Add e2e tests for ProviderConfigs

[erhancagirici]

Description of your changes

Introduces automatede2e tests for provider configs,

provider-aws supports several provider config scenarios such as IRSA, WebIdentity. To test these scenarios, one needs to prepare an testing environment manually, and testing auth methods like IRSA is only possible with an EKS cluster .

The change aims to provide an automated standard testing environment in EKS and conduct e2e tests for several predetermined scenarios. It also provides a base for extending the tests.

For the testing environment and the tests a new configuration package is introduced specifically targeting e2e testing. It introduces a new composite resource xe2etestclusters.platformref.aws.upbound.io, that provisions an IRSA-enabled EKS, deploys crossplane, providers, provider configs, and some built-in testing MRs.

Currently, built-in scenarios include:

• IRSA
• IRSA with a chained role
• Legacy WebIdentity
• WebIdentity with token at filesystem
• WebIdentity with token at filesystem + chained Role
• PodIdentity

Starting with a local crossplane control plane (possibly in a local KinD cluster), when a E2ETestCluster.platformref.aws.upbound.io claim is created, all above will be provisioned and tested. If further tests need to be conducted with different provider configs, one can keep the claim and apply desired provider config and MR manifests to the remote EKS testing cluster, via provider-kubernetes & produced k8s provider config .

See readme at path e2e/providerconfig-aws-e2e-test/README.md further details on Structure & Usage.

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable to ensure this PR is ready for review.
• Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Tested manually and the newly introduced providerconfig-e2e make target.

[mbbush]

I only made it partway through before having to pause my review. So far my comments are mostly just questions or optional suggestions.

[mbbush]

This seems like a name that's longer than necessary to convey the information. How about just e2e/providerconfig

[erhancagirici]

I am fine with the renaming the folder. My reasoning was, since this directory is also an XP configuration package, I just named it the same with the configuration package name.

The reason for this long name for the configuration package is that we could have other testing configuration packages for other providers as well.

[mbbush]

I'm surprised to see this, as I thought there was a difference in crossplane versions >= 1.15.0 related to how it identifies family providers that resulted in the providers we build locally being identified as being from different families, and breaking access to the ProviderConfig and ProviderConfigUsage resources.

Assuming your tests are working, it would be great to figure out what's different about them and the current make e2e config that causes make e2e to fail with crossplane versions >= 1.15.0.

[erhancagirici]

was not aware of such an issue, and not sure if it still exists.
What I did here was that, I disabled dependency resolution while creating the providers in the target EKS cluster, and setting them up manually. Maybe this is the reason?

[mbbush]

Any reason not to entirely exclude .github/**, .work/**, examples/** and examples-generated/**?

[erhancagirici]

The makefile was borrowed from platform-ref-aws configuration as is, can change those, no strong preference regarding exclusions.

[mbbush]

These names are getting confusing. We already have make uptest and make e2e in the root makefile.

[sergenyalcin]

@erhancagirici LGTM. Thank you very much for your great effort in this PR and adding the very critical e2e tests for different type of provider configs.