb/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-qldb", diff --git a/cmd/provider/quicksight/zz_main.go b/cmd/provider/quicksight/zz_main.go index 88234c40cf..222d09180b 100644 --- a/cmd/provider/quicksight/zz_main.go +++ b/cmd/provider/quicksight/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-quicksight", diff --git a/cmd/provider/ram/zz_main.go b/cmd/provider/ram/zz_main.go index f2a8e92236..bb3c3f2c4b 100644 --- a/cmd/provider/ram/zz_main.go +++ b/cmd/provider/ram/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ram", diff --git a/cmd/provider/rds/zz_main.go b/cmd/provider/rds/zz_main.go index d0f61d3605..9f5faa2afa 100644 --- a/cmd/provider/rds/zz_main.go +++ b/cmd/provider/rds/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-rds", diff --git a/cmd/provider/redshift/zz_main.go b/cmd/provider/redshift/zz_main.go index 1b6b8806e0..10970daa23 100644 --- a/cmd/provider/redshift/zz_main.go +++ b/cmd/provider/redshift/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-redshift", diff --git a/cmd/provider/redshiftserverless/zz_main.go b/cmd/provider/redshiftserverless/zz_main.go index ff537a54b7..29edbf52fc 100644 --- a/cmd/provider/redshiftserverless/zz_main.go +++ b/cmd/provider/redshiftserverless/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-redshiftserverless", diff --git a/cmd/provider/resourcegroups/zz_main.go b/cmd/provider/resourcegroups/zz_main.go index 12b720d46e..28fc9288f7 100644 --- a/cmd/provider/resourcegroups/zz_main.go +++ b/cmd/provider/resourcegroups/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-resourcegroups", diff --git a/cmd/provider/rolesanywhere/zz_main.go b/cmd/provider/rolesanywhere/zz_main.go index 872fd19ceb..1b1044ba11 100644 --- a/cmd/provider/rolesanywhere/zz_main.go +++ b/cmd/provider/rolesanywhere/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-rolesanywhere", diff --git a/cmd/provider/route53/zz_main.go b/cmd/provider/route53/zz_main.go index ec99182fd1..4f70f14712 100644 --- a/cmd/provider/route53/zz_main.go +++ b/cmd/provider/route53/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-route53", diff --git a/cmd/provider/route53recoverycontrolconfig/zz_main.go b/cmd/provider/route53recoverycontrolconfig/zz_main.go index 5272a6934b..aa0a36fd43 100644 --- a/cmd/provider/route53recoverycontrolconfig/zz_main.go +++ b/cmd/provider/route53recoverycontrolconfig/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-route53recoverycontrolconfig", diff --git a/cmd/provider/route53recoveryreadiness/zz_main.go b/cmd/provider/route53recoveryreadiness/zz_main.go index 418e1117db..258f70575a 100644 --- a/cmd/provider/route53recoveryreadiness/zz_main.go +++ b/cmd/provider/route53recoveryreadiness/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-route53recoveryreadiness", diff --git a/cmd/provider/route53resolver/zz_main.go b/cmd/provider/route53resolver/zz_main.go index 3b6a29e996..1c608ce5c5 100644 --- a/cmd/provider/route53resolver/zz_main.go +++ b/cmd/provider/route53resolver/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-route53resolver", diff --git a/cmd/provider/rum/zz_main.go b/cmd/provider/rum/zz_main.go index e2fcf88990..3f18ed4cb6 100644 --- a/cmd/provider/rum/zz_main.go +++ b/cmd/provider/rum/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-rum", diff --git a/cmd/provider/s3/zz_main.go b/cmd/provider/s3/zz_main.go index dc27b5a29f..1d1eb17c90 100644 --- a/cmd/provider/s3/zz_main.go +++ b/cmd/provider/s3/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-s3", diff --git a/cmd/provider/s3control/zz_main.go b/cmd/provider/s3control/zz_main.go index 8ebda3b817..dc3607ebdf 100644 --- a/cmd/provider/s3control/zz_main.go +++ b/cmd/provider/s3control/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-s3control", diff --git a/cmd/provider/sagemaker/zz_main.go b/cmd/provider/sagemaker/zz_main.go index b337337f49..ff183065bf 100644 --- a/cmd/provider/sagemaker/zz_main.go +++ b/cmd/provider/sagemaker/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-sagemaker", diff --git a/cmd/provider/scheduler/zz_main.go b/cmd/provider/scheduler/zz_main.go index 0618c378b6..fa6aca3862 100644 --- a/cmd/provider/scheduler/zz_main.go +++ b/cmd/provider/scheduler/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-scheduler", diff --git a/cmd/provider/schemas/zz_main.go b/cmd/provider/schemas/zz_main.go index 301ff09b7a..3284ec9dcc 100644 --- a/cmd/provider/schemas/zz_main.go +++ b/cmd/provider/schemas/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-schemas", diff --git a/cmd/provider/secretsmanager/zz_main.go b/cmd/provider/secretsmanager/zz_main.go index 6566cfe3d0..38eed14038 100644 --- a/cmd/provider/secretsmanager/zz_main.go +++ b/cmd/provider/secretsmanager/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-secretsmanager", diff --git a/cmd/provider/securityhub/zz_main.go b/cmd/provider/securityhub/zz_main.go index d68a6fe6fc..03c17a9572 100644 --- a/cmd/provider/securityhub/zz_main.go +++ b/cmd/provider/securityhub/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-securityhub", diff --git a/cmd/provider/serverlessrepo/zz_main.go b/cmd/provider/serverlessrepo/zz_main.go index f80cd52047..bc5597e6c7 100644 --- a/cmd/provider/serverlessrepo/zz_main.go +++ b/cmd/provider/serverlessrepo/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-serverlessrepo", diff --git a/cmd/provider/servicecatalog/zz_main.go b/cmd/provider/servicecatalog/zz_main.go index e2b343c408..27ba764009 100644 --- a/cmd/provider/servicecatalog/zz_main.go +++ b/cmd/provider/servicecatalog/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-servicecatalog", diff --git a/cmd/provider/servicediscovery/zz_main.go b/cmd/provider/servicediscovery/zz_main.go index 59c37aefbc..700e47993e 100644 --- a/cmd/provider/servicediscovery/zz_main.go +++ b/cmd/provider/servicediscovery/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-servicediscovery", diff --git a/cmd/provider/servicequotas/zz_main.go b/cmd/provider/servicequotas/zz_main.go index afd90aab8f..6fb1313f4d 100644 --- a/cmd/provider/servicequotas/zz_main.go +++ b/cmd/provider/servicequotas/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-servicequotas", diff --git a/cmd/provider/ses/zz_main.go b/cmd/provider/ses/zz_main.go index 27a675135b..120f92221e 100644 --- a/cmd/provider/ses/zz_main.go +++ b/cmd/provider/ses/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ses", diff --git a/cmd/provider/sesv2/zz_main.go b/cmd/provider/sesv2/zz_main.go index da98e2af31..957b36c548 100644 --- a/cmd/provider/sesv2/zz_main.go +++ b/cmd/provider/sesv2/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-sesv2", diff --git a/cmd/provider/sfn/zz_main.go b/cmd/provider/sfn/zz_main.go index bc3f5492fa..6d68bfb78e 100644 --- a/cmd/provider/sfn/zz_main.go +++ b/cmd/provider/sfn/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-sfn", diff --git a/cmd/provider/signer/zz_main.go b/cmd/provider/signer/zz_main.go index f5bd100852..e6b3705185 100644 --- a/cmd/provider/signer/zz_main.go +++ b/cmd/provider/signer/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-signer", diff --git a/cmd/provider/simpledb/zz_main.go b/cmd/provider/simpledb/zz_main.go index 5aeab95bf2..f0772f3c79 100644 --- a/cmd/provider/simpledb/zz_main.go +++ b/cmd/provider/simpledb/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-simpledb", diff --git a/cmd/provider/sns/zz_main.go b/cmd/provider/sns/zz_main.go index c713a02bd6..4ce50d3877 100644 --- a/cmd/provider/sns/zz_main.go +++ b/cmd/provider/sns/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-sns", diff --git a/cmd/provider/sqs/zz_main.go b/cmd/provider/sqs/zz_main.go index 5934026051..8187216503 100644 --- a/cmd/provider/sqs/zz_main.go +++ b/cmd/provider/sqs/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-sqs", diff --git a/cmd/provider/ssm/zz_main.go b/cmd/provider/ssm/zz_main.go index f641eb2a9e..324630b6be 100644 --- a/cmd/provider/ssm/zz_main.go +++ b/cmd/provider/ssm/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ssm", diff --git a/cmd/provider/ssoadmin/zz_main.go b/cmd/provider/ssoadmin/zz_main.go index 3252a868df..be98b604ac 100644 --- a/cmd/provider/ssoadmin/zz_main.go +++ b/cmd/provider/ssoadmin/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-ssoadmin", diff --git a/cmd/provider/swf/zz_main.go b/cmd/provider/swf/zz_main.go index c11d3f1193..f248cc7443 100644 --- a/cmd/provider/swf/zz_main.go +++ b/cmd/provider/swf/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-swf", diff --git a/cmd/provider/timestreamwrite/zz_main.go b/cmd/provider/timestreamwrite/zz_main.go index d04caa98f9..82d5020f33 100644 --- a/cmd/provider/timestreamwrite/zz_main.go +++ b/cmd/provider/timestreamwrite/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-timestreamwrite", diff --git a/cmd/provider/transcribe/zz_main.go b/cmd/provider/transcribe/zz_main.go index 9aaee8d223..33657e81ec 100644 --- a/cmd/provider/transcribe/zz_main.go +++ b/cmd/provider/transcribe/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-transcribe", diff --git a/cmd/provider/transfer/zz_main.go b/cmd/provider/transfer/zz_main.go index ddb3ae3302..cc4293a7ae 100644 --- a/cmd/provider/transfer/zz_main.go +++ b/cmd/provider/transfer/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-transfer", diff --git a/cmd/provider/vpc/zz_main.go b/cmd/provider/vpc/zz_main.go index 59496dbd41..f8694e3512 100644 --- a/cmd/provider/vpc/zz_main.go +++ b/cmd/provider/vpc/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-vpc", diff --git a/cmd/provider/waf/zz_main.go b/cmd/provider/waf/zz_main.go index 2fab051b1d..61ab1d8133 100644 --- a/cmd/provider/waf/zz_main.go +++ b/cmd/provider/waf/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-waf", diff --git a/cmd/provider/wafregional/zz_main.go b/cmd/provider/wafregional/zz_main.go index dc6733f135..ca0322d65f 100644 --- a/cmd/provider/wafregional/zz_main.go +++ b/cmd/provider/wafregional/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-wafregional", diff --git a/cmd/provider/wafv2/zz_main.go b/cmd/provider/wafv2/zz_main.go index 4fc64899be..cb91b1b606 100644 --- a/cmd/provider/wafv2/zz_main.go +++ b/cmd/provider/wafv2/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-wafv2", diff --git a/cmd/provider/workspaces/zz_main.go b/cmd/provider/workspaces/zz_main.go index e1bc7b82f3..26fc9becc1 100644 --- a/cmd/provider/workspaces/zz_main.go +++ b/cmd/provider/workspaces/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-workspaces", diff --git a/cmd/provider/xray/zz_main.go b/cmd/provider/xray/zz_main.go index 81684b7a6a..b8a4a64079 100644 --- a/cmd/provider/xray/zz_main.go +++ b/cmd/provider/xray/zz_main.go @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws-xray", diff --git a/hack/main.go.tmpl b/hack/main.go.tmpl index 7987b5cce5..03b09c92c2 100644 --- a/hack/main.go.tmpl +++ b/hack/main.go.tmpl @@ -38,6 +38,13 @@ import ( "github.com/upbound/provider-aws/internal/features" ) +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + func deprecationAction(flagName string) kingpin.Action { return func(c *kingpin.ParseContext) error { _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) @@ -60,7 +67,11 @@ func main() { essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default("/tls/server").Envar("CERTS_DIR").String() + certsDirSet = false + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() // now deprecated command-line arguments with the Terraform SDK-based upjet architecture _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() @@ -89,6 +100,28 @@ func main() { cfg, err := ctrl.GetConfig() kingpin.FatalIfError(err, "Cannot get API server rest config") + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-aws{{ if ne .Group "monolith" }}-{{ .Group }}{{ end }}",