From 2bbda4c5bab29a04888a5169a1aa254b493bd9c7 Mon Sep 17 00:00:00 2001
From: Erhan Cagirici <erhan@upbound.io>
Date: Wed, 3 Apr 2024 08:28:24 +0300
Subject: [PATCH 1/4] pin aws-sdk-go-v2 dependency versions for ClusterAuth
 presign breaking change

Signed-off-by: Erhan Cagirici <erhan@upbound.io>
(cherry picked from commit 8732289cb2bfca6a55d97fdf66d2fd58a5177dc9)
---
 go.mod |  7 +++++++
 go.sum | 12 ++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 6b5b9bb4bb..5fda831d08 100644
--- a/go.mod
+++ b/go.mod
@@ -281,3 +281,10 @@ replace golang.org/x/exp => golang.org/x/exp v0.0.0-20231006140011-7918f672742d
 replace github.com/hashicorp/terraform-provider-aws => github.com/upbound/terraform-provider-aws v0.0.0-20240328111213-f2f0fdd63866
 
 replace github.com/hashicorp/terraform-plugin-log => github.com/gdavison/terraform-plugin-log v0.0.0-20230928191232-6c653d8ef8fb
+
+// pin versions for https://github.com/crossplane-contrib/provider-upjet-aws/issues/1248
+replace (
+	github.com/aws/aws-sdk-go-v2 v1.24.1 => github.com/aws/aws-sdk-go-v2 v1.24.0
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 => github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 => github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9
+)
diff --git a/go.sum b/go.sum
index 2f9ce1753d..e780131b39 100644
--- a/go.sum
+++ b/go.sum
@@ -28,8 +28,8 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/aws/aws-sdk-go v1.49.2 h1:+4BEcm1nPCoDbVd+gg8cdxpa1qJfrvnddy12vpEVWjw=
 github.com/aws/aws-sdk-go v1.49.2/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
-github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
-github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
+github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk=
+github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 h1:OCs21ST2LrepDfD3lwlQiOqIGp6JiEUqG84GzTDoyJs=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4/go.mod h1:usURWEKSNNAcAZuzRn/9ZYPT8aZQkR7xcCtunK/LkJo=
 github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o=
@@ -40,10 +40,10 @@ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6Jk
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.7 h1:FnLf60PtjXp8ZOzQfhJVsqF0OtYKQZWQfqOLshh8YXg=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.7/go.mod h1:tDVvl8hyU6E9B8TrnNrZQEVkQlB8hjJwcgpPhgtlnNg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9 h1:ugD6qzjYtB7zM5PN/ZIeaAIyefPaD82G8+SJopgvUpw=

From 572b2c594abfeb2f837336773aae21c0005bb8b8 Mon Sep 17 00:00:00 2001
From: Erhan Cagirici <erhan@upbound.io>
Date: Thu, 4 Apr 2024 10:19:15 +0300
Subject: [PATCH 2/4] add clusterauth example with post-assertion check of
 resulting kubeconfig

Signed-off-by: Erhan Cagirici <erhan@upbound.io>
(cherry picked from commit 2d606db0dffe448de349fc370e357b66ba0291b9)
---
 examples/eks/v1beta1/cluster.yaml             |  18 --
 examples/eks/v1beta1/clusterauth.yaml         | 210 ++++++++++++++++++
 .../v1beta1/testhooks/check-clusterauth.sh    |  18 ++
 3 files changed, 228 insertions(+), 18 deletions(-)
 create mode 100644 examples/eks/v1beta1/clusterauth.yaml
 create mode 100644 examples/eks/v1beta1/testhooks/check-clusterauth.sh

diff --git a/examples/eks/v1beta1/cluster.yaml b/examples/eks/v1beta1/cluster.yaml
index 06a3994e46..0a43585ffa 100644
--- a/examples/eks/v1beta1/cluster.yaml
+++ b/examples/eks/v1beta1/cluster.yaml
@@ -23,24 +23,6 @@ spec:
 
 ---
 
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: ClusterAuth
-metadata:
-  name: auth
-  annotations:
-    meta.upbound.io/example-id: eks/v1beta1/cluster
-spec:
-  forProvider:
-    region: us-west-1
-    clusterNameSelector:
-      matchLabels:
-        testing.upbound.io/example-name: example
-  writeConnectionSecretToRef:
-    name: cluster-conn
-    namespace: upbound-system
-
----
-
 apiVersion: iam.aws.upbound.io/v1beta1
 kind: Role
 metadata:
diff --git a/examples/eks/v1beta1/clusterauth.yaml b/examples/eks/v1beta1/clusterauth.yaml
new file mode 100644
index 0000000000..c2b6c782c5
--- /dev/null
+++ b/examples/eks/v1beta1/clusterauth.yaml
@@ -0,0 +1,210 @@
+# SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: ClusterAuth
+metadata:
+  name: auth
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+    uptest.upbound.io/post-assert-hook: testhooks/check-clusterauth.sh
+spec:
+  forProvider:
+    region: us-west-1
+    clusterNameSelector:
+      matchLabels:
+        testing.upbound.io/example-name: example-clusterauth
+  writeConnectionSecretToRef:
+    name: sample-eks-cluster-conn
+    namespace: upbound-system
+
+---
+
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: Cluster
+metadata:
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+    uptest.upbound.io/timeout: "2400"
+  name: sample-eks-cluster
+  labels:
+    testing.upbound.io/example-name: example-clusterauth
+spec:
+  forProvider:
+    region: us-west-1
+    roleArnRef:
+      name: sample-eks-cluster
+    vpcConfig:
+      - subnetIdRefs:
+          - name: sample-subnet1
+          - name: sample-subnet2
+
+---
+
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: Role
+metadata:
+  name: sample-eks-cluster
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    assumeRolePolicy: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Principal": {
+              "Service": "eks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+          }
+        ]
+      }
+
+---
+
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+  name: sample-cluster-policy
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
+    roleRef:
+      name: sample-eks-cluster
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+  name: sample-subnet1
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    mapPublicIpOnLaunch: true
+    availabilityZone: us-west-1b
+    vpcIdRef:
+      name: sample-vpc
+    cidrBlock: 172.16.10.0/24
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+  name: sample-subnet2
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    mapPublicIpOnLaunch: true
+    availabilityZone: us-west-1a
+    vpcIdRef:
+      name: sample-vpc
+    cidrBlock: 172.16.11.0/24
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+  name: private-subnet
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    availabilityZone: us-west-1b
+    vpcIdRef:
+      name: sample-vpc
+    cidrBlock: 172.16.12.0/24
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTable
+metadata:
+  name: example
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    tags:
+      Name: example
+    vpcIdRef:
+      name: sample-vpc
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: RouteTableAssociation
+metadata:
+  name: example
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    routeTableIdRef:
+      name: example
+    subnetIdRef:
+      name: private-subnet
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: VPC
+metadata:
+  name: sample-vpc
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    enableDnsHostnames: true
+    region: us-west-1
+    cidrBlock: 172.16.0.0/16
+    tags:
+      Name: DemoVpc
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: InternetGateway
+metadata:
+  name: example
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    region: us-west-1
+    vpcIdRef:
+      name: sample-vpc
+
+---
+
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: DefaultRouteTable
+metadata:
+  name: example
+  annotations:
+    meta.upbound.io/example-id: eks/v1beta1/cluster
+spec:
+  forProvider:
+    defaultRouteTableIdRef:
+      name: sample-vpc
+    region: us-west-1
+    route:
+      - gatewayIdRef:
+          name: example
+        cidrBlock: 0.0.0.0/0
diff --git a/examples/eks/v1beta1/testhooks/check-clusterauth.sh b/examples/eks/v1beta1/testhooks/check-clusterauth.sh
new file mode 100644
index 0000000000..65f803e8b9
--- /dev/null
+++ b/examples/eks/v1beta1/testhooks/check-clusterauth.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -aeuo pipefail
+
+# SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+echo "obtain kubeconfig from ClusterAuth connection secret"
+${KUBECTL} -n upbound-system get secret sample-eks-cluster-conn -o go-template='{{ .data.kubeconfig | base64decode }}' > sampleclusterkube
+echo "checking kubectl version"
+${KUBECTL} --kubeconfig ./sampleclusterkube version
+echo "checking cluster-info"
+${KUBECTL} --kubeconfig ./sampleclusterkube cluster-info
+echo "listing nodes"
+${KUBECTL} --kubeconfig ./sampleclusterkube get nodes
+echo "listing pods"
+${KUBECTL} --kubeconfig ./sampleclusterkube get pods
+

From 61eac9c264b4cc69d52e492512a193d9200d9c07 Mon Sep 17 00:00:00 2001
From: Erhan Cagirici <erhan@upbound.io>
Date: Thu, 4 Apr 2024 14:30:34 +0300
Subject: [PATCH 3/4] change chmod for clusterauth post-assert script

Signed-off-by: Erhan Cagirici <erhan@upbound.io>
(cherry picked from commit dd94c3b5e2dd913abe833f17c35d3c50675f9205)
---
 examples/eks/v1beta1/testhooks/check-clusterauth.sh | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 examples/eks/v1beta1/testhooks/check-clusterauth.sh

diff --git a/examples/eks/v1beta1/testhooks/check-clusterauth.sh b/examples/eks/v1beta1/testhooks/check-clusterauth.sh
old mode 100644
new mode 100755

From 6142e96d6cf6a325b52e98505abe04f28df1bfcd Mon Sep 17 00:00:00 2001
From: Erhan Cagirici <erhan@upbound.io>
Date: Thu, 4 Apr 2024 15:27:32 +0300
Subject: [PATCH 4/4] write kubeconfig to /tmp in clusterauth post-assert
 script

Signed-off-by: Erhan Cagirici <erhan@upbound.io>
(cherry picked from commit 7a996b0277f64f5079ba214af5cefdb9831ea8cd)
---
 examples/eks/v1beta1/testhooks/check-clusterauth.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/examples/eks/v1beta1/testhooks/check-clusterauth.sh b/examples/eks/v1beta1/testhooks/check-clusterauth.sh
index 65f803e8b9..9ab6815d45 100755
--- a/examples/eks/v1beta1/testhooks/check-clusterauth.sh
+++ b/examples/eks/v1beta1/testhooks/check-clusterauth.sh
@@ -6,13 +6,13 @@ set -aeuo pipefail
 # SPDX-License-Identifier: CC0-1.0
 
 echo "obtain kubeconfig from ClusterAuth connection secret"
-${KUBECTL} -n upbound-system get secret sample-eks-cluster-conn -o go-template='{{ .data.kubeconfig | base64decode }}' > sampleclusterkube
+${KUBECTL} -n upbound-system get secret sample-eks-cluster-conn -o go-template='{{ .data.kubeconfig | base64decode }}' > /tmp/sampleclusterkube
 echo "checking kubectl version"
-${KUBECTL} --kubeconfig ./sampleclusterkube version
+${KUBECTL} --kubeconfig /tmp/sampleclusterkube version
 echo "checking cluster-info"
-${KUBECTL} --kubeconfig ./sampleclusterkube cluster-info
+${KUBECTL} --kubeconfig /tmp/sampleclusterkube cluster-info
 echo "listing nodes"
-${KUBECTL} --kubeconfig ./sampleclusterkube get nodes
+${KUBECTL} --kubeconfig /tmp/sampleclusterkube get nodes
 echo "listing pods"
-${KUBECTL} --kubeconfig ./sampleclusterkube get pods
+${KUBECTL} --kubeconfig /tmp/sampleclusterkube get pods